This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Project Information:template OpenSign Server Project"
From OWASP
| Line 13: | Line 13: | ||
| style="width:14%; background:#cccccc" align="center"|[https://lists.owasp.org/mailman/listinfo/owasp-opensign-server-project '''Mailing List/Subscribe''']<br>[mailto:[email protected] '''Mailing List/Use'''] | | style="width:14%; background:#cccccc" align="center"|[https://lists.owasp.org/mailman/listinfo/owasp-opensign-server-project '''Mailing List/Subscribe''']<br>[mailto:[email protected] '''Mailing List/Use'''] | ||
| style="width:14%; background:#cccccc" align="center"|First Reviewer<br>[mailto:pierre.parrend(at)insa-lyon.fr '''Pierre Parrend''']<br>[http://www.rzo.free.fr/ Curriculum] | | style="width:14%; background:#cccccc" align="center"|First Reviewer<br>[mailto:pierre.parrend(at)insa-lyon.fr '''Pierre Parrend''']<br>[http://www.rzo.free.fr/ Curriculum] | ||
| − | | style="width:14%; background:#cccccc" align="center"|Second Reviewer<br>[mailto:mark.roxberry(at)owasp.org '''Mark Roxberry''']<br>[http://www.linkedin.com/in/roxberry Profile] | + | | style="width:14%; background:#cccccc" align="center"|Second Reviewer<br>[mailto:mark.roxberry(at)owasp.org '''Mark Roxberry''']<br>[http://www.linkedin.com/in/roxberry Profile] |
| style="width:15%; background:#cccccc" align="center"|OWASP Board Member<br>(if applicable)<br>[mailto:name(at)name '''Name&Email'''] | | style="width:15%; background:#cccccc" align="center"|OWASP Board Member<br>(if applicable)<br>[mailto:name(at)name '''Name&Email'''] | ||
|} | |} | ||
Revision as of 14:51, 8 July 2008
| PROJECT IDENTIFICATION | ||||||
|---|---|---|---|---|---|---|
| Project Name | OWASP OpenSign Server Project (Online code signing and integrity verification service for open source community) | |||||
| Short Project Description | The purpose of this project would be to build and host a feature-rich server and suite of client utilities with adequate secure hardware to ensure the integrity of code modules. - The service will allow all .NET and Java code modules to be uploaded to the service to be signed by a community code signing key. Each community (such as OWASP) will have a key and corresponding Software Publishing Certificate (SPC) which can optionally be embedded in the code module itself. Generally, however, the service is intended for developers and the wider community of concerned users that want to ensure that their downloaded portable executable is exactly what it purports to be. The root key will be stored in an HSM and will sign an SPC from a locally generated key-pair of which the public key will be sent to the service. Key pair generation can be made and submitted using standard .NET delay signing and jar signing tools distributed with the SDKs, however, the project remit will ensure that a client-side graphical tool for each environment is available to generate the keys pairs needed to sign code with and allow submission to the code signing service for signing and generation of SPC by the server's proprietary CA. Anonymity will not be allowed so the project will include a database of users which will be the basis of directory for SPCs. There will be a web and web services interface using an online login and WS-Security respectively which will allow the code to be uploaded on demand and signed by a code signing key with the option to embed the certificate or not. | |||||
| Email Contacts | Project Leader Phil Potisk Richard Conway |
Project Contributors (if applicable) Name&Email |
Mailing List/Subscribe Mailing List/Use |
First Reviewer Pierre Parrend Curriculum |
Second Reviewer Mark Roxberry Profile |
OWASP Board Member (if applicable) Name&Email |
| PROJECT MAIN LINKS | |||||
|---|---|---|---|---|---|
| SPONSORS & GUIDELINES | |||||
|---|---|---|---|---|---|
| Sponsor - OWASP Summer of Code 2008 | Sponsored Project/Guidelines/Roadmap | ||||
| ASSESSMENT AND REVIEW PROCESS | ||||
|---|---|---|---|---|
| Review/Reviewer | Author's Self Evaluation (applicable for Alpha Quality & further) |
First Reviewer (applicable for Alpha Quality & further) |
Second Reviewer (applicable for Beta Quality & further) |
OWASP Board Member (applicable just for Release Quality) |
| 50% Review | Objectives & Deliveries reached? Yes/No (To update) --------- See&Edit:50% Review/Self-Evaluation (A) |
Objectives & Deliveries reached? Yes/No (To update) --------- See&Edit: 50% Review/1st Reviewer (C) |
Objectives & Deliveries reached? Yes/No (To update) --------- See&Edit: 50%Review/2nd Reviewer (E) |
X |
| Final Review | Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Season of Code - (To update) --------- See&Edit: Final Review/SelfEvaluation (B) |
Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Season of Code - (To update) --------- See&Edit: Final Review/1st Reviewer (D) |
Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Season of Code - (To update) --------- See&Edit: Final Review/2nd Reviewer (F) |
X |
