XML-Signature Definitions
WG Draft 1999-July-28
- This Working Group version:
- http://www.w3.org/Signature/Drafts/xml-dsig-definitions-990728.html
[ascii]
- Previous version:
- ...
- Author(s):
- Joseph Reagle Jr. <reagle@w3.org>
Copyright © 1999
The Internet Society & W3C
(MIT, INRIA, Keio), All Rights Reserved. W3C liability, trademark, document use and software licensing
rules apply.
W3C Status of this Document
This is a WG XML Signature
design draft. It is likely that this document will not be published as a TR or ietf-draft, but will be used as the basis of some
other document.
Please send comments to the editor <reagle@w3.org>
and cc: the list <w3c-ietf-xmldsig@w3.org>.
Publication as a Working Draft does not imply endorsement by the W3C membership. This is a
draft document and may be updated, replaced or obsoleted by other documents at any time.
It is inappropriate to cite W3C Drafts as other than "work in progress".A list
of current W3C working drafts can be found at http://www.w3.org/TR.
Publication as a Working Draft does not imply endorsement by the W3C membership.
Abstract
This document attempts to define the critical terms that will be used in the XML
Signature Specification.
This is very immature, and uses an abused form of LARCH and will try to converge with the
definitions, references, and discussion at Index of Terms in Web Architecture,
State and Storage: Files,
Documents, and Resources, and XML
Signature Resources and Referents for a further background on these terms.
- content (resource manifestation)
- A resource manifestation is a rendition of a resource at a specific point in time and
space. A conceptual mapping exists between a resource and a resource manifestation (or set
of manifestations), in the sense that the resource has certain properties - e.g., its URI,
its intended purpose, etc. - which are inherited by each manifestation, although the
specific structure, form, and content of the manifestation may vary according to factors
such as the environment in which it is displayed, the time it is accessed, etc. Regardless
of the form the manifestation's rendering ultimately takes, the conceptual mapping to the
resource is preserved. Note: For historical reasons, HTTP/1.x
calls a manifestation for an "entity". Examples: real-time information accessed
from a news Web site on a particular day, up-to-the-minute stock quotes, a rendering of a
multimedia Web page accessed with a particular client ... [Web Characterization Terminology &
Definitions Sheet]
- identifier
- An identifier is an object that can act as a reference to something that has identity.
In the case of URI, the object is a sequence of characters with a restricted
syntax. [URI Generic Syntax --
RFC 2396]
- locator
- Data, provided as part of a link, which identifies a resource.
[XLink]
- resource
- A resource can be anything that has identity. Familiar examples include an
electronic document, an image, a service (e.g., "today's weather report for Los
Angeles"), and a collection of other resources. Not all resources are network
"retrievable"; e.g., human beings, corporations, and bound books in a library
can also be considered resources.
- The resource is the conceptual mapping to an entity or set of entities, not necessarily
the entity which corresponds to that mapping at any particular instance in time.
Thus, a resource can remain constant even when its content---the entities to which it
currently corresponds---changes over time, provided that the conceptual mapping is not
changed in the process.
- signed-resource & signed-doc (signature validation,
valid signature)
signed-resource(I, C, key, sig): there was some request R such
that GET(R) = C and address(R) = I and sign-doc(C, key, sig)
sign-doc(C, key, sig): sig is the value of a strong one-way function
over content and key that yields C integrity/validity and K non-repudiability
- trusted (trust validation)
- a set of assertions who evaluate as true, including an assertion of signature validity
over those statements.
trusted-statement(signed-resource(I, C, key, sig)): where
(signed-resource(I, C, key, sig) and (C consists of assertions {S1, S2, S3}) and
infer(S1,S2,S3)
- uniform
- Uniformity provides several benefits: it allows different types of resource identifiers
to be used in the same context, even when the mechanisms used to access those resources
may differ; it allows uniform semantic interpretation of common syntactic conventions
across different types of resource identifiers; it allows introduction of new types of
resource identifierswithout interfering with the way that existing identifiers are used;
and, it allows the identifiers to be reused in many different contexts, thus permitting
new applications or protocols to leverage a pre-existing, large, and widely-used set of
resource identifiers. [URI
Generic Syntax -- RFC 2396]
- validate
- a term used to describe the validation (checking) of a signed-resource
or set of assertions from which trust is inferred. a predicate logic expression evaluates
as true.
- web resource.
- A resource, identified by a URI, that is a member of the Web Core. Note:
The URI identifying the Web Resource does not itself have to be found within the Web Core.
That is, a URI written on a bus identifying a resource that is a member of the Web Core identifies a Web Resource. [Web Characterization Terminology &
Definitions Sheet]
reagle@w3.org
$date$