Installable ADR and SPEC extension pack for digital-signature and container governance.
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
digital-signature-governance-pack
digital-signature-governance-pack is an SSOT Registry pack for digital-signature, advanced electronic signature, container, timestamping, validation, archival, and assurance-language governance.
It gives product, platform, and compliance teams a reusable ADR/SPEC starting point for repositories that need to govern PAdES, XAdES, CAdES, ASiC-S, ASiC-E, validation reports, timestamping, certificate and revocation handling, long-term archival evidence, and constrained eIDAS-facing claim language.
What Is An SSOT Registry Pack?
An SSOT Registry pack is an installable package of governed Architecture Decision Records (ADRs) and Specifications (SPECs) for ssot-registry. The pack supplies reusable decision and requirement documents that downstream repositories can synchronize into their local .ssot registry and link to features, tests, claims, evidence, and releases.
Why This Pack Exists
Digital-signature governance crosses technical standards, cryptographic evidence, validation semantics, archival policy, and assurance wording. Teams need one reviewed source for the decisions and requirements that shape signature-family support, timestamping, validation reports, certificate and revocation handling, long-term evidence, and regulated claim language.
This pack helps teams:
- apply reviewed digital-signature governance requirements across projects
- distinguish signature family, baseline level, container, validation, timestamping, and archival requirements
- keep assurance and regulatory language tied to explicit evidence boundaries
- give product, platform, compliance, and implementation teams stable ADR and SPEC IDs
- connect downstream features, tests, claims, evidence, and releases to shared governance records
Domain Focus
The initial review surface is grounded in TrustSig's signature_and_container_standards_matrix.md and covers:
- ETSI
PAdES,XAdES,CAdES, andASiCfamily standards - baseline levels
B-B,B-T,B-LT, andB-LTA - PDF signature standards and ISO PDF extensions
- W3C XML Signature and canonicalization surfaces
- CMS, timestamping, PKIX, OCSP, ERS, XMLERS, and related RFCs
- validation result and validation report modeling
- cryptographic suite policy and algorithm allowlists
- regulatory-language boundaries for eIDAS-related claims
Included ADRs
adr:0900digital-signature standards targets are reviewed before governance inclusion
Included SPECs
spc:0900digital-signature governance target review
Proposed ADR And SPEC Set
The first detailed proposal is documented in:
Digital Signature ADR/SPEC Proposal
The source standards matrix copied from TrustSig is available at:
Signature and Container Standards Matrix
Install With uv
Install the pack into a project environment:
uv add digital-signature-governance-pack
Install it alongside the SSOT Registry CLI:
uv add ssot-registry digital-signature-governance-pack
Run without adding dependencies to a project:
uvx --from ssot-registry --with digital-signature-governance-pack ssot --help
Install With The SSOT Registry Pack CLI
Pack-enabled SSOT Registry environments can install and synchronize packs through the pack command surface:
uvx --from ssot-registry ssot pack install digital-signature-governance-pack
uvx --from ssot-registry ssot pack sync . digital-signature-governance-pack
Use With The SSOT Registry CLI
After the pack is installed in the same environment as ssot-registry, synchronize ADRs and SPECs into a target repository:
uv run ssot adr sync .
uv run ssot spec sync .
Review the synchronized governance surface:
uv run ssot adr list .
uv run ssot spec list .
uv run ssot spec get . --id spc:0900
Use the IDs from this pack when linking project features, tests, claims, and release evidence in your local .ssot registry.
Programmatic Usage
from digital_signature_governance_pack import load_document_manifest, read_packaged_document_text
adr_manifest = load_document_manifest("adr")
spec_manifest = load_document_manifest("spec")
print(adr_manifest[0]["id"])
print(spec_manifest[0]["id"])
text = read_packaged_document_text("spec", "SPEC-0900-digital-signature-governance-target-review.yaml")
print(text[:120])
Resources
- GitHub repository: groupsum/digital-signature-governance-pack
- PyPI package: digital-signature-governance-pack
- SSOT Registry: ssot-registry
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file digital_signature_governance_pack-0.1.1.dev2.tar.gz.
File metadata
- Download URL: digital_signature_governance_pack-0.1.1.dev2.tar.gz
- Upload date:
- Size: 13.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
43bbe1e82b723f273b3c60788da9ab14b27812c49e3819b63b2ca1c0d76f2247
|
|
| MD5 |
13820510c5c5abb50a8b58c7e336d6cf
|
|
| BLAKE2b-256 |
e0247e1199dff4baa10553a0634e8bee578e3831a2083df02b98690967fc977d
|
Provenance
The following attestation bundles were made for digital_signature_governance_pack-0.1.1.dev2.tar.gz:
Publisher:
publish.yml on groupsum/digital-signature-governance-pack
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
digital_signature_governance_pack-0.1.1.dev2.tar.gz -
Subject digest:
43bbe1e82b723f273b3c60788da9ab14b27812c49e3819b63b2ca1c0d76f2247 - Sigstore transparency entry: 1553804496
- Sigstore integration time:
-
Permalink:
groupsum/digital-signature-governance-pack@75dbd5347b68e0f858b332887c0266681fed2491 -
Branch / Tag:
refs/heads/master - Owner: https://github.com/groupsum
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@75dbd5347b68e0f858b332887c0266681fed2491 -
Trigger Event:
workflow_dispatch
-
Statement type:
File details
Details for the file digital_signature_governance_pack-0.1.1.dev2-py3-none-any.whl.
File metadata
- Download URL: digital_signature_governance_pack-0.1.1.dev2-py3-none-any.whl
- Upload date:
- Size: 13.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
14f7cc75b456eb51960a7621e587ec6602f34721dcfdebbcf014f1b516506a1b
|
|
| MD5 |
9433ae293f20972cc9fe649c8bcca056
|
|
| BLAKE2b-256 |
4db33d8a0b7d52593e9ca6aff0c1b12096329e8c8a4b8095ba07ea28c770a339
|
Provenance
The following attestation bundles were made for digital_signature_governance_pack-0.1.1.dev2-py3-none-any.whl:
Publisher:
publish.yml on groupsum/digital-signature-governance-pack
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
digital_signature_governance_pack-0.1.1.dev2-py3-none-any.whl -
Subject digest:
14f7cc75b456eb51960a7621e587ec6602f34721dcfdebbcf014f1b516506a1b - Sigstore transparency entry: 1553804503
- Sigstore integration time:
-
Permalink:
groupsum/digital-signature-governance-pack@75dbd5347b68e0f858b332887c0266681fed2491 -
Branch / Tag:
refs/heads/master - Owner: https://github.com/groupsum
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@75dbd5347b68e0f858b332887c0266681fed2491 -
Trigger Event:
workflow_dispatch
-
Statement type:
