Public comment is invited through September 17, 2001 on the Proposed Recommendation release of XML-Signature Syntax and Processing. Issued by the IETF/W3C XML Signature Working Group as a joint IETF and W3C draft, the XML digital signature specification provides for integrity, message authentication, and signer authentication services. The PR document "specifies XML syntax and processing rules for creating and representing digital signatures. XML Signatures can be applied to any digital content (data object), including XML. An XML Signature may be applied to the content of one or more resources. Enveloped or enveloping signatures are over data within the same XML document as the signature; detached signatures are over data external to the signature element. More specifically, this specification defines an XML signature element type and an XML signature application; conformance requirements for each are specified by way of schema definitions and prose respectively. This specification also includes other useful types that identify methods for referencing collections of resources, algorithms, and keying and management information. The XML Signature is a method of associating a key with referenced data (octets); it does not normatively specify how keys are associated with persons or institutions, nor the meaning of the data being referenced and signed. Consequently, while this specification is an important component of secure XML applications, it itself is not sufficient to address all application security/trust concerns, particularly with respect to using signed XML (or other data formats) as a basis of human-to-human communication and agreement. Such an application must specify additional key, algorithm, processing and rendering requirements."
Specification Section 9 supplies the XML-Signature Schema, DTD, Data Model, and Valid Examples: (1) XML Signature Schema Instance [Valid XML schema instance based on the 20001024 Schema/DTD]; (2) XML Signature DTD; (3) RDF Data Model; (4) XML Signature Object Example [a cryptographical fabricated XML example that includes foreign content and validates under the schema, it also uses schemaLocation to aid automated schema fetching and validation]; (5) RSA XML Signature Example [an XML Signature example with generated cryptographic values by Merlin Hughes and validated by Gregor Karlinger]; (6) DSA XML Signature Example [similar to above but uses DSA].
Bibliographic information: XML-Signature Syntax and Processing. W3C Proposed Recommendation 20-August-2001. Issued by the IETF/W3C XML Signature Working Group. W3C Version URL: http://www.w3.org/TR/2001/PR-xmldsig-core-20010820/. IETF Version URL: http://www.ietf.org/internet-drafts/draft-ietf-xmldsig-core-2-01.txt. Latest version URL: http://www.w3.org/TR/xmldsig-core/. Previous version URL: http://www.w3.org/TR/2001/CR-xmldsig-core-20010419/. Edited by Donald Eastlake, Joseph Reagle, and David Solo. Authored by Mark Bartel, John Boyer, Barb Fox, Brian LaMacchia, and Ed Simon.