XML-DSig '99

Position Paper Peter Lipp

IAIK, Graz University of Technology


Out group within the Institute for Applied Information Processing and Communications (IAIK) is working in the field of public-key-infrastructures and Java-Cryptography. Within PKI, we are consulting to local companies setting up such structures and their pilot service was based on our software. We also were involved in consulting to austrian governmental bodies concerning digital signature legislation. Concerning Java-Cryptography, we have developed and are currently selling a Java-Cryptor toolkit, providing encryption and digital signature software as well as PKCS-implementations, S/MIME and SSL. Other groups within the institute do  research in the areas of networking, VLSI design, and IT security. Current networking activities are in the field of ATM and ISDN. In IT security we design crypto chips, co-processors for smart cards, and are interested in WWW security. As a university institute we teach courses at all levels for students of Mathematics and Telematik (CS&EE).


When we participated in the Digital Signature Initiative, we were already convinced that we need a way to add semantics to signatures. The core of our ideas was to be able to express things like subject X says statment Y about object Z. With DSig we did not quite achive that goal, mainly because the aim of that initiative was driven by W3C towards PICS and we had to be PICS-compliant. Furthermore, RDF was on its way and we saw its potential to finally achieve our initial goal. Now RDF is here and we are ready to continue!

Obviously it makes sense to provide for a general solution to signed XML, and not for RDF only.


Not only for historic reasons we are very interested in active partizipation in these activities. Signed XML seems to become very important. We have the following plans to work on or use signed RDF or XML

We find the following things to be important for Signed RDF:

W3C versus IETF

There seems to be a decision to be made whether signed-XML shall be pursued within the W3C or the IETF. Basically, I don't care that much. If there are the right people willing to work, both groups could move things forwards fast. It might be more difficult to get an agreement within the IETF due to the openness of the process, OTOH this openness tends to be a good thing too.  While we would be willing to actively participate in the discussions, design and implementation within either group, the W3C-working-style we experienced within DSig makes us believe that results would be achieved faster within W3C.