Symbian Developer Network Forums : SITE UPDATE AND LOOKING INTO THE FUTURE ...

Legend
Five stars: 251 - 10000 pts Four stars: 101 - 250 pts Three stars: 51 - 100 pts Two stars: 11 - 50 pts One star: 1 - 10 pts No stars: 0 - 0 pts

	Helpful Answer (1 pts)
	Correct Answer (2 pts)

brucecarney

Posts: 160
Registered: 12/10/06

SITE UPDATE AND LOOKING INTO THE FUTURE OF SYMBIAN SIGNED
Posted: 10-Sep-2007 16:39

Latest fixes for Symbian Signed web site were put into production last Friday and appear to be working successfully. We have commenced with a restricted Whitelist, i.e. only allowing specific domains. During this week, we will phase in Grey and Black lists on account registration. The policy is:-

      -- Whitelisted domains: No restrictions (typically companies with a Publisher ID).
      -- Greylisted: any non public email domains with a limit on the number of accounts per domain.
      -- Blacklisted: Public email domains and/or domains where there is a history of inappropriate usage.

As part of our new approach and to ensure all developers (even those with a public email domains) can easily develop on Symbian OS with this new policy, we are also updating the Symbian Signed service itself see below.

NEXT STEPS:-

We have learnt a lot of the last few months and genuinely appreciate the patience, support and suggestions we have received from the developer community. As such, in parallel to the web site emergency upgrade, we are well advanced on a new project to support developers further wrt Signing/Certification on Symbian OS. We are proposing to offer the following significant changes sometime in Q4 and would welcome developer feedback to help us to get this right:-

1. A reworked (and simplified) Symbian Signed Test Criteria ("Version 3") will be introduced, I intend to post it to these forums for discussion/feedback from developers later this week.

2. "Open Signed" process with:

2.1 Developer Certificates (allowing signing to occur offline/remotely)
       -- Will require a Publisher ID
       -- Will require a registered account
       -- Will have access to all PlatSec Capabilities (except DRM, ALLFILES, TCB) without a legal agreement.
       -- Will require device manufacturer approval for (DRM, ALLFILES, TCB)
       -- DevCerts be valid for 36 months
       -- DevCerts will continue to be restricted by IMEIs but (IMEI restriction will be increase to 1000)
       -- Warning/Notification prompt when installed on device.

2.2 Developers without a Publisher ID:-
       -- Will not require a registered account
       -- Will require a working/valid email address
       -- Will have access to all PlatSec Capabilities; except COMMDD, MULTIMEDIADD,
                          NETWORKCONTROL, DISKADMIN, DRM, ALLFILES, TCB.
       -- Can sign their test applications online only via the portal and only for a single IMEI.
       -- Will be restricted to sign against a test UID range (only) and in
                          some special cases publicly available UIDs (e.g. possibly for freeware)
       -- Will be virus scanned and also checked against existing application "signatures".
       -- Warning/Notification prompt when installed on device.

[Note: use-cases/requirements in this area are still under discussion]

3. "Express Signed" process with:

       -- Publisher ID (only from TC Trustcenter) required.
       -- No IMEI restrictions on the signed SIS file
       -- Applications are required to comply with Symbian Signed Test Criteria, however they are
                   signed immediately via www.symbiansigned.com
       -- Applications are batch tested (1:N) by Test Houses as an audit (i.e. sometime after the signing event)
       -- Audit results will be published.
       -- Low cost (approx 1/Nth of current test house signing cost)
       -- Available for all PlatSec Capabilities; except COMMDD, MULTIMEDIADD, NETWORKCONTROL,
   DISKADMIN, DRM, ALLFILES, TCB
       -- Will be virus scanned
       -- NO Warning/Notification prompt when installed on device.

