SWID Tag Signing Guidelines

August 22, 2017
Version 1.0
This document defines guidelines for signing SWID tags in support of the [SWID] standard. The standard states that when digitally signing SWID tags, implementors will follow at a minimum the [XMLDSIG] recommendations, use an enveloped signature, add a timestamp per [W3C-XAdES], and include the public signature for the signing entity.

This document details and builds on those requirements. The guidance drafted herein supports the security and reliability of tag signing. These guidelines are drafted with the needs of implementors in mind and to provide value for all members of the software eco-system (publishers, tools and service providers, and end-users).

Download the document here 


SWID Tag Signing Guidelines 1.21 MB 483 downloads

This is the public release of the SWID Tag Signing Guidelines.  This document is...