Copyright © 2009 W3C® (MIT, ERCIM, Keio), All Rights Reserved. W3C liability, trademark and document use rules apply.
This Note summarizes XML Security algorithm URI identifiers and the specifications associated with them.
This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at http://www.w3.org/TR/.
This is a First Public Working Draft of "XML Security Algorithm Cross-Reference."
This document is intended to serve as a cross-reference to various commonly used XML security specifications. It does not include any normative requirements of its own.
This document was developed by the XML Security Working Group.
Please send comments about this document to public-xmlsec-comments@w3.org (with public archive).
Publication as a Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.
This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. The group does not expect this document to become a W3C Recommendation. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.
1 Introduction
2 Namespaces
3 Signature
Algorithms
3.1 DSA
3.2 RSA
3.3 Elliptic Curve
DSA
3.4 HMAC
4 Digest Methods
4.1 MD5
4.2 SHA
variants
4.3 RIPEMD-160
5 Symmetric Key Encryption
Algorithms
5.1 Block Encryption
Algorithms DES
6 Key Transport
Algorithms
7 Key Agreement Algorithm
URIs
8 Symmetric Key Wrap
Algorithm URIs
9 Canonicalization
Algorithms
9.1 Inclusive
Canonicalization
9.2 Exclusive
Canonicalization
10 Transform
Algorithms
11 Retrieval method type
identifiers
12 References
The various XML Security specifications have defined a number of algorithms of various types, while allowing and expecting additional algorithms to be defined later. Over time, these identifiers have been defined in a number of different specifications, including XML Signature, XML Encryption, RFCs and elsewhere.
This makes it difficult for users of the XML Security specifications to know whether and where a URI for an algorithm of interest has been defined, and can lead to the use of incorrect URIs. The purpose of this Note is to collect the various known URIs at the time of its publication and indicate the specifications in which they are defined in order to avoid confusion and errors.
This note is not intended as an exhaustive list of all known related identifiers, some of which may have been defined by other standards or specifications. Furthermore, this note is not to be taken as normative regarding the information provided; if information here conflicts with the referenced specification, the specification takes precedence in all cases.
The architecture of the XML Security specifications
distinguishes between the (universally useful) identifiers
for algorithms and the roles that these algorithms can take.
Roles are identified through elements like
ds:SignatureMethod
,
ds:DigestMethod
,
ds:CanonicalizationMethod
, or
ds:Transform
, whereas the algorithms are
identified through URIs. Explicit parameters for the
respective algorithms are transmitted in child elements of
the role element.
This specification uses the following XML namespace prefixes:
ds
http://www.w3.org/2000/09/xmldsig#
xenc
http://www.w3.org/2001/04/xmlenc#
dsig11
http://www.w3.org/2009/xmldsig11#
dsigmore
http://www.w3.org/2001/04/xmldsig-more#
Algorithm URIs have been coined in a variety of namespaces, and are always given in full.
The algorithms listed in this section are typically used
in the signature algorithm role, identified through the
ds:SignatureMethod
role element ([XMLDSIG2e], section 4.3.2). Each
signature method takes an octet-stream as input, and produces
a signature value (an octet-stream that is always base64
encoded, see
section 4.2 of [XMLDSIG2e]).
A container for key material,
ds:DSAKeyValue
, is defined in
section 4.4.2.1 of [XMLDSIG2e]. When used with
ds:RetrievalMethod
, this container type is
identified through the URI
http://www.w3.org/2000/09/xmldsig#DSAKeyValue
.
Implementation of this algorithm is required in both [XMLDSIG] and [XMLDSIG2e].
This section lists variants of the RSA algorithm. A
container for key material, ds:RSAKeyValue
, is
defined in
section 4.4.2.2 of [XMLDSIG]. When used with
ds:RetrievalMethod
, this container type is
identified through the URI
http://www.w3.org/2000/09/xmldsig#RSAKeyValue
.
We only list the algorithm URI for RSA-MD5 for the sake of completeness. The cryptographic strength of the MD5 algorithm is sufficiently doubtful that its use is not recommended at this time.
Implementation of this algorithm is recommended in [XMLDSIG] and [XMLDSIG2e].
This algorithm is under consideration as a mandatory to implement algorithm for a future version of XML Signature [XMLDSIG11].
This section lists various variants of the Elliptic
Curve DSA (ECDSA) algorithm. A container for key material,
dsigmore:ECDSAKeyValue
, is defined in [RFC4050]. No
ds:RetrievalMethod
type URI is defined for
this container.
Work is under way to revise this container format.
This algorithm is under consideration as a mandatory to implement algorithm for a future version of XML Signature [XMLDSIG11].
The following URIs have been defined for various Message
Authentication Codes that use the HMAC construction
[RFC2104]. All of these algorithms
take an explicit truncation length parameter. A container
for this parameter,
ds:HMACOutputLength
, is defined in section
6.3.1 of [XMLDSIG2e]. This
container occurs as a child element of the role
element.
This algorithm is used as the default MAC algorithm in [XKMS2]. It is mandatory to implement in XML Signature [XMLDSIG], [XMLDSIG2e].
This algorithm is under consideration as a recommended algorithm for a future version of XML Signature [XMLDSIG11].