4. "Certified Signing" process is similar to today's signing process with:

       -- Publisher ID required
       -- No IMEI restrictions on the signed SIS file.
       -- Applications are submitted to independent test house (as per current process) and tested against the
                            Symbian Signed Test Criteria
       -- Additional Test Cases included for common tests as requested/required by other stakeholders
       -- REQUIRED for PlatSec Capabilities: COMMDD, MULTIMEDIADD, NETWORKCONTROL,
                               DISKADMIN, DRM, ALLFILES, TCB
       -- Additional Device Manufacturer test process/authorization (Symbian Signed for Nokia,
                               Symbian Signed for Sony Ericsson etc) is still required only for the
                                following PlatSec Capabilities; DRM, ALLFILES, TCB
       -- Cost is expected to be similar to current costs for independent test house testing.
       -- will be virus scanned
       -- NO Warning/Notification prompt when installed on device.

(please post all thoughts/discussion/comments ONLY to this thread)

mikebrock

Posts: 51
Registered: 19/10/06

Re: SITE UPDATE AND LOOKING INTO THE FUTURE OF SYMBIAN SIGNED
Posted: 10-Sep-2007 17:50

in response to: brucecarney

Reply

From my perspective this looks very good.

One question: We have a publisher id from Verisign, which expires next April. To use the Express signing before April would we need to buy a Trustcenter publisher id? I ask because you say the "only from TC Trustcenter" in the Express section.

Obviosuly we'd prefer to use the current certificate for its full life rather than wasting half of it. We've already seen the price halve shortly after we bought it. But even if we do need to buy a new publisher id, Express signing will still be a big step forward for us and we'll be saving money - or at least able to make updates much more regularly.

A second question: how much paperwork / how many submission forms will be needed for the express sign? The current submission process takes quite a while, it is 10 or so pages, especially as the zip is only checked / can be rejected at the end forcing you to go back and repeat several steps. I ask because I guess the randomly submitted applications will need all that information, or could it be requested once the app has been selected?

brucecarney

Posts: 160
Registered: 12/10/06

Express Signed requirement for a Publisher ID from TrustCenter
Posted: 10-Sep-2007 18:11

in response to: mikebrock

Reply

Mike,

>>>>>>>>>>>
Onequestion: We have a publisher id from Verisign, which expires nextApril. To use the Express signing before April would we need to buy aTrustcenter publisher id? I ask because you say the "only from TCTrustcenter" in the Express section.
<<<<<<<<<<<

Due to a back-end technical integration architecture, there is definitely a requirement to use a TC Trustcenter Publisher ID for Express Signed, which will cause a small amount of pain for developers in situations such as yours

.

However, in terms of cost, we expect that comparing to current test costs, the price of the TC TrustCenter Publisher ID would be re-couped within the first test round using "Express Signed".

>>>>>>>>>>>>
A secondquestion: how much paperwork / how many submission forms will be neededfor the express sign? The current submission process takes quite awhile, it is 10 or so pages, especially as the zip is only checked /can be rejected at the end forcing you to go back and repeat severalsteps. I ask because I guess the randomly submitted applications willneed all that information, or could it be requested once the app hasbeen selected?
<<<<<<<<<<<<

At a minimum the current workflow needs to be improved, but beyond that this is a topic that is being hotly debated. There is a view that declarative statements add value by collecting information and making developers think, then there is a view that they are unnecessary admin....final conclusion still to be determined.

mikebrock

Posts: 51
Registered: 19/10/06

Re: Express Signed requirement for a Publisher ID from TrustCenter
Posted: 10-Sep-2007 19:04

in response to: brucecarney

Reply

BruceCarney wrote:

At a minimum the current workflow needs to be improved, but beyond that this is a topic that is being hotly debated. There is a view that declarative statements add value by collecting information and making developers think, then there is a view that they are unnecessary admin....final conclusion still to be determined.

I anticipate signing my applications more regularly, because we'll make more frequent updates and bug-fixes. So being able to re-submit an application with just minor updates and minimal form filling would be beneficial. First time round we'd have put the effort in, but to make a simple change we would not as we could re-use most of the previous application.

(For example, we are about to release some additional languages but were intending to use an embedded SIS approach which would appear as "unsigned" to the user. But with express signing we would just sign. The paperwork/froms will be absolutely identical because nothing that they ask about has changed.)

bbj

Posts: 44
Registered: 25/10/06

Re: SITE UPDATE AND LOOKING INTO THE FUTURE OF SYMBIAN SIGNED
Posted: 10-Sep-2007 19:38

in response to: brucecarney

Reply

What happens when one of the Express Certified apps gets audited + fails ?
Does it depend on the severity of the failure ? - e.g. blatant disregard of a test criteria, compared to say slight difference in interpretation of exactly what text is required for say a Privacy Statement dlg.

