XML Signature Core Syntax
David Solo dsolo@alum.mit.edu
draft-ietf-xmldsig-core-01.txt
22 October 1999
Top level structure
<Signature>
<SignedInfo>
<SignatureValue>
<KeyInfo>?
<Object>*
</Signature>
- KeyInfo is not signed, but may be bound
- Some objects defined
SignedInfo
<SignedInfo>
<CanonicalizationMethod>?
<SignatureMethod>
<ObjectReference ID= Location= Type=? >
<Transforms>?
<DigestMethod>
<DigestValue>
</ObjectReference>+
</SignedInfo>
- No default for c14nMethod, null if absent
Location Issues
- Should it be signed
- Form - URI or Idref
- Location ="" denotes this document
- Location absent assumes application knows
- only allowed if a single ObjectReference is present
Method syntax
<xxxMethod Algorithm= >
<Parameter>*
</xxxMethod>
- Still discussion on structure for parameters
Transforms
<Transforms>
<Transform>+
</Transforms>
<Transform Algorithm= Encoding= Type= Charset= >
ANY
</Transform>
- Applied in order to associated object prior to digest
- No defaults, only perform what is explicit
- encode/decode, c14n, Xpath, XSLT,
.
Object
<Object ID= Type= Encoding=>
ANY
</Object>
- Can carry any type of data
- Specific definitions for
- Manifest
- Package
- SignatureProperties
Algorithms
- Required
- SHA1
- Base64
- HMAC-SHA1
- DSAwithSHA1
- Minimal c14n
- Recommended
- RSAwithSHA1
- XML c14n
- XSLT, Xpath, Xpointer
- Optional