W3C | Submissions

Team Comment on the SOAP Security Extensions: Digital Signature Submission

W3C is pleased to receive the SOAP Security Extensions: Digital Signature specification from International Business Machines Corporation and Microsoft Corporation.

The SOAP-SEC submission specifies how to use XML Signature with SOAP via envelop headers.

First, it imports two optional envelop headers for use in SOAP-SEC: "actor" can be used to indicate the recipient of a header element; "mustUnderstand" indicates whether an application MUST attempt validation of the enclosed Signature. While the example provided is of a detached signature, (<Signature> is a sibling of the element signed), enveloping and enveloped signatures are permitted, where <Signature> is an ancestor or descendant respectively. XML Signature can work with arbitrary content, but it's use with these SOAP headers might be of interest to the XML Protocol Working Group as a usage scenario for mandatory/optional signature validation over messages.

Second, the submission defines a global attribute "ID" in the SOAP-SEC namespace that is defined to always be of type ID. This can be used by applications as a referent of a Signature to unambiguously identify and reference elements. W3C Working Groups, especially XML Signature, might consider generalizing and standardizing this approach for use by all XML applications.

Next Steps

This submission will be referred to the attention of the XML Protocol Working Group and the XML Signature Working Group email lists for the reasons stated above.

Disclaimer: Placing a Submission on a Working Group/Interest Group agenda does not imply endorsement by either the W3C Staff or the participants of the Working Group/Interest Group, nor does it guarantee that the Working Group/Interest Group will agree to take any specific action on a Submission.

Joseph Reagle, Team Contact for the XML Signature Working Group <reagle@w3.org>