Security for XML Expansion Packs [Office 2003 SDK Documentation]
An XML expansion pack manifest file allows Microsoft® Office 2003 smart document developers to reference one or more smart document components that are installed as part of a complete smart document. For more information about XML expansion packs and supporting files, see the Developing Smart Documents section.
When a user loads a smart document into Microsoft Office Word 2003 or Microsoft Office Excel 2003, the application performs a security pass on the XML expansion pack manifest file. This security check ensures that the XML expansion pack is signed by a trusted source. Office 2003 requires that smart document developers sign the XML expansion pack manifest file for all smart documents. The following sections describe what happens during this security check. For a visual representation of how Office 2003 processes this security check, see Security Checks for XML Expansion Packs.
Note For information about signing XML expansion pack manifest files, see Code Signing XML Expansion Packs.
Unsigned XML expansion packs
Unlike unsigned add-ins and macros in templates, Office 2003 doesn't prompt users to enable or disable the functionality of a smart document. Instead, if a smart document developer doesn't sign an XML expansion pack manifest file, Office 2003 won't install and load the components necessary to make the smart document function as expected, causing unexpected behavior for the user. The application will, however, load the document, but the smart behavior built into the smart document components will be missing.
In this case, the user will receive the following message.
Signed XML expansion packs
Conversely, Office 2003 treats signed XML expansion packs very differently. How XML expansion packs are treated, however, and whether the user will be able to use your smart documents depend on whether the smart document developer uses a digital signature that is on the list of trusted sources (as shown in the Security dialog box, Trusted Publishers tab).
From an untrusted source
If an XML expansion pack is signed but the signer isn't in the list of trusted sources, the application notifies the user, as shown in the following figure. From this Security Warning dialog box, users can choose to enable or disable an XML expansion pack and the components that make up the smart document.
As you can see, the user can also choose to add the digital signature information to the list of trusted sources by selecting the Always trust macros from this publisher check box.
From a trusted source
The best-case scenario for deploying smart documents is when the XML expansion pack uses a digital signature from a source that is in the list of trusted sources. In this case, the XML expansion pack security check is, from the user's perspective, seamless. In order to make this happen, you need to have your users install your digital certificate in a trusted location, which you can do by using a policy or an installation or logon script.
Deploying smart documents from a Web server
There are a few issues to be aware of if you plan to deploy your smart documents from a Web server. Microsoft Internet Explorer security adds an additional layer of security on top of the security measures discussed earlier. For more information about how these security measures may affect the performance of your smart documents on your users' computers, see Deploying Smart Documents from a Web Server.
Bypassing XML expansion pack security checking
When you are developing and testing smart document solutions, the security checks discussed earlier can seem intrusive to your work. It may not be practical to sign all manifests in a test environment. There is a way to temporarily disable the XML expansion pack security checking, but you should be careful to use this feature only in a development and test environment and not in a deployment environment. For more information about how to disable this security check on your development and test computers, see Testing and Troubleshooting.