Copyright
©
2012
2013
W3C
®
(
MIT
,
ERCIM
,
Keio
,
Beihang
),
All
Rights
Reserved.
W3C
liability
,
trademark
and
document
use
rules
apply.
This document provides a summary of non-editorial changes in XML Signature 1.1 from the XML Signature Second Edition Recommendation.
This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at http://www.w3.org/TR/.
In the case of any difference between this document and the XML Signature 1.1 specification [ XMLDSIG-CORE1 ], the XML Signature 1.1 specification is authoritative.
This
Note
has
been
updated
since
the
previous
publication
to
remove
the
text
stating
that
OCSPResponse
was
added
to
XML
Signature
1.1,
as
it
has
been
removed
from
XML
Signature
1.1.
References
have
also
been
updated
(
diff
).
This
document
was
published
by
the
XML
Security
Working
Group
as
a
First
Public
Working
Group
Note.
If
you
wish
to
make
comments
regarding
this
document,
please
send
them
to
public-xmlsec@w3.org
(
subscribe
,
archives
).
All
feedback
is
comments
are
welcome.
Publication as a Working Group Note does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.
This document was produced by a group operating under the 5 February 2004 W3C Patent Policy . W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy .
This document summarizes non-editorial changes in XML Signature 1.1 from the XML Signature Second Edition Recommendation.
ECDSA-SHA1
(
ECDSA-SHA256
(
ECDSA-SHA384
(
ECDSA-SHA512
(
SHA224
(
SHA256
(
SHA384
(
SHA512
(
RSAwithSHA256
(
RSAwithSHA384
(
RSAwithSHA512
(
For all algorithms added, algorithm identifiers and information were added to the specification.
SHA-1
but
allow
it
for
compatibility
SHA-1
use
is
DISCOURAGED
(but
support
is
still
SHA-1
to
state
that
use
is
DISCOURAGED
(but
still
HMAC-SHA1
to
state
that
use
is
DISCOURAGED
DSAwithSHA1
is
only
RSA-SHA1
and
ECDSA-SHA1
is
DISCOURAGED.
SHA-1
HMAC-SHA256
to
HMAC-SHA384
,
HMAC-SHA512
to
HMACOutputLength
parameter
in
SignatureMethod
KeyInfo
Changes
ECKeyValue
,
ECParameters
DEREncodedKeyValue
KeyInfo
child
elements
EncryptedKey
and
DerivedKey
Elements
DEREncodedKeyValue
-
new
representation
for
public
keys
KeyInfoReference
-
alternative
to
RetrievalMethod
access
to
a
KeyInfo
element
that
does
not
require
use
of
a
Transform
RetrievalMethod
that
a
Transform
is
needed
to
obtain
content
of
KeyInfo
referenced
by
ID
KeyInfoReference
element
instead
of
RetrievalMethod
X509Data
Changes
dsig11:X509Digest
to
list
of
elements
that
may
be
included,
to
support
reference
via
base64-encoded
digest
of
a
certificate
X509IssuerSerial
and
possible
issue
with
schema
validation
when
large
serial
numbers
are
used.
X509Data
in
explicitly
trusted
scenarios.
Reference
validation
since
changes
could
occur
in
serialization
after
Signature
generation.
SHA-256
in
preference
to
SHA-1