Copyright © 2012 W3C® (MIT, ERCIM, Keio), All Rights Reserved. W3C liability, trademark and document use rules apply.
This document provides a summary of non-editorial changes in XML Signature 1.1 from the XML Signature Second Edition Recommendation.
This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at http://www.w3.org/TR/.
In the case of any difference between this document and the XML Signature 1.1 specification [XMLDSIG-CORE1], the XML Signature 1.1 specification is authoritative.
This document was published by the XML Security Working Group as a First Public Working Group Note. If you wish to make comments regarding this document, please send them to public-xmlsec@w3.org (subscribe, archives). All feedback is welcome.
Publication as a Working Group Note does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.
This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.
This document summarizes non-editorial changes in XML Signature 1.1 from the XML Signature Second Edition Recommendation.
ECDSA-SHA1
(optional),
ECDSA-SHA256
(required),
ECDSA-SHA384
(optional), and ECDSA-SHA512
(optional)SHA224
(optional), SHA256
(required), SHA384
(optional),
SHA512
(optional)RSAwithSHA256
(required),
RSAwithSHA384
(optional),RSAwithSHA512
(optional)For all algorithms added, algorithm identifiers and information were added to the specification.
SHA-1
but allow it for compatibility
SHA-1
use is DISCOURAGED (but support is still required).SHA-1
to state that use is DISCOURAGED (but still required).HMAC-SHA1
to state that use is DISCOURAGEDDSAwithSHA1
is only required as
Signature algorithm
for Signature verification, but is optional for Signature
generation. Previously it was required for both. RSA-SHA1
and ECDSA-SHA1
is
DISCOURAGED.SHA-1
HMAC-SHA256
to requiredHMAC-SHA384
, HMAC-SHA512
to
recommended (from
optional).HMACOutputLength
parameter in
SignatureMethod
KeyInfo
ChangesECKeyValue
, ECParameters
DEREncodedKeyValue
KeyInfo
child elements
EncryptedKey
and DerivedKey
ElementsDEREncodedKeyValue
- new representation for
public keysKeyInfoReference
- alternative to RetrievalMethod
access to a
KeyInfo
element that does not require use of a Transform
RetrievalMethod
that
a Transform
is needed to obtain
content of KeyInfo
referenced by ID
KeyInfoReference
element instead of
RetrievalMethod
X509Data
Changesdsig11:OCSPResponse
to list of elements that may
be includeddsig11:X509Digest
to list of elements that may
be included, to support reference via base64-encoded digest of a
certificateX509IssuerSerial
and
possible issue with schema validation when large serial numbers are
used. X509Data
in explicitly trusted scenarios.Reference
validation since changes
could occur in serialization after Signature
generation.
SHA-256
in preference to
SHA-1