This document is also available in these non-normative formats: XHTML with color-coded revision indicators
Copyright
© 2008 The
Internet Society & W3C® (MITMIT,
ERCIM, Keio),
All Rights Reserved. W3C
liability, trademark
and document
use rules apply.
Copyright © 2002 The Internet Society
& W3C® (MIT,
INRIA, Keio), All Rights Reserved. W3C liability, trademark, docum ent use and software licensing rules apply.
This document has been reviewed by W3C Members and
other interested parties and has been endorsed by the Director
as a W3C Recommendation. It is a stable document and may be
used as reference material or cited as a normative reference
from another document. W3C's role in making the Recommendation
is to draw attention to the specification and to promote its
widespread deployment. This enhances the functionality and
interoperability of the Web.
ThisThe original version of
this specification was produced by the IETF/W3C XML Signature Working Group
(W3C
Activity Statement) which believes the specification
is sufficient for the creation of independent interoperable
implementations; the Interoperability
Report shows at least 10 implementations with at least two
interoperable implementations over every feature.
Patent disclosures relevant to this specification may
be found on the Working Group's patent
disclosure page, in conformance with W3C policy, and the
IETF Page of
Intellectual Property Rights Notices, in conformance with
IETF policy.
Please report errors in this document to w3c-ietf-xmldsig@w3.org
(archive).
The list of known errors in this specification is
available at http://www.w3.org/2001/10/xmldsig-errata.
This document is a Proposed Edited Recommendation of the W3C. This Proposed Second Edition is not a new version of XML Signature Syntax and Processing.
This Proposed Second Edition of XML Signature Syntax
and Processing adds Canonical XML 1.1 as a required
canonicalization algorithm and recommends its use for inclusive
canonicalization. This version of Canonical XML enables use of
xml:id and xml:base Recommendations
with XML Signature and also enables other possible future
attributes in the XML namespace. Additional minor changes,
including the incorporation of known errata, are documented in
Changes in XML Signature Syntax and Processing (Second
Edition).
W3C Advisory Committee Members are invited to send formal review comments to the W3C Team until 30 April 2008. Advisory Committee Representatives should consult their WBS questionnaires. The public is invited to send comments on this document to public-xmlsec-comments@w3.org; public archives are available.
The Working Group conducted an interoperability test as part of its activity. The Test Cases for C14N 1.1 and XMLDSig Interoperability and the Implementation Report for XML Signature, Second Edition documents are publicly available.
Publication as a Proposed Edited Recommendation does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.
This document is governed by the 24 January 2002 CPP as amended by the W3C Patent Policy Transition Procedure. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy. Patent disclosures relevant to this specification may be found on the IETF Page of Intellectual Property Rights Notices, in conformance with IETF policy.
The English version of this specification is the only
normative version. Information about translations of XML
Signature specificationsthis document (if any)
isare available at the Translations
of XML Signature Specifications web page.
http://www.w3.org/Signature/2002/02/xmldsig-translations
A list of current W3C Technical Reports can be found at
http://www.w3.org/TR/.
The following members of the XML Security Specification Maintenance Working Group contributed to the second edition:
Signature, SignedInfo,
Methods, and Reference)s[s01] <Signature Id="MyFirstSignature" xmlns="http://www.w3.org/2000/09/xmldsig#"> [s02] <SignedInfo> [s03] <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315http://www.w3.org/2006/12/xml-c14n11"/> [s04] <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> [s05] <Reference URI="http://www.w3.org/TR/2000/REC-xhtml1-20000126/"> [s06] <Transforms> [s07] <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315http://www.w3.org/2006/12/xml-c14n11"/> [s08] </Transforms> [s09] <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> [s10] <DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=<dGhpcyBpcyBub3QgYSBzaWduYXR1cmUK.../DigestValue> [s11] </Reference> [s12] </SignedInfo> [s13] <SignatureValue>MC0CFFrVLtRlk=......</SignatureValue> [s14] <KeyInfo> [s15a] <KeyValue> [s15b] <DSAKeyValue> [s15c] <P>...</P><Q>...</Q><G>...</G><Y>...</Y> [s15d] </DSAKeyValue> [s15e] </KeyValue> [s16] </KeyInfo> [s17] </Signature>
Reference[s05] <Reference URI="http://www.w3.org/TR/2000/REC-xhtml1-20000126/"> [s06] <Transforms> [s07] <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315http://www.w3.org/2006/12/xml-c14n11"/> [s08] </Transforms> [s09] <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> [s10] <DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=dGhpcyBpcyBub3QgYSBzaWduYXR1cmUK...</DigestValue> [s11] </Reference>
Object and SignatureProperty)[ ] <Signature Id="MySecondSignature" ...> [p01] <SignedInfo> [ ] ... [p02] <Reference URI="http://www.w3.org/TR/xml-stylesheet/"> [ ] ... [p03] <Reference URI="#AMadeUpTimeStamp" [p04] Type="http://www.w3.org/2000/09/xmldsig#SignatureProperties"> [p05] <Transforms> [p06] <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/> [p07] </Transforms> [p0508] <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> [p0609] <DigestValue>k3453rvEPO0vKtMup4NbeVu8nk=dGhpcyBpcyBub3QgYSBzaWduYXR1cmUK...</DigestValue> [p0710] </Reference> [p0811] </SignedInfo> [p0912] ... [p1013] <Object> [p1114] <SignatureProperties> [p1215] <SignatureProperty Id="AMadeUpTimeStamp" Target="#MySecondSignature"> [p1316] <timestamp xmlns="http://www.ietf.org/rfcXXXX.txt"> [p1417] <date>19990914</date> [p1518] <time>14:34:34:34</time> [p1619] </timestamp> [p1720] </SignatureProperty> [p1821] </SignatureProperties> [p1922] </Object> [p2023]</Signature>
[
p10p13]Object is an optional element for including data
objects within the signature element or elsewhere. The
Object can be optionally typed and/or encoded.
[ Signature
properties, such as time of signing, can be optionally signed by
identifying them from within a p11-18p14-21]Reference. (These
properties are traditionally called signature "attributes"
although that term has no relationship to the XML term
"attribute".)
Object and Manifest)[ ] ... [m01] <Reference URI="#MyFirstManifest" [m02] Type="http://www.w3.org/2000/09/xmldsig#Manifest"> [m03] <Transforms> [m04] <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/> [m05] </Transforms> [m0306] <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> [m0407] <DigestValue>345x3rvEPO0vKtMup4NbeVu8nkdGhpcyBpcyBub3QgYSBzaWduYXR1cmUK...=</DigestValue> [m0508] </Reference> [ ] ... [m0609] <Object> [m0710] <Manifest Id="MyFirstManifest"> [m0811] <Reference> [m0912] ... [m1013] </Reference> [m1114] <Reference> [m1215] ... [m1316] </Reference> [m1417] </Manifest> [m1518] </Object>
Transform elements is a node-set. We RECOMMEND that,
when generating signatures, signature applications do not rely on
this default behavior, but explicitly identify the transformation
that is applied to perform this mapping. In cases in which
inclusive canonicalization is desired, we RECOMMEND that
Canonical XML 1.1 [XML-C14N11] be
used.
Signature elementSignatureValue ElementSignedInfo ElementCanonicalizationMethod
ElementSignatureMethod
ElementReference ElementURI AttributeThe URI attribute identifies a data object using
a URI-Reference, as specified by
RFC 2396 [URI].The set of allowed characters for
URI attributes is the same as for XML, namely
[Unicode]. However, some Unicode
characters are disallowed from URI references including all
non-ASCII characters and the excluded characters listed in
RFC 2396 [URI, section 2.4]. However, the number sign (#),
percent sign (%), and square bracket characters re-allowed in RFC
2732 [URI-Literal] are permitted.
Disallowed characters must be
escaped as follows:
The mapping from this attribute's value to a URI reference MUST be performed as specified in section 3.2.17 of [XMLSCHEMA Datatypes, 2nd Edition]. Additionally: Some existing implementations are known to verify the value of the URI attribute against the grammar in [URI]. It is therefore safest to perform any necessary escaping while generating the URI attribute.
XML signature applications MUST be able to parse URI
syntax. We RECOMMEND theyXML signature
applications be able to dereference URIs in the HTTP
scheme. Dereferencing a URI in the HTTP scheme MUST comply with
the
Status Code Definitions of [HTTP]
(e.g., 302, 305 and 307 redirects are followed to obtain the
entity-body of a 200 status code response). Applications should
also be cognizant of the fact that protocol parameter and state
information, (such as HTTP cookies, HTML device profiles or
content negotiation), may affect the content yielded by
dereferencing a URI.
The optional Type attribute contains information about the
type of object being signed after all
ds:Reference transforms have been applied%% E05
2002-05-08 %%. This is represented as a URI. For
example:
The Type attribute applies to the item being pointed at, not
its contents. For example, a reference that identifies
results in the digesting of %%E05%% an
Object element containing a
SignatureProperties element is still of type
#Object. The type attribute is advisory. No
validation of the type information is required by this
specification.
Note: The Reference Generation Model (section 3.1.1) includes further restrictions on the reliance upon defined default transformations when applications generate signatures.
In this specification, a 'same-document' reference is
defined as a URI-Reference thatdoes not contain a
URI. consists of a hash sign ('#') followed by a
fragment or alternatively consists of an empty URI [URI].
Unless the URI-Reference is such a 'same-document'
reference as defined in [URI, Section
4.2], the result of dereferencing the URI-Reference MUST be
an octet stream. In particular, an XML document identified by URI
is not parsed by the signature application unless the URI is a
same-document reference or unless a transform that requires XML
parsing is applied. (See Transforms
(section 4.3.3.1).)
When a fragment is preceded by an absolute or relative URI in
the URI-Reference, the meaning of the fragment is defined by the
resource's MIME type. Even for XML documents, URI dereferencing
(including the fragment processing) might be done for the
signature application by a proxy. Therefore, reference validation
might fail if fragment processing is not performed in a standard
way (as defined in the following section for same-document
references). Consequently, we RECOMMEND in this
case that the URI attribute not include
fragment identifiers and that such processing be specified as an
additional XPath Transform.
When a fragment is not preceded by a URI in the URI-Reference,
XML sSignature applications MUST support
the null URI and barename shortname
XPointer [XPointer-Framework]. We
RECOMMEND support for the same-document XPointers
'#xpointer(/)' and
'#xpointer(id('ID'))' if the application
also intends to support any canonicalization that preserves comments.
(Otherwise URI="#foo" will automatically
remove comments before the canonicalization can even be invoked
due to the processing defined in Same-Document URI-References (section
4.3.3.3).) All other support for XPointers is OPTIONAL,
especially all support for
barenameshortname and other XPointers in
external resources since the application may not have control
over how the fragment is generated (leading to interoperability
problems and validation failures).
'#xpointer(/)' MUST be interpreted to
identify the root node [XPath] of the
document that contains the URI attribute.
'#xpointer(id('ID'))' MUST be
interpreted to identify the element node identified by
'#element(ID)' [XPointer-Element] when evaluated with
respect to the document that contains the URI
attribute.
The original edition of this specification [XMLDSIG-2002] referenced the XPointer
Candidate Recommendation [XPTR-2001]
and some implementations support it optionally. That Candidate
Recommendation has been superseded by the [XPointer-Framework], [XPointer-xmlns] and [XPointer-Element] Recommendations,
and -- at the time of this edition -- the [XPointer-xpointer] Working Draft.
Therefore, the use Support of the
xpointer() scheme [XPointer-xpointer] beyond the
minimal usage discussed in this section is
discouraged.
Dereferencing a same-document reference MUST result in an
XPath node-set suitable for use by Canonical XML [XML-C14N]. Specifically, dereferencing a null
URI (URI="") MUST result in an XPath node-set that
includes every non-comment node of the XML document containing
the URI attribute. In a fragment URI, the characters
after the number sign ('#') character conform to the XPointer
syntax [Xptr][XPointer-Framework].
When processing an XPointer, the application MUST behave as if
the XPointer was evaluated with respect to
theroot node of the XML document containing the
URI attribute were used to initialize the
XPointer evaluation context. The application MUST behave as
if the result of XPointer processing [XPointer-Framework] were a
node-set derived from the resultant location-set
resultant subresource as follows:
The last step is performed for null
URIs,barename and shortname
XPointers and child sequence XPointers. It'
is necessary because when [XML-C14N] or [XML-C14N11] is passed a node-set, it
processes the node-set as is: with or without comments. Only when
it' is called with an octet stream does it
invoke its own XPath expressions (default or without comments).
Therefore to retain the default behavior of stripping comments
when passed a node-set, they are removed in the last step if the
URI is not a fullscheme-based XPointer. To
retain comments while selecting an element by an identifier
ID, use the following
fullscheme-based XPointer:
URI='#xpointer(id('ID'))'. To retain
comments while selecting the entire document, use the following
fullscheme-based XPointer:
URI='#xpointer(/)'. This XPointer contains a
simple XPath expression that includes the root node, which the
second to last step above replaces with all nodes of the parse
tree (all descendants, plus all attributes, plus all namespaces
nodes).
The interpretation of these XPointers is defined in The Reference Processing Model (section 4.3.3.2).
Transforms ElementExamples of transforms include but are not limited to base64
decoding [MIME], canonicalization
[XML-C14N], XPath filtering [XPath], and XSLT [XSLT].
The generic definition of the Transform element also
allows application-specific transform algorithms. For example,
the transform could be a decompression routine given by a Java
class appearing as a base64 encoded parameter to a Java
Transform algorithm. However, applications should
refrain from using application-specific transforms if they wish
their signatures to be verifiable outside of their application
domain. Transform
Algorithms Transform
Algorithms (section 6.6) defines the list of standard
transformations.
DigestMethod ElementDigestValue ElementKeyInfo ElementKeyName ElementKeyValue ElementDSAKeyValue ElementRSAKeyValue ElementRetrievalMethod
ElementType is an optional identifier for the type of
data to be retrieved after all transforms have
been applied%% E05 2002-05-08 %%. The result of
dereferencing a RetrievalMethod Reference for all KeyInfo types defined by this
specification (section 4.4) with a corresponding XML
structure is an XML element or document with that element as the
root. The rawX509Certificate KeyInfo
(for which there is no XML structure) returns a binary X509
certificate.
Schema Definition
<element name="RetrievalMethod" type="ds:RetrievalMethodType"/>
<complexType name="RetrievalMethodType">
<sequence>
<element ref="ds:Transforms" minOccurs="0"/>
</sequence>
<attribute name="URI" type="anyURI" use="required"/>
<attribute name="Type" type="anyURI" use="optional"/>
</complexType>
Note: The schema for the
URI attribute of RetrievalMethod erroneously omitted
the attribute: use="required"
The DTD is correct. However, this error only results in a more lax schema which permits all valid RetrievalMethod elements. Because the existing schema is embedded in many applications, which may include the schema in their signatures, the schema has not been corrected to be more restrictive.
X509Data ElementAlso, strings in DNamesTo encode a
distinguished name
(X509IssuerSerial,X509SubjectName, and
KeyName if approriateappropriate), the encoding rules in
section 2 of RFC 2253 4514 [LDAP-DN]
[LDAP-DN]
SHOULD be applied, except that the string encoding
character escaping rules in section 2.4 of RFC 2253
4514 [LDAP-DN]
[LDAP-DN]
should MAY be encoded
augmented as follows:
Since a XML document logically consists of characters, not octets, the resulting Unicode string is finally encoded according to the character encoding used for producing the physical representation of the XML document.
PGPData ElementSPKIData ElementMgmtData ElementObject ElementThe MimeType attribute is an optional attribute
which describes the data within the Object
(independent of its encoding). This is a string with values
defined by [MIME]. For example, if the
Object contains base64 encoded PNG, the
Encoding may be specified as
'http://www.w3.org/2000/09/xmldsig#base64' %% E06
2002-06-06 %% and the MimeType as 'image/png'.
This attribute is purely advisory; no validation of the
MimeType information is required by this
specification. Applications which require normative type and
encoding information for signature validation should specify
Transforms with well
defined resulting types and/or encodings.
Manifest ElementSignatureProperties
ElementThe SHA-1
SHA-1
algorithm [SHA-1] takes no explicit
parameters. An example of an SHA-1 DigestAlg element is:
The expression "RSA algorithm" as used in this
draftspecification%%E07
2003-01-10%% refers to the RSASSA-PKCS1-v1_5
algorithm described in RFC 2437 [PKCS1]. The RSA algorithm takes no explicit
parameters. An example of an RSA SignatureMethod element is:
Various canonicalization algorithms require conversion to
[UTF-8].The two algorithms
below understand at least [UTF-8] and
[UTF-16] as input encodings. We
RECOMMEND that externally specified algorithms do the same.
Knowledge of other encodings is OPTIONAL.
Various canonicalization algorithms transcode from a
non-Unicode encoding to Unicode. The two algorithms below
perform text normalization during transcodingThe
output of these algorithms will be in NFC [NFC, NFC-Corrigendum]. This is because
the XML processor used to prepare the XPath data model input is
required (by the Data Model) to use Normalization Form C when
converting an XML document to the UCS character domain from any
encoding that is not UCS-based. %% E04 2002-03-20
%%
This specification REQUIRES implementation of both
Canonical XML 1.0 [XML-C14N] and
Canonical XML 1.1 [XML-C14N11]. We
RECOMMEND that generators applications that
generate signatures choose Canonical XML 1.1 [XML-C14N11] when inclusive canonicalization
is desired.
Note: Canonical XML 1.0 [XML-C14N] and Canonical XML 1.1
[XML-C14N11]
specifiesy a standard serialization of XML
that, when applied to a subdocument, includes the subdocument's
ancestor context including all of the namespace declarations and
some attributes in the 'xml:' namespace. However, some
applications require a method which, to the extent practical,
excludes unused ancestor context from a canonicalized
subdocument. The Exclusive XML Canonicalization Recommendation
[XML-exc-C14N] may be used to
address requirements resulting from scenarios where a subdocument
is moved between contexts. %%E02 2002-01-29%%
The normative specification of Canonical XML1.0 is [XML-C14N]. The algorithm is capable of taking as input either an octet stream or an XPath node-set (or sufficiently functional alternative). The algorithm produces an octet stream as output. Canonical XML is easily parameterized (via an additional URI) to omit or retain comments.
The normative specification of Canonical XML 1.1 is [XML-C14N11]. The algorithm is capable of taking as input either an octet stream or an XPath node-set (or sufficiently functional alternative). The algorithm produces an octet stream as output. Canonical XML 1.1 is easily parameterized (via an additional URI) to omit or retain comments.
Transform AlgorithmsThis transform requires an octet stream for input. If an XPath
node-set (or sufficiently functional alternative) is given as
input, then it is converted to an octet stream by performing
operations logically equivalent to 1) applying an XPath transform
with expression self::text(), then 2) taking the
string-value of the node-set. Thus, if an XML element is
identified by a barenameshortname XPointer
in the Reference URI, and its content consists
solely of base64 encoded character data, then this transform
automatically strips away the start and end tags of the
identified element and any of its descendant elements as well as
any descendant comments and processing instructions. The output
of this transform is an octet stream.
The input required by this transform is an XPath node-set.
Note that if the actual input is an XPath node-set resulting from
a null URI or barenameshortname XPointer
dereference, then comment nodes will have been omitted. If the
actual input is an octet stream, then the application MUST
convert the octet stream to an XPath node-set suitable for use by
Canonical XML with Comments. (A subsequent application of the
REQUIRED Canonical XML algorithm would strip away these
comments.) In other words, the input node-set should be
equivalent to the one that would be created by the following
process:
Note that the XML-Signature XPath Filter 2.0
Recommendation [XPath-Filter-2]
may be used for this purpose. This recommendation defines an
XPath transform that permits the easy specification of subtree
selection and omission that can be efficiently implemented.
%%E03 2002-01-29%%
Donald E. Eastlake 3rd
Motorola Laboratories, 20 Forbes Boulevard
111 Locke Drive
Marlborough, MA 01752 USA
Mansfield, MA 02048 USA
Phone: 1-508-261-5434 +1-508-786-7554
Email: Donald.Eastlake@motorola.com
d3e3e3@gmail.com
Joseph M. Reagle Jr., W3C
Joseph M. Reagle Jr.
Massachusetts Institute of Technology
Laboratory for Computer Science
NE43-350, 545 Technology Square
Cambridge, MA 02139
Phone: + 1.617.258.7621
Email: reagle@w3.org
Department of Media, Culture, and Communication
New York University
Email: reagle@mit.edu