ISSUE-45: Multiple or layered signatures

Multiple or layered signatures

XML Security 1.1 Requirements and Design Considerations
Raised by:
Frederick Hirsch
Opened on:
This issue is confusing, originally titled "Signing with multiple intended receivers, and/or long lived signatures". There was no description in the original issue.
Related Actions Items:
No related actions
Related emails:
  1. Agenda: Distributed Meeting 2009-10-20 (from on 2009-10-19)
  2. Minutes 13 October2009 (from on 2009-10-13)
  3. Propose text for requirements for ISSUE-45 Action-387 - Completed (from on 2009-10-09)
  4. Agenda: Distributed Meeting 2009-10-13 (from on 2009-10-09)
  5. Re: Minutes 06 Oct 2009 (from on 2009-10-08)
  6. Minutes 06 Oct 2009 (from Sean.Mullan@Sun.COM on 2009-10-06)
  7. Re: Agenda: Distributed Meeting 2009-10-06 (from on 2009-10-06)
  8. Agenda: Distributed Meeting 2009-10-06 (from on 2009-10-02)
  9. Re: Sept 29 Meeting Minutes (from on 2009-09-29)
  10. Re: April 28 2009 draft minutes (from on 2009-04-29)
  11. Agenda: Distributed Meeting 2009-04-21 (from on 2009-04-17)
  12. Agenda: Distributed Meeting 2009-04-07 v2 (from on 2009-04-06)
  13. RE: Close ISSUE-45, multiple recipients of signature? (from on 2009-04-06)
  14. Close ISSUE-45, multiple recipients of signature? (from on 2009-04-06)
  15. 2009-03-31 Minutes for Approval (from on 2009-04-03)
  16. Agenda: Distributed Meeting 2009-03-31 (from on 2009-03-30)
  17. Agenda: Distributed Meeting 2009-03-24 v2 (resend) (from on 2009-03-23)
  18. Agenda: Distributed Meeting 2009-03-24 v2 (from on 2009-03-23)
  19. Agenda: Distributed Meeting 2009-03-24 (resend) (from on 2009-03-22)
  20. Agenda: Distributed Meeting 2009-03-24 (from on 2009-03-22)
  21. Agenda: Distributed Meeting 2009-03-17 (resend) (from on 2009-03-11)
  22. Agenda: Distributed meeting 2009-03-17 (from on 2009-03-11)
  23. Requirements as Issues (XML Signature and Canonicalization V Next Requirements) (from on 2009-03-09)
  24. Current issues that are not flagged as requirements (from on 2008-09-22)
  25. Draft Minutes 8/12/2008 (from Sean.Mullan@Sun.COM on 2008-08-12)

Related notes:

Discussing this issue at the March 31, 2009 teleconference this issue is better termed "layered signatures" where multiple signatures can be attached to an XML document. This can be for the reason of wither several signatures need to be applied to a document at a point in time, of that in the case of long lived signatures, and one signature is about to expire (the key used to sign the document might expire as in the case of an X.509 certificate) and the document is then signed again with a new signature as a way to renew the signature.

Gerald Edgar, 31 Mar 2009, 16:03:01

WG decided to defer until after 2.0

Frederick Hirsch, 9 Oct 2009, 15:28:22

The XML Security use Cases and Requirements document addresses this
( )
Section 3.3.3 states:

2. Any or all of messages may be signed and/or encrypted zero or more times in any order. Signatures and encryptions may overlap. A receiver must be able to properly verify signatures and decrypt data in the proper order (assuming access to the necessary secrets or trust points) based on nothing but the message.

3. It must be possible to determine whether the correct portions of the message have been signed and encrypted with the correct keys according to policy.

Gerald Edgar, 9 Oct 2009, 22:27:02

[tlr]: taken care of by current text of requirements document

13 Oct 2009, 14:23:48

[tlr]: why does agenda say it's deferred till 2.0?

13 Oct 2009, 14:23:56

Display change log ATOM feed

Chair, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <>.
$Id: 45.html,v 1.1 2017/01/10 16:24:52 carine Exp $