The following URIs have been defined for Digest Methods.
They are typically used in the
ds:DigestMethod
role in [XMLDSIG]. Note that
ds:DigestMethod
also occurs as in the context of
xenc:AgreementMethod
, as specified in the
Key Agreement part of [XMLENC].
We only list the algorithm URI for MD5 for the sake of completeness. The cryptographic strength of this algorithm is sufficiently doubtful that its use is not recommended at this time.
Note that URIs for the various algorithms of the Secure Hash Algorithm family have been coined in a number of name spaces and specifications, specifically [XMLDSIG] (and, in this regard identically, [XMLDSIG2e]), [XMLENC], and [RFC4051].
SHA-1 is the only digest algorithm defined in [XMLDSIG2e], and is mandatory to implement in that specification, and in [XMLENC]. Given recent cryptographic research, however, future versions of the XML Signature specification are likely to recommend use of other, stronger digest algorithms over use of SHA-1, while maintaining SHA-1 as a mandatory to implement algorithm.
This algorithm is under consideration as a mandatory to implement algorithm for a future version of XML Signature [XMLDSIG11]. It is recommended in [XMLENC].
The following URIs have been defined for symmetric key
encryption algorithms. They typically appear in the
xenc:EncryptionMethod
role.
This algorithm is mandatory to implement in [XMLENC].
This algorithm is mandatory to implement in [XMLENC].
This algorithm is mandatory to implement in [XMLENC].
The following URIs have been defined for key transport algorithms.
This algorithm is mandatory to implement in [XMLENC].
The following URIs have been defined for key agreement algorithms.
While this is the only key agreement algorithm defined in [XMLENC], it is optional to implement.
A container for key material for this key agreement
algorithm, xenc:DHKeyValue
, is defined in
section 5.5.2 of [XMLENC]. When used with
ds:RetrievalMethod
, this container type is
identified through the URI
http://www.w3.org/2001/04/xmlenc#dh
.
This algorithm is under consideration as a mandatory to implement algorithm for a future version of XML Encryption. [XMLENC11].
The following URIs have been defined for symmetric key wrap algorithms.
This algorithm is mandatory to implement in [XMLENC].
This algorithm is mandatory to implement in [XMLENC].
This algorithm is mandatory to implement in [XMLENC].
Canonicalization algorithms are used in [XMLDSIG]; they are typically used in the
ds:CanonicalizationMethod
and
ds:Transform
roles.
Canonical XML 1.0 [C14N1.0] without comments is mandatory to implement in both XML Signature [XMLDSIG] and XML Signature Second Edition [XMLDSIG2e]. XML Signature Second Edition recommends use of Canonical XML 1.1 [C14N1.1] over use of Canonical XML 1.0 when inclusive canonicalization is desired, to address known issues with Canonical XML 1.0.
The canonicalization methods listed in this section accept a node-set or octet-stream as input, and produce an octet-stream as output.
This algorithm is mandatory to implement in [XMLDSIG] and [XMLDSIG2e].
This algorithm is mandatory to implement in [XMLDSIG2e]. Its use is recommended over Canonical XML 1.0.
This section lists algorithms that typically occur in the
ds:Transform
role. ds:Transform
is defined in detail in the XML Signature
Reference Processing Model ([XMLDSIG2e], section 4.3.3.2). This
processing model is, in turn, applied both to signed
material, and to key material referenced through
ds:RetrievalMethod
([XMLDSIG2e], section 4.4.3).
The ds:Transform
role element is also used by
the optional xenc:Transforms
feature which is
specified in the context of
xenc:CipherReference
in XML Encryption
([XMLENC], section 3.3.1).
Transform algorithms can take an octet-stream or a node-set as input, and can produce either an octet-stream or a node-set as output.
Implementation is required in [XMLDSIG2e] and [XMLENC].
This transform is required in [XMLDSIG], [XMLDSIG2e].
The ds:RetrievalMethod
element permits
referencing key material that is stored outside a
ds:KeyInfo
element. The type of the material
that results from retrieval of the URI reference (and
possible transform processing) can be identified using the
Type
attribute.
Note: ds:RetrievalMethod
may be
deprecated in future versions of XML Signature, and is rarely
used in practice.
The following Type
values identify an XML
element or document with the given element as its root:
ds:DSAKeyValue
, see
section 4.4.2.1 of [XMLDSIG2e].ds:RSAKeyValue
, see
section 4.4.2.2 of [XMLDSIG2e].ds:X509Data
, see
section 4.4.4 of [XMLDSIG2e].ds:PGPData
, see
section 4.4.5 of [XMLDSIG2e].ds:SPKIData
, see
section 4.4.6 of [XMLDSIG2e].ds:MgmtData
, see
section 4.4.7 of [XMLDSIG2e].ds:KeyValue
, see
section 4.4.2 of [XMLDSIG2e].ds:RetrievalMethod
, see
secion 4.4.3 of [XMLDSIG2e].ds:KeyName
, see
section 4.4.1 of [XMLDSIG2e].dsigmore:PKCS7signedData
, see section 3.1
of [RFC4051].The following Type
values identify the type
of raw binary data: