rfc2807.txt

著名的RFC文档,其中有一些文档是已经翻译成中文的的.

   1. The specification must permit arbitrary cryptographic signature
      and message authentication algorithms, symmetric and asymmetric
      authentication schemes, and key agreement methods. [Brown]
   2. The specification must specify at least one mandatory to implement
      signature canonicalization, content canonicalization, hash, and
      signature algorithm.
   3. In the event of redundant attributes within the XML Signature
      syntax and relevant cryptographic blobs, XML Signature
      applications prefer the XML Signature semantics.  Comment: Another
      possibility is that an error should be generated, however it isn't
      where a conflict will be flagged between the various function and
      application layers regardless.
   4. The signature design and specification text must not permit
      implementers to erroneously build weak implementations susceptible
      to common security weaknesses (such as as downgrade or algorithm
      substitution attacks).

3.4 Coordination

   1. The XML Signature specification should meet the requirements of
      the following applications:
         1. Internet Open Trading Protocol v1.0 [IOTP]
         2. Financial Services Mark Up Language v2.0 [Charter]
         3. At least one forms application [XFA, XFDL]



Reagle                       Informational                      [Page 5]

RFC 2807               XML Signature Requirements              July 2000


   2. To ensure that all requirements within this document are
      adequately addressed, the XML Signature specification must be
      reviewed by a designated member of the following communities:
         1. XML Syntax Working Group: canonicalization dependencies.
            [Charter]
         2. XML Linking Working Group: signature referents. [Charter]
         3. XML Schema Working Group: signature schema design. [Charter]
         4. Metadata Coordination Group: data model design. [Charter]
         5. W3C Internationalization Interest Group:  [AC Review]
         6. XML Package Working Group: signed content in/over packages.
         7. XML Fragment Working Group: signing portions of XML content.
      Comment: Members of the WG are very interested in signing and
      processing XML fragments and packaged components. Boyer asserts
      that [XML-fragment] does not "identify non-contiguous portions of
      a document in such a way that the relative positions of the
      connected components is preserved". Packaging is a capability
      critical to XML Signature applications, but it is clearly
      dependent on clear trust/semantic definitions, package application
      requirements, and even cache-like application requirements. It is
      not clear how this work will be addressed.

4. Security Considerations

   This document lists XML Digital Signature requirements as they relate
   to the signature syntax, data model, format, cryptographic
   processing, and external requirements and coordination. In that
   context much of this document is about security.

5. References

   AC Review         Misha Wolf. "The Charter should include the I18N WG
                     in the section on `Coordination with Other
                     Groups'", http://lists.w3.org/Archives/Team/xml-
                     dsig-review/1999May/0007.html

   Berners-Lee       Axioms of Web Architecture: URIs.
                     http://www.w3.org/DesignIssues/Axioms.html Web
                     Architecture from 50,000 feet
                     http://www.w3.org/DesignIssues/Architecture.html

   Brown-XML-DSig    Work in Progress. Digital Signatures for XML
                     http://www.w3.org/Signature/Drafts/xmldsig-
                     signature-990618.html

   Charter           XML Signature (xmldsig) Charter.
                     http://www.w3.org/1999/05/XML-DSig-charter-
                     990521.html




Reagle                       Informational                      [Page 6]

RFC 2807               XML Signature Requirements              July 2000


   DOMHASH           Maruyama, H., Tamura, K. and N. Uramoto, "Digest
                     Values for DOM (DOMHASH)", RFC 2803, April 2000.

   FSML              FSML 1.5 Reference Specification
                     http://www.echeck.org/library/ref/fsml-v1500a.pdf

   Infoset-Req       XML Information Set Requirements Note.
                     http://www.w3.org/TR/1999/NOTE-xml-infoset-req-
                     19990218.html

   IOTP              Burdett, D., "Internet Open Trading Protocol - IOTP
                     Version 1.0", RFC 2801, April 2000.

   IOTP-DSig         Davidson, K. and Y. Kawatsura, "Digital Signatures
                     for the v1.0 Internet Open Trading Protocol
                     (IOTP)", RFC 2802, April 2000.

   Oslo              Minutes of the XML Signature WG Sessions at  IETF
                     face-to-face meeting in Oslo.

   RDF               RDF Schema
                     http://www.w3.org/TR/1999/PR-rdf-schema-19990303
                     RDF Model and Syntax
                     http://www.w3.org/TR/1999/REC-rdf-syntax-19990222

   Signature WG List http://lists.w3.org/Archives/Public/w3c-ietf-
                     xmldsig/

   URI               Berners-Lee, T., Fielding, R. and L. Masinter,
                     "Uniform Resource Identifiers (URI): Generic
                     Syntax", RFC 2396, August 1998.
                     http://www.ietf.org/rfc/rfc2396.txt

   WS
   (list, summary)   XML-DSig '99: The W3C Signed XML Workshop
                     http://www.w3.org/DSig/signed-XML99/
                     http://www.w3.org/DSig/signed-XML99/summary.html

   XLink XML
   Linking Language  http://www.w3.org/1999/07/WD-xlink-19990726

   XML               Extensible Markup Language (XML) Recommendation.
                     http://www.w3.org/TR/1998/REC-xml-19980210








Reagle                       Informational                      [Page 7]

RFC 2807               XML Signature Requirements              July 2000


   XML-C14N          XML Canonicalization Requirements.
                     http://www.w3.org/TR/1999/NOTE-xml-canonical-req-
                     19990605

   XFA               XML Forms Architecture (XFA)
                     http://www.w3.org/Submission/1999/05/

   XFDL              Extensible Forms Description Language (XFDL) 4.0
                     http://www.w3.org/Submission/1998/16/

   XML-Fragment      XML-Fragment Interchange
                     http://www.w3.org/1999/06/WD-xml-fragment-
                     19990630.html

   XML-namespaces    Namespaces in XML
                     http://www.w3.org/TR/1999/REC-xml-names-19990114

   XML-schema        XML Schema Part 1: Structures
                     http://www.w3.org/1999/05/06-xmlschema-1/
                     XML Schema Part 2: Datatypes
                     http://www.w3.org/1999/05/06-xmlschema-2/

   XPointer          XML Pointer Language (XPointer)
                     http://www.w3.org/1999/07/WD-xptr-19990709

   WebData           Web Architecture: Describing and Exchanging Data.
                     http://www.w3.org/1999/04/WebData

6. Acknowledgements

   This document was produced as a collaborative work item of the XML
   Signature (xmldsig) Working Group.

7. Author's Address

   Joseph M. Reagle Jr., W3C
   XML Signature Co-Chiar
   Massachusetts Institute of Technology
   Laboratory for Computer Science
   W3C, NE43-350
   545 Technology Square
   Cambridge, MA 02139

   Phone:  1.617.258.7621
   EMail:  reagle@w3.org
   URL:    http://www.w3.org/People/Reagle





Reagle                       Informational                      [Page 8]

RFC 2807               XML Signature Requirements              July 2000


8.  Full Copyright Statement

   Copyright (c) 2000 The Internet Society & W3C (MIT, INRIA, Keio), All
   Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Acknowledgement

   Funding for the RFC Editor function is currently provided by the
   Internet Society.


















Reagle                       Informational                      [Page 9]