XML Signature Fundamentals - Security

XML Signature combines the utility and power of digital signature technology with the power and flexibility of XML. An XML Signature is itself a piece of XML, and there is a corresponding XML Schema for how this XML will be structured. Within the XML Signature itself are references—URIs—to what is being digitally signed. These references are quite flexible as they can point to items within the same document or be external. Also, a single XML document can contain multiple XML Signatures. This flexibility and power make XML Signature technology somewhat complex when you consider the details. However, the basic concepts are not very difficult to understand, and the structure for an XML Signature, which is always rooted at the Signature element, provides a nice guide for understanding how XML Signatures work.

---

XML Signature Requirements - Understanding the formal requirements that were provided/gathered by the W3C Working Group can help you understand why certain parts of the standards turned out the way they did. The following are some of the key requirements that stand out (you can see the full requirements at http://www.w3.org/TR/xmldsig-requirements):

• XML Signatures apply to any resource addressable by a "locator" (uniform resource identifier), including non-XML content.

• XML Signatures must be able to apply to a part or the whole XML document.

• Multiple XML Signatures must be able to exist over the static content of a Web resource.

• The specification must permit the use of varied digital signature and message authentication codes, such as symmetric and asymmetric authentication schemes as well as dynamic agreement of keying material.

Other specified requirements affect the resulting standards as well, but considering these four demonstrates that XML Signatures are not just a simple application of digital signature technology on a piece of XML text. They are much more.

---