How is the distribution of a failed app to be stopped ?. If its not this would appear to devalue the whole process since 'signed apps' that dont meet the test criteria are still distributed along with those that do under the 'signed' umbrella.

How would apps that are Certified Signed differ from apps that are Express Signed, if at all ?. If none, what rationale would there be to get an app Certified Signed compared to Express Signed (assuming none of the system capabilities are required) - presumably you wouldnt ?

brucecarney

Posts: 160
Registered: 12/10/06

Re: SITE UPDATE AND LOOKING INTO THE FUTURE OF SYMBIAN SIGNED
Posted: 10-Sep-2007 19:56

in response to: bbj

Reply

>>>>>>>>>
What happens when one of the Express Certified apps gets audited + fails ?
Does it depend on the severity of the failure ? - e.g. blatant disregard ofa test criteria, compared to say slight difference in interpretation of exactly what text is required for say a Privacy Statement dlg.
<<<<<<<<<

We think publication of test results is sufficient for majority of developers to comply. The intent is not to stop small, accidental indiscretions.

Blatant and or persistent disregard is more straightforward, the Publisher ID could be revoked and/or developer suspended from being allowed to be "Express Signed" in the future. This seems like a good incentive to comply?

>>>>>>>>>
Howi s the distribution of a failed app to be stopped ?. If its not this would appear to devalue the whole process since 'signed apps' that dont meet the test criteria are still distributed along with those that do under the 'signed' umbrella.
<<<<<<<<<

In a worst case the app could be revoked, but is not the primary intent. The developer can be identified (by the Publisher ID) so there is a degree of trust that it is also in the developers interest to maintain their own reputation.

All the feedback we have received is that testing puts Symbian Signed on every developers critical path. So this is an attempt to find a middle ground where the biggest incentive to comply is the risk of being excluded from the "Express Signed" process in the longer term.

>>>>>>>>>
How would apps that are CertifiedSigned differ from apps that are Express Signed, if at all ?. If none,what rationale would there be to get an app Certified Signed comparedto Express Signed (assuming none of the system capabilities arerequired) - presumably you wouldnt ?
<<<<<<<<<

Express Signed will be suitable for most developers. Certified Signed is required for any developer/application
-- that doesn't fit into Express Signed (for whatever reason)
-- Uses the PlatSec Capabilities: CommDD, MultimediaDD, NetworkControl, DiskAdmin, AllFiles, TCB, DRM
-- may be mandated by the route to market (e.g. by a software distributor). However this decision would be between the developer and the channel

antonypranata

Posts: 26
Registered: 05/02/07

Re: SITE UPDATE AND LOOKING INTO THE FUTURE OF SYMBIAN SIGNED
Posted: 10-Sep-2007 21:35

in response to: brucecarney

Reply

How about freeware and open source signing?

Antony

brucecarney

Posts: 160
Registered: 12/10/06

Freeware Open Source Software
Posted: 10-Sep-2007 22:28

in response to: antonypranata

Reply

I outlined some of the fundamental issues with FOSS in this post (yesterday) http://developer.symbian.com/forum/message.jspa?messageID=60807&tstart=0

1. "Express Signed" will make it significantly cheaper to sign every application (around $20), so our ideal scenario is that with much lower cost, there is more incentive for publishers, sponsors and/or other community organizations to sign FOSS on behalf of developers they trust.

2. Another possibility is that the FOSS community would create their own org to do this on behalf of their own community members. Sander Van Der Waal presents some useful ideas in this post http://developer.symbian.com/forum/message.jspa?messageID=60838&tstart=0 . This approach is something we are open to discussing further and may help with the biggest issue at the moment which is trust/identity associated with the Publisher ID.

