zeatwork
12th Sep '07 Wed, 21:37
Latest fixes for Symbian Signed web site were put into production last Friday and appear to be working successfully. We have commenced with a restricted Whitelist, i.e. only allowing specific domains. During this week, we will phase in Grey and Black lists on account registration. The policy is:-
-- Whitelisted domains: No restrictions (typically companies with a Publisher ID).
-- Greylisted: any non public email domains with a limit on the number of accounts per domain.
-- Blacklisted: Public email domains and/or domains where there is a history of inappropriate usage.
As part of our new approach and to ensure all developers (even those with a public email domains) can easily develop on Symbian OS with this new policy, we are also updating the Symbian Signed service itself see below.
NEXT STEPS:-
We have learnt a lot of the last few months and genuinely appreciate the patience, support and suggestions we have received from the developer community. As such, in parallel to the web site emergency upgrade, we are well advanced on a new project to support developers further wrt Signing/Certification on Symbian OS. We are proposing to offer the following significant changes sometime in Q4 and would welcome developer feedback to help us to get this right:-
1. A reworked (and simplified) Symbian Signed Test Criteria ("Version 3") will be introduced, I intend to post it to these forums for discussion/feedback from developers later this week.
2. "Open Signed" process with:
2.1 Developer Certificates (allowing signing to occur offline/remotely)
-- Will require a Publisher ID
-- Will require a registered account
-- Will have access to all PlatSec Capabilities (except DRM, ALLFILES, TCB) without a legal agreement.
-- Will require device manufacturer approval for (DRM, ALLFILES, TCB)
-- DevCerts be valid for 36 months
-- DevCerts will continue to be restricted by IMEIs but (IMEI restriction will be increase to 1000)
-- Warning/Notification prompt when installed on device.
2.2 Developers without a Publisher ID:-
-- Will not require a registered account
-- Will require a working/valid email address
-- Will have access to all PlatSec Capabilities; except COMMDD, MULTIMEDIADD,
NETWORKCONTROL, DISKADMIN, DRM, ALLFILES, TCB.
-- Can sign their test applications online only via the portal and only for a single IMEI.
-- Will be restricted to sign against a test UID range (only) and in
some special cases publicly available UIDs (e.g. possibly for freeware)
-- Will be virus scanned and also checked against existing application "signatures".
-- Warning/Notification prompt when installed on device.
[Note: use-cases/requirements in this area are still under discussion]
3. "Express Signed" process with:
-- Publisher ID (only from TC Trustcenter) required.
-- No IMEI restrictions on the signed SIS file
-- Applications are required to comply with Symbian Signed Test Criteria, however they are
signed immediately via www.symbiansigned.com (http://www.symbiansigned.com)
-- Applications are batch tested (1:N) by Test Houses as an audit (i.e. sometime after the signing event)
-- Audit results will be published.
-- Low cost (approx 1/Nth of current test house signing cost)
-- Available for all PlatSec Capabilities; except COMMDD, MULTIMEDIADD, NETWORKCONTROL,
DISKADMIN, DRM, ALLFILES, TCB
-- Will be virus scanned
-- NO Warning/Notification prompt when installed on device.
4. "Certified Signing" process is similar to today's signing process with:
-- Publisher ID required
-- No IMEI restrictions on the signed SIS file.
-- Applications are submitted to independent test house (as per current process) and tested against the
Symbian Signed Test Criteria
-- Additional Test Cases included for common tests as requested/required by other stakeholders
-- REQUIRED for PlatSec Capabilities: COMMDD, MULTIMEDIADD, NETWORKCONTROL,
DISKADMIN, DRM, ALLFILES, TCB
-- Additional Device Manufacturer test process/authorization (Symbian Signed for Nokia,
Symbian Signed for Sony Ericsson etc) is still required only for the
following PlatSec Capabilities; DRM, ALLFILES, TCB
-- Cost is expected to be similar to current costs for independent test house testing.
