The XML-Signature specification will describe how to a digitally sign a Web resource in
general, and an XML document in particular. [Charter] The specification will not specify
methods of providing confidentiality though the Working Group may report on the
feasibility of such work in a future or rechartered activity. [List(Bugbee)]
The meaning of the signature is very simple: The XML signature syntax associates
the cryptographic signature value with Web resources using XML markup.
The WG is not chartered to specify trust semantics, but syntax and processing rules
necessary for communicating signature validity (authenticity, integrity and
non-repudiation). [Charter(Requirement1)]
The XML signature syntax must be highly extensible such that it can support arbitrary
application/trust semantics and assertion capabilities -- that can also be signed. For
example, potential trust applications include sophisticated timestamps, endorsement, and
threshold signature schemes. At the Chairs' discretion and in order to test the
extensibility the syntax, the WG may produce non-standard-track proposals defining common
semantics relevant to signed assertions about Web resources and their relationships in a
schema definition (XML/RDF) or link
type definition (XLink). [Charter(Requirement1&4),
List(Bugbee,
Solo)]
Validity and Identity
Only enough information necessary to check the validity of the cryptographic signature need
be provided. [Reagle]
Each signature shall be associated with information to identify the signer
and/or the cryptographic information required to validate the signature. [List(Solo)]
