The ability to validate that the software installed on the user's machine is actually as originally specified by the publisher is an important feature of IPS. This ability to validate the installed system is key for both the user and the support engineering staff.
Signature policies can be set for the image or for specific publishers. Policies include ignoring signatures, verifying existing signatures, requiring signatures, and requiring specific common names in the chain of trust.
This chapter describes IPS package signing and how developers and quality assurance organizations can sign either new packages or existing, already signed packages.