XML Digital Signatures
Activity Statement

Work on Digital Signatures is being managed as part of W3C's Technology and Society domain.

  1. Introduction
  2. Role of W3C
  3. Current Situation and Accomplishments
  4. What the Future Holds
  5. Contact

Introduction

Digital signatures provide integrity, signature assurance and non-repudiatability over Web data. Such features are especially important for documents that represent commitments such as contracts, price lists, and manifests. In view of recent Web technology developments, future work will address the digital signing of XML -- and any of its applications such as RDF (Resource Description Framework) or P3P (Platform for Privacy Preferences). This capability is critical for a variety of electronic commerce applications, including payment tools.

Concepts Simply Explained

Overview

Digital signatures are created and verified using cryptography, the branch of applied mathematics concerned with transforming messages into seemingly unintelligible forms and then back again. Digital signatures are created by performing an operation on information such that others can confirm that a holder of a secret performed the operation and that the signed information has not subsequently changed. In a symmetric key system, both the sender and receiver need to be privy to the secret. In the public key cryptographic system, the holder of the private (secret) key signs information, but anyone with access to the public key can confirm that the signature is valid. The novel feature of public key cryptography is that knowledge of the public key used to confirm signatures does not reveal information about the private key itself.

Web data and digital signatures

Structured information permits data to be readily read, exchanged, and acted upon by Web agents. The scope of such information often includes media-independent data for electronic publishing, electronic commerce and -- critically -- information about other information (metadata). The W3C's Extensible Markup Language (XML) Recommendation specifies a standard syntax for structuring Web documents. The content of the document structure is arbitrary; anyone can create a XML data structure (be it a bibliographic format or cooking recipe) as long as it is well-formed. By adding the ability to associate the semantics of the structured information to a resource one has the capability to make assertions about it! The W3C's Resource Description Framework (RDF) Recommendation as well as the work on the XML Linking Language provide this capability. For example, "The resource at http://example.com/~foo.html   has a bibliographic entry as follows ...." The combination of metadata and digital signature capabilities will aid in building a genuine Web of Trust.

Role of W3C

This Working Group is a joint activity of the W3C and the IETF.

Current Situation and Accomplishments

All chartered deliverables have been completed.

The XML-Signature Requirements specification completed W3C Last Call in August 1999, and has been published as Informational RFC 2807.

In February 2002, the XML Signature Syntax and Processing specification was published as a W3C Recommendation. One month later it was published as Draft Standard RFC 3275. As of April 2002, there are 15 implementations reporting interoperability, 3 of which are open source.

In July 2002, the Exclusive Canonicalization specification was published as a Recommendation. As of September 2002, there are 6 implementations reporting interoperability, 2 of which are open source.

In November 2002, the XML-Signature XPath Filter 2.0 specification was published as a Recommendation. At that time, there are 5 implementations reporting interoperability, 2 of which are open source.

What the Future Holds

The XML Signature Working Group charter terminated on 2002-12-31. The mailing list may be used for discussion discussion of errata, operational experience, and requirements for new work.

Contact

Joseph M. Reagle Jr., <[email protected]> W3C Activity Lead and Co-Chair