-- will be virus scanned
-- NO Warning/Notification prompt when installed on device.
(please post all thoughts/discussion/comments ONLY to this thread)
-- Whitelisted domains: No restrictions (typically companies with a Publisher ID).
-- Greylisted: any non public email domains with a limit on the number of accounts per domain.
-- Blacklisted: Public email domains and/or domains where there is a history of inappropriate usage.
As part of our new approach and to ensure all developers (even those with a public email domains) can easily develop on Symbian OS with this new policy, we are also updating the Symbian Signed service itself see below.
NEXT STEPS:-
We have learnt a lot of the last few months and genuinely appreciate the patience, support and suggestions we have received from the developer community. As such, in parallel to the web site emergency upgrade, we are well advanced on a new project to support developers further wrt Signing/Certification on Symbian OS. We are proposing to offer the following significant changes sometime in Q4 and would welcome developer feedback to help us to get this right:-
1. A reworked (and simplified) Symbian Signed Test Criteria ("Version 3") will be introduced, I intend to post it to these forums for discussion/feedback from developers later this week.
2. "Open Signed" process with:
2.1 Developer Certificates (allowing signing to occur offline/remotely)
-- Will require a Publisher ID
-- Will require a registered account
-- Will have access to all PlatSec Capabilities (except DRM, ALLFILES, TCB) without a legal agreement.
-- Will require device manufacturer approval for (DRM, ALLFILES, TCB)
-- DevCerts be valid for 36 months
-- DevCerts will continue to be restricted by IMEIs but (IMEI restriction will be increase to 1000)
-- Warning/Notification prompt when installed on device.
2.2 Developers without a Publisher ID:-
-- Will not require a registered account
-- Will require a working/valid email address
-- Will have access to all PlatSec Capabilities; except COMMDD, MULTIMEDIADD,
NETWORKCONTROL, DISKADMIN, DRM, ALLFILES, TCB.
-- Can sign their test applications online only via the portal and only for a single IMEI.
-- Will be restricted to sign against a test UID range (only) and in
some special cases publicly available UIDs (e.g. possibly for freeware)
-- Will be virus scanned and also checked against existing application "signatures".
-- Warning/Notification prompt when installed on device.
[Note: use-cases/requirements in this area are still under discussion]
3. "Express Signed" process with:
-- Publisher ID (only from TC Trustcenter) required.
-- No IMEI restrictions on the signed SIS file
-- Applications are required to comply with Symbian Signed Test Criteria, however they are
signed immediately via www.symbiansigned.com (http://www.symbiansigned.com)
-- Applications are batch tested (1:N) by Test Houses as an audit (i.e. sometime after the signing event)
-- Audit results will be published.
-- Low cost (approx 1/Nth of current test house signing cost)
-- Available for all PlatSec Capabilities; except COMMDD, MULTIMEDIADD, NETWORKCONTROL,
DISKADMIN, DRM, ALLFILES, TCB
-- Will be virus scanned
-- NO Warning/Notification prompt when installed on device.
4. "Certified Signing" process is similar to today's signing process with:
-- Publisher ID required
-- No IMEI restrictions on the signed SIS file.
-- Applications are submitted to independent test house (as per current process) and tested against the
Symbian Signed Test Criteria
-- Additional Test Cases included for common tests as requested/required by other stakeholders
-- REQUIRED for PlatSec Capabilities: COMMDD, MULTIMEDIADD, NETWORKCONTROL,
DISKADMIN, DRM, ALLFILES, TCB
-- Additional Device Manufacturer test process/authorization (Symbian Signed for Nokia,
Symbian Signed for Sony Ericsson etc) is still required only for the
following PlatSec Capabilities; DRM, ALLFILES, TCB
-- Cost is expected to be similar to current costs for independent test house testing.
-- will be virus scanned
-- NO Warning/Notification prompt when installed on device.
(please post all thoughts/discussion/comments ONLY to this thread)