IETF LogoW3C Logo

Author: Joseph Reagle

Audience: IETF 45 xmldsig WG

Question: What is the Status of this Activity? Points for consideration of Requirements Document.



IETF45: XML Signature (xmldsig)

Joseph M. Reagle Jr.


  1. Agenda Thrashing
  2. Institutional Status and Milestones
  3. Requirements
  4. Syntax
  5. Teleconferences

Agenda Thrashing

Monday, 12 July, 1300-1500 hours

  1. Agenda Bashing  (5m)
  2. Joint Working Group Status  (10m)
    • IETF - Donald Eastlake  (5m)
    • W3C - Joseph Reagle  (5m)
  3. Requirements (45m)
    • Overview - Joseph Reagle (10m)
    • ... other requirements presentations ...  (15m)
    • Requirements discussion (15m)
  4. Signature Syntax (45m)
    • Overview - Richard Brown (15m)
    • David Solo (10m)
    • ... other syntax presenations ... (10m)
    • General syntax discussion 15m)
  5. First consideration of Conference Calls and September Face to Face Meeting  (5m)

Tuesday, 13 July, 0900-1130 hours

  1. Agenda Bashing (10m)
  2. Implementation Reports (30m)
    1. ? Hiroshi Maruyama, who implemented the Brown draft,
    2. ? Hitachi, implementing the IOTP signatures which are based on the Brown draft with
  3. ... tbd ... (30m)
  4. Requirements reports from first session and discussion (25m)
  5. Syntax reports from first session and discussion (30m)
  6. Second consideration of Conference Calls and September Face to Face Meeting (10m)

Institutional Status and Milestones

Design I

Principles and Scope

  1. The XML-Signature specification will describe how to a digitally sign a Web resource in general, and an XML document in particular. [Charter] The specification will not specify methods of providing confidentiality though the Working Group may report on the feasibility of such work in a future or rechartered activity. [List(Bugbee)]
  2. The meaning of the signature is very simple:  The XML signature syntax associates the cryptographic signature value with Web resources using XML markup.
    1. The WG is not chartered to specify trust semantics, but syntax and processing rules necessary for communicating signature validity (authenticity, integrity and non-repudiation).  [Charter(Requirement1)]
    2. The XML signature syntax must be highly extensible such that it can support arbitrary application/trust semantics and assertion capabilities -- that can also be signed. For example, potential trust applications include sophisticated timestamps, endorsement, and threshold signature schemes. At the Chairs' discretion and in order to test the extensibility the syntax, the WG may produce non-standard-track proposals defining common semantics relevant to signed assertions about Web resources and their relationships in a schema definition (XML/RDF) or link type definition (XLink). [Charter(Requirement1&4), List(Bugbee, Solo)]
    3. Validity and Identity
      1. Only enough information necessary to check the validity of the cryptographic signature need be provided. [Reagle]
      2. Each signature shall be associated with information to identify the signer and/or the cryptographic information required to validate the signature.   [List(Solo)]

Design II

Principles and Scope

  1. An XML-Signature can apply to a part or totality of an XML document.  [Charter, Brown]
  2. More than one signature may exist over any resource.[Charter, Brown]
  3. A key use of XML Signatures will be detached Web signatures. In conjunction with XML facilities (including packaging) signatures may be embedded within or encapsulate XML or encoded content. [Charter]
  4. The Signature syntax specification will not specify methods of serialization or canonicalization. XML content is normalized by specifying an appropriate content C14N (canonicalization) algorithm [DOMHASH, C14N]; applications are expected to normalize application specific semantics prior to handing data to a XML-Signature application. [Charter]
  5. ...

Design III

Principles and Scope

  1. An XML-Signature application must be able to use and understand
    1. XML-namespaces [XML-namespaces] within its own signature syntax. Applications may optionally choose C14N algorithms which do or do not process namespaces within XML content.
    2. XLink [Xlink]. Applications will use XLink locators within the signature manifest to reference signed resources. Signature applications will not embed or expand XLink references in the signed content, though applications may optionally choose C14N algorithms which provide this feature.
    3. XML-Pointers [XPointer]. Applications will reference/select parts of XML documents using XML-Pointer within an XLink locator. [Reagle, WS-list(1)]
  2. Implementation/Design Philosophy
    1. XML Signatures will be developed as part of the broader Web design philosophy of decentralization, URIs, Web data [WebData], modularity/layering/extensibility, and assertions as statements about statements. [Reagle]
    2. The ability to leverage existing cryptographic provider (and infrastructure) primitives is desirable.  [List(Solo)]

Requirements: Model and Syntax

Signature Data Model and Syntax

  1. The XML-Signature data structures will be predicated on an RDF data model [RDF] but need not use the RDF serialization syntax. [Charter]
  2. XML-Signatures can be applied to any Web resource -- including non-XML content. XML-Signature referents are identified with XML locators (URIs or fragments) within the manifest that refer to external or internal resources (i.e., network accessible or within the same XML document/package). [Berners-Lee, Reagle, Brown, List(Vincent)]
    1. Entries may include explicit content type information. [List(Solo)]
  3. XML-Signatures are first class objects themselves and consequently can be referenced and signed. [Berners-Lee, Reagle]
  4. Algorithm Identification
    1. Whenever possible, any resource or algorithm identifier is a first class object, and addressable by a URI. [Beners-Lee, Reagle]
    2. Ability to specify algorithms independently and to reference the algorithms linked to standard algorithm specifications (e.g. OIDs) [List(Solo)]
  5. XML-Signatures must be able to apply to the original version of an included/encoded resource. [WS-list (Brown/Himes)]

Requirements: Format


  1. An XML-Signature is XML. [Charter]
  2. An XML document of a certain type must still be recognizable as its original type when signed. [WS-summary]
  3. XML-Signature will provide a mechanism that facilitates the production of composite documents -- by addition or deletion --  while preserving the signature characteristics (integrity, authentication, and non-repudiatability) of the consituent parts. [Charter, Brown, List(Bugbee)]
  4. ?Packaging?

Requirements: CryptoProcessing


  1. The solution shall provide indifferently for digital signature and message authentication codes, considering symmetric and asymmetric authentication schemes as well as dynamic negotiation of keying material. [Brown]


  1. In the event of redundant attributes within the XML Signature syntax and relevant cryptographic blobs, XML Signature applications prefer the XML Signature semantics. [Reagle]

Requirements: Coord


The XML Signature specification should meet the requirements of the following applications:

  1. Internet Open Trading Protocol v2.0 [Charter]
  2. Financial Services Mark Up Language v2.0 [Charter]

To ensure the above requirements are adequately addressed, the XML Signature specification must be reviewed by a designated member of the following communities:

  1. XML Syntax Working Group [Charter]
  2. XML Linking Working Group [Charter]
  3. XML Schema Working Group [Charter]
  4. Metadata Coordination Group [Charter]
  5. ?W3C Internationalization Interest Group?