XML Signature Current Status

This page summarizes the relationships among specifications, whether they are finished standards or drafts. Below, each title links to the most recent version of a document.

Completed Work

W3C Recommendations have been reviewed by W3C Members, by software developers, and by other W3C groups and interested parties, and are endorsed by the Director as Web Standards. Learn more about the W3C Recommendation Track.

Group Notes are not standards and do not have the same level of W3C endorsement.



XML Signature Syntax and Processing Version 1.1

Add content here.


XML Signature Properties

Add content here.


Decryption Transform for XML Signature

This document specifies an XML Signature "decryption transform" that enables XML Signature applications to distinguish between those XML Encryption structures that were encrypted before signing (and must not be decrypted) and those that were encrypted after signing (and must be decrypted) for the signature to validate.


XML-Signature XPath Filter 2.0

XML Signature [XML-DSig] recommends a standard means for specifying information content to be digitally signed and for representing the resulting digital signatures in XML. Some applications require the ability to specify a subset of a given XML document as the information content to be signed. The XML Signature specification meets this requirement with the XPath transform. However, this transform can be difficult to implement efficiently with existing technologies. This specification defines a new XML Signature transform to facilitate the development of efficient document subsetting implementations that interoperate under similar performance profiles.

Group Notes


XML Signature Syntax and Processing Version 2.0

XML Signature 2.0 evolves the transform model of XML Signature to enable easier and more efficient implementations of the specification.


Test cases for Canonical XML 2.0

This document outlines test cases for Canonical XML 2.0, a major revision of XML canonicalization. It currently includes tests from Canonical XML 1.0 and new tests related to XML namespace handling.


XML Security 1.1 Requirements and Design Considerations

Add content here.


XML Signature Streaming Profile of XPath 1.0

This document defines a streamable profile of XPath 1.0 suitable for use with XML Signature 2.0.


XML Security 2.0 Requirements and Design Considerations

This document outlines use cases, requirements and design choices for XML Security 2.0, specifically Canonical XML 2.0 and XML Signature 2.0. It includes a proposed simplification of the XML Signature Transform mechanism, intended to enhance security, performance, streamability and to ease adoption.


XML Security RELAX NG Schemas

This document serves to publish RELAX NG schemas for XML Security specifications, including XML Signature 1.1, and XML Signature Properties.


XML Encryption 1.1 CipherReference Processing using 2.0 Transforms

This document specifies how the XML Signature 2.0 transform model may be used with XML Encryption 1.1 for CipherReference processing.


XML Security Algorithm Cross-Reference

Add content here.


XML Signature Best Practices

Add content here.


Functional Explanation of Changes in XML Signature 1.1


XML Security Generic Hybrid Ciphers

Generic hybrid ciphers allow for a consistent treatment of asymmetric ciphers when encrypting data and consist of a key encapsulation algorithm with associated parameters and a data encapsulation algorithm with associated parameters. This document augments XML Encryption Version 1.1 by defining algorithms, XML types and elements necessary to enable use of generic hybrid ciphers in XML Security applications.


XML Signature 1.1 Interop Test Report


XML Signature Transform Simplification: Requirements and Design

Add content here.


XML Security Derived Keys

Add content here.


Test Cases for C14N 1.1 and XMLDSig Interoperability

This document defines interoperability test cases for Canonical XML 1.1 [XML-C14N1.1] and XML Signature Syntax and Processing, Second Edition [XMLDSIG2]. The changes tested include C14N11 handling of attributes in the XML namespace, including xml:id and xml:base, appropriate C14N11 nodeset to octet stream transform processing, modifications to RFC 3986 dot segment processing for C14N11, and RFC 4514 string encoding of Distinguished Names. The tests include standalone C14N11 tests as well as tests integrated with XML signature generation and validation. This document also includes earlier test cases used in XML Signature [XMLDSIG] for regression testing.


Using XML Digital Signatures in the 2006 XML Environment

This technical note describes how to use the XML Digital Signature Recommendation [XMLDSIG] in a way consistent with the present (fall 2006) XML environment. In particular, this note takes into account the recent xml:id Version 1.0 [XMLID] Recommendation, and work in progress towards a Canonical XML Version 1.1 [C14N11] Recommendation.

This note suggests constraints on the use of XML Signature, and relies on extension points present in the XML Digital Signature Recommendation. This note does not override any aspect of that Recommendation.

Obsolete Specifications

These specifications have either been superseded by others, or have been abandoned. They remain available for archival purposes, but are not intended to be used.



XML-Signature Requirements

This document lists the design principles, scope, and requirements for the XML Digital Signature specification. It includes requirements as they relate to the signature syntax, data model, format, cryptographic processing, and external requirements and coordination.


Digital Signature Label Architecture