IETF Logo W3C Logo

XML-Signature Definitions

WG Draft 1999-July-28

This Working Group version: [ascii]
Previous version:
Joseph Reagle Jr. <>

Copyright  1999 The Internet Society & W3C (MIT, INRIA, Keio), All Rights Reserved. W3C liability, trademark, document use and software licensing rules apply.

W3C Status of this Document

This is a WG XML Signature design draft. It is likely that this document will not be published as a TR or ietf-draft, but will be used as the basis of some other document.

Please send comments to the editor <> and cc: the list <>. Publication as a Working Draft does not imply endorsement by the W3C membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite W3C Drafts as other than "work in progress".A list of current W3C working drafts can be found at Publication as a Working Draft does not imply endorsement by the W3C membership.


This document attempts to define the critical terms that will be used in the XML Signature Specification.

This is very immature, and uses an abused form of LARCH and will try to converge with the definitions, references, and discussion at Index of Terms in Web Architecture,   State and Storage: Files, Documents, and Resources, and XML Signature Resources and Referents for a further background on these terms.


content (resource manifestation)
A resource manifestation is a rendition of a resource at a specific point in time and space. A conceptual mapping exists between a resource and a resource manifestation (or set of manifestations), in the sense that the resource has certain properties - e.g., its URI, its intended purpose, etc. - which are inherited by each manifestation, although the specific structure, form, and content of the manifestation may vary according to factors such as the environment in which it is displayed, the time it is accessed, etc. Regardless of the form the manifestation's rendering ultimately takes, the conceptual mapping to the resource is preserved.  Note: For historical reasons, HTTP/1.x calls a manifestation for an "entity". Examples: real-time information accessed from a news Web site on a particular day, up-to-the-minute stock quotes, a rendering of a multimedia Web page accessed with a particular client ... [Web Characterization Terminology & Definitions Sheet]
An identifier is an object that can act as a reference to something that has identity.   In the case of URI, the object is a sequence of characters with a restricted syntax. [URI Generic Syntax -- RFC 2396]
Data, provided as part of a link, which identifies a resource. [XLink]
A resource can be anything that has identity.  Familiar examples include an electronic document, an image, a service (e.g., "today's weather report for Los Angeles"), and a collection of other resources.  Not all resources are network "retrievable"; e.g., human beings, corporations, and bound books in a library can also be considered resources.
The resource is the conceptual mapping to an entity or set of entities, not necessarily the entity which corresponds to that mapping at any particular instance in time.   Thus, a resource can remain constant even when its content---the entities to which it currently corresponds---changes over time, provided that the conceptual mapping is not changed in the process.
signed-resource & signed-doc (signature validation, valid signature)

signed-resource(I, C, key, sig): there was some request R such that  GET(R) = C and address(R) = I and sign-doc(C, key, sig)

sign-doc(C, key, sig): sig is the value of a strong one-way function over content and key that yields C integrity/validity and K non-repudiability

trusted (trust validation)
a set of assertions who evaluate as true, including an assertion of signature validity over those statements.

trusted-statement(signed-resource(I, C, key, sig)): where (signed-resource(I, C, key, sig) and (C consists of assertions {S1, S2, S3}) and infer(S1,S2,S3)

Uniformity provides several benefits: it allows different types of resource identifiers to be used in the same context, even when the mechanisms used to access those resources may differ; it allows uniform semantic interpretation of common syntactic conventions across different types of resource identifiers; it allows introduction of new types of resource identifierswithout interfering with the way that existing identifiers are used; and, it allows the identifiers to be reused in many different contexts, thus permitting new applications or protocols to leverage a pre-existing, large, and widely-used set of resource identifiers. [URI Generic Syntax -- RFC 2396]
a term used to describe the validation (checking) of a signed-resource or set of assertions from which trust is inferred. a predicate logic expression evaluates as true.
web resource.
A resource, identified by a URI, that is a member of the Web Core. Note: The URI identifying the Web Resource does not itself have to be found within the Web Core. That is, a URI written on a bus identifying a resource that is a member of the Web Core identifies a Web Resource.  [Web Characterization Terminology & Definitions Sheet]