XMLDSIG Requirements
Donald E. Eastlake 3rd
<dee3@us.ibm.com>
8 November 1999, 46th IETF Meeting
Scope
Includes
- XML syntax signature
- Over any web resource (URI reference)
- Specification of canonicalization method for signature information
- Easy extensibility
- Conform to XML Recommendations & Web Architecture
Excludes
- Trust semantics
- Confidentiality
- Requirement of identity info beyond cryptographicly needed keying info.
Requirements, Syntax
- Can be applied to part of all of a document.
- Support multiple signatures with varied keys, content transformations, and algorithms.
- Signatures and algorithms are first class objects.
- Support asymmetric and symmetric signature algorithms and key agreement.
- Apply to original or encoded version of a document.
- Based on a data model.
Requirements, Format
- XML digital signature is an XML element.
- Can be included within the document signed.
- Facilitates the production of composite documents while preserving the signature of the
consituent parts.
- Signatures may be embedded within or encapsulate XML or encoded content.
Requirements,
Crypto & Processing
- Permit arbitrary signature, digest, and key agreement algorithms.
- Specify at least one mandatory to implement canonicalization, hash, and signature
algorithm.
- Protect against common security weaknesses such as algorithm downgrade.
Requirements, Coordination
Support
- IOTP 2 (TRADE WG)
- eCheck/FSML 2 (FSTC)
- Form application
XML WGs:
- Syntax, Linking, Schema, Metadata, Internationalization, Package, Fragment
Requirements Document