📄 rfc2807.txt
字号:
1. The specification must permit arbitrary cryptographic signature
and message authentication algorithms, symmetric and asymmetric
authentication schemes, and key agreement methods. [Brown]
2. The specification must specify at least one mandatory to implement
signature canonicalization, content canonicalization, hash, and
signature algorithm.
3. In the event of redundant attributes within the XML Signature
syntax and relevant cryptographic blobs, XML Signature
applications prefer the XML Signature semantics. Comment: Another
possibility is that an error should be generated, however it isn't
where a conflict will be flagged between the various function and
application layers regardless.
4. The signature design and specification text must not permit
implementers to erroneously build weak implementations susceptible
to common security weaknesses (such as as downgrade or algorithm
substitution attacks).
3.4 Coordination
1. The XML Signature specification should meet the requirements of
the following applications:
1. Internet Open Trading Protocol v1.0 [IOTP]
2. Financial Services Mark Up Language v2.0 [Charter]
3. At least one forms application [XFA, XFDL]
Reagle Informational [Page 5]
RFC 2807 XML Signature Requirements July 2000
2. To ensure that all requirements within this document are
adequately addressed, the XML Signature specification must be
reviewed by a designated member of the following communities:
1. XML Syntax Working Group: canonicalization dependencies.
[Charter]
2. XML Linking Working Group: signature referents. [Charter]
3. XML Schema Working Group: signature schema design. [Charter]
4. Metadata Coordination Group: data model design. [Charter]
5. W3C Internationalization Interest Group: [AC Review]
6. XML Package Working Group: signed content in/over packages.
7. XML Fragment Working Group: signing portions of XML content.
Comment: Members of the WG are very interested in signing and
processing XML fragments and packaged components. Boyer asserts
that [XML-fragment] does not "identify non-contiguous portions of
a document in such a way that the relative positions of the
connected components is preserved". Packaging is a capability
critical to XML Signature applications, but it is clearly
dependent on clear trust/semantic definitions, package application
requirements, and even cache-like application requirements. It is
not clear how this work will be addressed.
4. Security Considerations
This document lists XML Digital Signature requirements as they relate
to the signature syntax, data model, format, cryptographic
processing, and external requirements and coordination. In that
context much of this document is about security.
5. References
AC Review Misha Wolf. "The Charter should include the I18N WG
in the section on `Coordination with Other
Groups'", http://lists.w3.org/Archives/Team/xml-
dsig-review/1999May/0007.html
Berners-Lee Axioms of Web Architecture: URIs.
http://www.w3.org/DesignIssues/Axioms.html Web
Architecture from 50,000 feet
http://www.w3.org/DesignIssues/Architecture.html
Brown-XML-DSig Work in Progress. Digital Signatures for XML
http://www.w3.org/Signature/Drafts/xmldsig-
signature-990618.html
Charter XML Signature (xmldsig) Charter.
http://www.w3.org/1999/05/XML-DSig-charter-
990521.html
Reagle Informational [Page 6]
RFC 2807 XML Signature Requirements July 2000
DOMHASH Maruyama, H., Tamura, K. and N. Uramoto, "Digest
Values for DOM (DOMHASH)", RFC 2803, April 2000.
FSML FSML 1.5 Reference Specification
http://www.echeck.org/library/ref/fsml-v1500a.pdf
Infoset-Req XML Information Set Requirements Note.
http://www.w3.org/TR/1999/NOTE-xml-infoset-req-
19990218.html
IOTP Burdett, D., "Internet Open Trading Protocol - IOTP
Version 1.0", RFC 2801, April 2000.
IOTP-DSig Davidson, K. and Y. Kawatsura, "Digital Signatures
for the v1.0 Internet Open Trading Protocol
(IOTP)", RFC 2802, April 2000.
Oslo Minutes of the XML Signature WG Sessions at IETF
face-to-face meeting in Oslo.
RDF RDF Schema
http://www.w3.org/TR/1999/PR-rdf-schema-19990303
RDF Model and Syntax
http://www.w3.org/TR/1999/REC-rdf-syntax-19990222
Signature WG List http://lists.w3.org/Archives/Public/w3c-ietf-
xmldsig/
URI Berners-Lee, T., Fielding, R. and L. Masinter,
"Uniform Resource Identifiers (URI): Generic
Syntax", RFC 2396, August 1998.
http://www.ietf.org/rfc/rfc2396.txt
WS
(list, summary) XML-DSig '99: The W3C Signed XML Workshop
http://www.w3.org/DSig/signed-XML99/
http://www.w3.org/DSig/signed-XML99/summary.html
XLink XML
Linking Language http://www.w3.org/1999/07/WD-xlink-19990726
XML Extensible Markup Language (XML) Recommendation.
http://www.w3.org/TR/1998/REC-xml-19980210
Reagle Informational [Page 7]
RFC 2807 XML Signature Requirements July 2000
XML-C14N XML Canonicalization Requirements.
http://www.w3.org/TR/1999/NOTE-xml-canonical-req-
19990605
XFA XML Forms Architecture (XFA)
http://www.w3.org/Submission/1999/05/
XFDL Extensible Forms Description Language (XFDL) 4.0
http://www.w3.org/Submission/1998/16/
XML-Fragment XML-Fragment Interchange
http://www.w3.org/1999/06/WD-xml-fragment-
19990630.html
XML-namespaces Namespaces in XML
http://www.w3.org/TR/1999/REC-xml-names-19990114
XML-schema XML Schema Part 1: Structures
http://www.w3.org/1999/05/06-xmlschema-1/
XML Schema Part 2: Datatypes
http://www.w3.org/1999/05/06-xmlschema-2/
XPointer XML Pointer Language (XPointer)
http://www.w3.org/1999/07/WD-xptr-19990709
WebData Web Architecture: Describing and Exchanging Data.
http://www.w3.org/1999/04/WebData
6. Acknowledgements
This document was produced as a collaborative work item of the XML
Signature (xmldsig) Working Group.
7. Author's Address
Joseph M. Reagle Jr., W3C
XML Signature Co-Chiar
Massachusetts Institute of Technology
Laboratory for Computer Science
W3C, NE43-350
545 Technology Square
Cambridge, MA 02139
Phone: 1.617.258.7621
EMail: reagle@w3.org
URL: http://www.w3.org/People/Reagle
Reagle Informational [Page 8]
RFC 2807 XML Signature Requirements July 2000
8. Full Copyright Statement
Copyright (c) 2000 The Internet Society & W3C (MIT, INRIA, Keio), All
Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
Reagle Informational [Page 9]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -