Introduction
Spotfire Mods comes with a trust mechanism that is based on certificates and digital signatures. The purpose of the trust mechanism is to help you keep your system secure when using third party web components, by allowing you to verify the authenticity, integrity and publisher of the code.
This article aims to help Spotfire admins and anyone that builds and distributes mods to understand the basic principles of the trust mechanism and to give some best practices.
See also:
- Governing Spotfire Mods in your organization
- Trusting custom content in the Spotfire environment
- Troubleshooting certificate verification issues in Spotfire
For more information on Spotfire Mods, see Spotfire Mods Overview.
The signing process
The benefit of using digital signing is that the end users can tell where a component comes from and that it has not been tampered with.
Signing of mods can be done in two ways:
- using a Spotfire server certificate.
- using a trusted third-party certificate
Signing using a Spotfire server certificate is done automatically when a mod source code project is loaded into a Spotfire analysis. This type of signing is based on the Spotfire account of the current user and the certificate is issued by the Spotfire server that the user has logged into. Using a server certificate is very convenient when all users are using the same server environment. A Spotfire administrator can Move certificates from one system to another in order to keep items signed with a server certificate valid when moving them between different systems, e.g. from test to production.
A more portable option is to sign mods using an external code signing certificate from a trusted certificate authority (CA), that can be verified by the Spotfire server. See Signing a visualization mod using Package Builder for more information about the signing process with CA certificates. It is recommended to choose a certificate authority that is included in Microsoft Trusted Root Program. Tip: search for "code signing certificate" in your browser to find the most commonly used. You will not need an "EV" certificate, a "standard" option will suffice.
The trust process
Before a mod can be used it needs to be reviewed and trusted.
When trying to use an untrusted mod in an analysis, end users with trust permission will get prompted to trust the mod or to trust all mods from the signer.
The trust decision is then stored, meaning that the user will not get prompted again when using the mod or any other mod from that signer if that option was selected.
It is also possible for an administrator to predefine trusted signers for groups of users.
Invalid signatures
A signature is regarded as invalid if:
- the root certificate cannot be validated by the Spotfire server. The most common case is that the mod has been signed in another Spotfire environment. See Move certificates from one system to another for how this can be worked around.
- the signature has been invalidated by the user. This is done from the My account page of the user.
- the signature has been invalidated by the administrator. See Revoking a server certificate.
By default, mods with invalid signatures cannot be trusted and used. If required (in special cases), it is possible to relax this limitation by changing a preference in Administration Manager (Application > Trust > Require valid signature to allow trust).
A mod with invalid signature can be re-signed to get a valid signature, either by:
- signing the .mod file using Package Builder, or
- opening the mod's source code project in Spotfire and saving the mod to the library.
Make your mod portable
If you are planning to distribute a mod to users of other organizations, each running on different Spotfire systems, you have essentially three options:
- distribute the .mod file that has been signed using an external code signing certificate from a trusted certificate authority (CA), signing the .mod file using Package Builder.
- distribute the source code project, typically through GitHub or other cloud-based repositories.
- submit your mod to the Spotfire Community Exchange.
Recommended Comments
There are no comments to display.