Two new JSRs (Java Specification Requests) have been published relating to Java APIs for XML digital signature and encryption, proposed for work under the Java Community Process. The Specification Leads are Anthony Nadalin (IBM) and Sean Mullan (Sun). JSR-000105 for XML Digital Signature APIs will "define a standard set of APIs for XML digital signatures services. The XML Digital Signature specification is defined by the W3C; this proposal is to define and incorporate the high level implementation independent Java APIs." JSR-000106 for XML Digital Encryption APIs will "define a standard set of APIs for XML digital encryption services. XML Encryption can be used to perform fine-grained, element-based encryption of fragments within an XML Document as well as encrypt arbitrary binary data and include this within an XML document. Today there is no standard set of APIs for XML digital encryption services."

XML Digital Signature APIs [JSR-000105]

"This JSR is to define a standard set of APIs for XML digital signatures services. The XML Digital Signature specification is defined by the W3C. This proposal is to define and incorporate the high level implementation independent Java APIs." Stated motivation: "Today there is no standard of APIs for XML digital signatures services. This JSR provides a Java API to the XML Digital Signature services... There is no existing specification in JDK 2 SDK for accessing XML Digital Signature via a standard set of APIs."

Specification Leads: Anthony Nadalin (IBM) and Sean Mullan (Sun). Comments for JSR-000105: jsr-105-comments@sun.com

From the JSR-000105 web site description:

"This JSR is to define a standard set of APIs for XML digital signatures services. The XML Digital Signature specification is defined by the W3C. XML Signatures can be applied to any digital content (data object), including XML. An XML Signature may be applied to the content of one or more resources. Enveloped or enveloping signatures are over data within the same XML document as the signature; detached signatures are over data external to the signature element. More specifically, the XML Digital Signature specification defines an XML signature element type and an XML signature application; conformance requirements for each are specified by way of schema definitions and prose respectively. The XML Digital Signature specification also includes other useful types that identify methods for referencing collections of resources, algorithms, and keying and management information."

"The XML Digital Signature specifies XML syntax and processing rules for creating and representing digital signatures. The XML Signature is a method of associating a key with referenced data; it does not normatively specify how keys are associated with persons or institutions, nor the meaning of the data being referenced and signed. Consequently, while the XML Digital Signature specification is an important component of secure XML applications, it itself is not sufficient to address all application security/trust concerns, particularly with respect to using signed XML (or other data formats) as a basis of human-to-human communication and agreement. Such an application must specify additional key, algorithm, processing and rendering requirements and developers must give consideration to their application threat models."

XML Digital Encryption APIs [JSR-000106]

Description: This JSR [JSR-00010] is to define a standard set of APIs for XML digital encryption services. XML Encryption can be used to perform fine-grained, element-based encryption of fragments within an XML Document as well as encrypt arbitrary binary data and include this within an XML document. Today there is no standard set of APIs for XML digital encryption services. This JSR provides a Java API to the XML Digital encryption services... There is no existing specification in JDK 2 SDK for accessing XML Digital Encryption via a standard set of APIs... This JSR is to define a standard set of APIs for XML digital encryption services. XML Encryption can be used to perform fine-grained, element-based encryption of fragments within an XML Document as well as encrypt arbitrary binary data and include this within an XML document. The representation of the encrypted data and keying material must be both efficient and flexible while using existing functionality within J2SE. XML encryption must provide consistency and compatibility with exiting XML Digital Signature specification as defined by the W3C. The proposed package name for the API Specification is javax.security.xml.enc. JSR-000106 Specification Lead: Anthony Nadalin (IBM).

Current work: The JSR-000106 cites three "existing documents, specifications, or implementations that describe the technology": (1) W3C/IETF XML Signature specification; (2) Java Cryptography Extension; (3) PKCS Specifications. "These documents describe the XML Digital signature standard developed by the World Wide Web Consortium (W3C) and the Internet Engineering Task Force (IETF), this describes the basic element format and also the Java Cryptography Extension that can be used to form the bases of a set of Java APIs.