XML Signature Requirements
RFC 2807

Document Type RFC - Informational (July 2000; No errata)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf htmlized bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state RFC 2807 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                           J. Reagle
Request for Comments: 2807                                        W3C/MIT
Category: Informational                                         July 2000

                       XML Signature Requirements

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (c) 2000 The Internet Society & W3C (MIT, INRIA, Keio), All
   Rights Reserved.

Abstract

   This document lists the design principles, scope, and requirements
   for the XML Digital Signature specification. It includes requirements
   as they relate to the signature syntax, data model, format,
   cryptographic processing, and external requirements and coordination.

Table of Contents

   1. Introduction .............................................. 1
   2. Design Principles and Scope ............................... 2
   3. Requirements .............................................. 4
        3.1. Signature Data Model and Syntax .................... 4
        3.2. Format ............................................. 5
        3.3. Cryptography and Processing ........................ 5
        3.4 Coordination ........................................ 5
   4. Security Considerations ................................... 6
   5. References ................................................ 6
   6. Acknowledgements .......................................... 8
   7. Author's Address .......................................... 8
   8. Full Copyright Statement .................................. 9

1. Introduction

   The XML 1.0 Recommendation [XML] describes the syntax of a class of
   data objects called XML documents. The mission of this working group
   is to develop a XML syntax used for representing signatures on
   digital content and procedures for computing and verifying such
   signatures.  Signatures will provide data integrity, authentication,
   and/or non-repudiability.

Reagle                       Informational                      [Page 1]
RFC 2807               XML Signature Requirements              July 2000

   This document lists the design principles, scope, and requirements
   over three things: (1) the scope of work available to the WG, (2) the
   XML signature specification, and (3) applications that implement the
   specification. It includes requirements as they relate to the
   signature syntax, data model, format, cryptographic processing, and
   external requirements and coordination. Those things that are
   required are designated as "must", those things that are optional are
   designated by "may", those things that are optional but recommended
   are designated as "should".

2. Design Principles and Scope

   1. The specification must describe how to sign digital content, and
      XML content in particular. The XML syntax used to represent a
      signature (over any content) is described as an XML Signature.
      [Charter]
   2. XML Signatures are generated from a hash over the canonical form
      of a signature manifest. (In this document we use the term
      manifest to mean a collection of references to the objects being
      signed. The specifications may use the terms manifest, package or
      other terms differently from this document while still meeting
      this requirement.) The manifest must support references to Web
      resources, the hash of the resource content (or its canonicalized
      form), and (optionally) the resource content type. [Brown,
      List(Solo)] Web resources are defined as any digital content that
      can be addressed using the syntax of XLink locator [XLink]).
   3. The meaning of a signature is simple:  The XML Signature syntax
      associates the content of resources listed in a manifest with a
      key via a strong one-way transformation.
      1. The XML Signature syntax must be extensible such that it can
         support arbitrary application/trust semantics and assertion
         capabilities -- that can also be signed.
         [Charter(Requirement1&4), List(Bugbee, Solo)]
      2. The WG is not chartered to specify trust semantics, but syntax
         and processing rules necessary for communicating signature
         validity (authenticity, integrity and non-repudiation).
         [Charter(Requirement1)] At the Chairs' discretion and in order
         to test the extensibility of the syntax, the WG may produce
         non-critical-path proposals defining common semantics (e.g.,
         manifest, package, timestamps, endorsement, etc.) relevant to
         signed assertions about Web resources in a schema definition
         [XML, RDF] or link type definition [XLink].
      Comment: A more formal definition of a signed resource is below.
      The notation is "definition(inputs):constraints" where definition
      evaluates as true for the given inputs and specified constraints.
Show full document text