3. "Open Signed" will make it easier for individuals to have control to sign applications for their own phone, such as open source, but we also needs to find a solid approach to managing such that it does not aid crackerz and/or commercial developers avoiding using a Publisher ID. (we are working through use-cases of this approach at the moment, so ideas/suggestions are welcome)

4. Until developers there is a suitable alternate approach we will continue with existing (but acknowledge that developers consider it sub optimal) "Freeware Signing" process.

s271

Posts: 10
Registered: 05/08/07

Re: SITE UPDATE AND LOOKING INTO THE FUTURE OF SYMBIAN SIGNED
Posted: 11-Sep-2007 06:00

in response to: brucecarney

Reply

Express signing:
only from TC Trustcenter

Will free certificate (level 1) from TC be enough for express signing ?

storsjo

Posts: 20
Registered: 13/08/07

Re: SITE UPDATE AND LOOKING INTO THE FUTURE OF SYMBIAN SIGNED
Posted: 11-Sep-2007 06:23

in response to: brucecarney

Reply

This looks interesting, partly at least.

However, what occurs to me as downsides compared to the current situation, from my point of view (writing freeware/opensource apps), is:

Is offline developer certificates only available to persons with a publisher ID? If I'd have to sign packages online during development, it will definitively slow down the development process. The current system is quite fine in this regard; the people actually doing development can register and create real developer certificates. The possibility to let the end users get the file signed without registration looks good, though. But leaving this open still keeps the problem of people registering to get a "real" developer certificate for signing cracked software...

The express signing looks quite good, but I still don't think I would want to pay fees for releasing new versions of apps. And that would still require a publisher ID, which I don't want to pay for just for doing spare-time opensource development.

// Martin

Sander van der ...

Re: SITE UPDATE AND LOOKING INTO THE FUTURE OF SYMBIAN SIGNED
Posted: 11-Sep-2007 07:04

in response to: brucecarney

Reply

<BruceCarney> wrote in message news:60853@live-web...

[knip]

2.1 Developer Certificates (allowing signing to occur offline/remotely)
-- Will require a Publisher ID
-- Will require a registered account
-- Will have access to all PlatSec Capabilities (except DRM,
ALLFILES, TCB) without a legal agreement.
-- Will require device manufacturer approval for (DRM, ALLFILES, TCB)
-- DevCerts be valid for 36 months
-- DevCerts will continue to be restricted by IMEIs but (IMEI
restriction will be increase to 1000)
-- Warning/Notification prompt when installed on device.

2.2 Developers without a Publisher ID:-
-- Will not require a registered account
-- Will require a working/valid email address
-- Will have access to all PlatSec Capabilities; except COMMDD,
MULTIMEDIADD,
NETWORKCONTROL, DISKADMIN, DRM, ALLFILES, TCB.
-- Can sign their test applications online only via the portal and
only for a single IMEI.
-- Will be restricted to sign against a test UID range (only) and in
some special cases publicly available UIDs (e.g.
possibly for freeware)
-- Will be virus scanned and also checked against existing
application "signatures".
-- Warning/Notification prompt when installed on device.

[Note: use-cases/requirements in this area are still under discussion]

I would suggest that *all* DevCerts must be checked against registered UID's
for the submitting developer. If somebody buys an ACS, he can still
distribute cracked apps, and recoup his money by asking a small fee. Witness
the post of Paolo on monday 10 sept.

<<<<<<

3. "Express Signed" process with:

-- Publisher ID (only from TC Trustcenter) required.
-- No IMEI restrictions on the signed SIS file
-- Applications are required to comply with Symbian Signed Test
Criteria, however they are
signed immediately via www.symbiansigned.com
-- Applications are batch tested (1:N) by Test Houses as an audit
(i.e. sometime after the signing event)
-- Audit results will be published.
-- Low cost (approx 1/Nth of current test house signing cost)
-- Available for all PlatSec Capabilities; except COMMDD,
MULTIMEDIADD, NETWORKCONTROL,
DISKADMIN, DRM, ALLFILES, TCB
-- Will be virus scanned
-- NO Warning/Notification prompt when installed on device.

Excellent.

<<<<

4. "Certified Signing" process is similar to today's signing process with:

-- Publisher ID required
-- No IMEI restrictions on the signed SIS file.
-- Applications are submitted to independent test house (as per
current process) and tested against the
Symbian Signed Test Criteria
-- Additional Test Cases included for common tests as
requested/required by other stakeholders
-- REQUIRED for PlatSec Capabilities: COMMDD, MULTIMEDIADD,
NETWORKCONTROL,
DISKADMIN, DRM, ALLFILES, TCB
-- Additional Device Manufacturer test process/authorization (Symbian
Signed for Nokia,
Symbian Signed for Sony Ericsson etc) is
still required only for the
following PlatSec Capabilities; DRM,
ALLFILES, TCB
-- Cost is expected to be similar to current costs for independent
test house testing.
-- will be virus scanned
-- NO Warning/Notification prompt when installed on device.

(please post all thoughts/discussion/comments ONLY to this thread)

I suspect that self-signing is now obsolete?

This is excellent news for the developer community. Thanks a lot.

--
Sander van der Wal
www.mBrainSoftware.com

mikebrock

Posts: 51
Registered: 19/10/06

Re: SITE UPDATE AND LOOKING INTO THE FUTURE OF SYMBIAN SIGNED
Posted: 11-Sep-2007 09:09

in response to: brucecarney

Reply

>>>>>>>>>
What happens when one of the Express Certified apps gets audited + fails ?
Does it depend on the severity of the failure ? - e.g. blatant disregard ofa test criteria, compared to say slight difference in interpretation of exactly what text is required for say a Privacy Statement dlg.
<<<<<<<<<

>>>>
We think publication of test results is sufficient for majority of developers to comply. The intent is not to stop small, accidental indiscretions.
<<<<

How detailed will the published test results be and where will they be published? For example, I had an app fail because I had not listed the camera in the privacy statement. I would hate to be publicly marked as a shoddy developer for that, especially as I'd followed the test criteria's best practice notes to the letter. The publication would need to be clear what had failed and give the developer a right to reply. Though I guess public reports cannot be detailed for all apps, as some are only for an organisation's internal use.

brucecarney

Posts: 160
Registered: 12/10/06

Class 3 Publisher ID is required.
Posted: 11-Sep-2007 11:54

in response to: s271

Reply

No, a Class 3 Publisher ID is required. This is a requirement driven by the mobile industry.

s271

Posts: 10
Registered: 05/08/07

Re: Class 3 Publisher ID is required.
Posted: 12-Sep-2007 06:26

in response to: brucecarney

Reply

Ok, if level 3 Publisher ID is inevitable evil, the only solution is to lower certification cost. I don't think freeware author, making project in his/her spare time agree to pay 200$ for certificate. Especially if consider that most of developers have no more then one hobby/FOSS/community project. If certification would be 10$ per release instead of 200$ per year, with minimum paperwork it may work. Though I'm not sure even about it. Many developers would feel offended if forced to pay for donating their efforts. That is most likely the reason SS have little or no no communication with FSF and FOSS community.

hamishw

Posts: 2,286
Registered: 11/10/06

Re: Class 3 Publisher ID is required.
Posted: 12-Sep-2007 06:51

in response to: s271

Reply

Signing with a level 3 publisher ID is inevitable if the application is to be signed, but the ownership of this by the developer is not. If you read above Bruce Carney's posting 10-Sep-2007 21:28

"
2. Another possibility is that the FOSS community would create their own org to do this on behalf of their own community members. Sander Van Der Waal presents some useful ideas in this post http://developer.symbian.com/forum/message.jspa?messageID=60838&tstart=0 . This approach is something we are open to discussing further and may help with the biggest issue at the moment which is trust/identity associated with the Publisher ID.

"

So in this case the cost would be cost of signing and whatever the FOSS community required to keep itself running - and the certificate would belong to the organisation.

Bruce also suggests
"

3. "Open Signed" will make it easier for individuals to have control to sign applications for their own phone, such as open source, but we also needs to find a solid approach to managing such that it does not aid crackerz and/or commercial developers avoiding using a Publisher ID. (we are working through use-cases of this approach at the moment, so ideas/suggestions are welcome)

"

This would have no cost and would not require a publisher ID - the signing would be done by the end user for their own phone using a devcert. However this has issues with respect to aiding crackers to easily sign apps. As Bruce says, any suggestions on how to allay these issues are welcome.

Regards
Hamish Willee
Symbian Ltd.