RFC 3275 (rfc3275) - Page 3 of 73


(Extensible Markup Language) XML-Signature Syntax and Processing



Alternative Format: Original Text Document

< Previous
Next >


RFC 3275          XML-Signature Syntax and Processing         March 2002


   6.6.3 XPath Filtering............................................. 51
   6.6.4 Enveloped Signature Transform............................... 54
   6.6.5 XSLT Transform.............................................. 54
   7. XML Canonicalization and Syntax Constraint Considerations...... 55
   7.1 XML 1.0, Syntax Constraints, and Canonicalization............. 56
   7.2 DOM/SAX Processing and Canonicalization....................... 57
   7.3 Namespace Context and Portable Signatures..................... 58
   8.0 Security Considerations....................................... 59
   8.1 Transforms.................................................... 59
   8.1.1 Only What is Signed is Secure............................... 60
   8.1.2 Only What is 'Seen' Should be Signed........................ 60
   8.1.3 'See' What is Signed........................................ 61
   8.2 Check the Security Model...................................... 62
   8.3 Algorithms, Key Lengths, Certificates, Etc.................... 62
   9. Schema, DTD, Data Model, and Valid Examples.................... 63
   10. Definitions................................................... 63
   Appendix: Changes from RFC 3075................................... 67
   References........................................................ 67
   Authors' Addresses................................................ 72
   Full Copyright Statement.......................................... 73

1. Introduction

   This document specifies XML syntax and processing rules for creating
   and representing digital signatures.  XML Signatures can be applied
   to any digital content (data object), including XML.  An XML
   Signature may be applied to the content of one or more resources.
   Enveloped or enveloping signatures are over data within the same XML
   document as the signature; detached signatures are over data external
   to the signature element.  More specifically, this specification
   defines an XML signature element type and an XML signature
   application; conformance requirements for each are specified by way
   of schema definitions and prose respectively.  This specification
   also includes other useful types that identify methods for
   referencing collections of resources, algorithms, and keying and
   management information.

   The XML Signature is a method of associating a key with referenced
   data (octets); it does not normatively specify how keys are
   associated with persons or institutions, nor the meaning of the data
   being referenced and signed.  Consequently, while this specification
   is an important component of secure XML applications, it itself is
   not sufficient to address all application security/trust concerns,
   particularly with respect to using signed XML (or other data formats)
   as a basis of human-to-human communication and agreement.  Such an
   application must specify additional key, algorithm, processing and
   rendering requirements.  For further information, please see Security
   Considerations (section 8).



Eastlake, et al.            Standards Track


< Previous
Next >


Web Standards & Support:

Link to and support eLook.org Powered by LoadedWeb Web Hosting
Valid XHTML 1.0! Valid CSS! eLook.org FireFox Extensions