Enumerated XML-Signature Conformance Requirements

This version:
Joseph Reagle <reagle@w3.org>
This is a proposed enumeration of the conformance requirements specified in http://www.w3.org/TR/2000/WD-xmldsig-core-20000711/ with suggestions to provide greater organization and clarity that will hopefully be reflected back into the next version of the specification.

Presently, the specification constrains (a) XML Signature Syntax and (b) XML Signature Applications. Most of the MUSTs relate to XML Signature applications. Should we cast all of these constraints as application conformance requirements or syntax requirements? (I don't think the latter is possible and that we should continue to want to use both as discussed below).


I'm not sure what these MUSTs mean as they are more descriptive than prescriptive. (This is also currently being discussed on the list).

I believe a single syntax constraint should be stated along the lines of:

a conforming digital signature element is an element that is schema-valid-lax [XML-schema] with respect to the XML Signature schema.

The questions are:

  1. Do we have any other choice? (We could speak of an XML1.0 Signature document, but this only works with external signatures/DTDs).
  2. How much work does this validation entail? We aren't using that many schema features, consequently how much work does it take relative to a schema validating parser?

XML Signature Applications

I suspect some of these could use some tuning.