Home arrow Security arrow Page 3 - Safeguarding the Identity and Integrity of XML Messages

XML Signature Structure - Security

XML Signature and XML Encryption, two of the three major pillars of the WS-Security standard, are so predominant in current thinking about Web Services Security that some people mistake them as the only strategy for securing Web services. This is really not the case at all. Read more in this chapter from Securing Web Services with WS-Security, by Rosenberg and Remy (ISBN 0672326515, SAMS, 2004).

TABLE OF CONTENTS:
  1. Safeguarding the Identity and Integrity of XML Messages
  2. XML Signature Fundamentals
  3. XML Signature Structure
  4. Types of XML Signatures
  5. The Signature Element Schema
  6. XML Signature Processing
  7. XML Signature Validation
  8. The XML Signature Elements
  9. Canonicalization Actions from Canonical XML Version 1.0
  10. The SignatureMethod Element
  11. The Reference Element
  12. The Transform Element
  13. XPath Filtering Transform
  14. Enveloped Signature Transform
  15. XPath Filter 2.0 Transform
  16. The DigestMethod Element
  17. The Object Element
  18. The Manifest Element
  19. The KeyInfo Element
  20. Security Strategies for XML Signature
  21. Summary
By: Sams Publishing
Poor Best
Rating: starstarstarstarstar / 7
September 09, 2004

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

In the following sections, we review the XML Signature element's basic structure and discuss its most significant aspects. We stay high level at first and then provide more detail further into the chapter.

Basic Structure

Before we delve deeply into the syntax of the Signature element, let's discuss it in concept first. At a very basic level, an XML Signature contains four major items, with the third and fourth being optional:

  1. A set of pointers (references) to things to be signed

  2. The actual signature

  3. (Optional) The key (or a way to look up the key) for verifying the signature

  4. (Optional) An Object tag that can contain miscellaneous items not included in the first three items

The syntax of the Signature element is shown in Listing 4.1.

Listing 4.1 The Syntax of the <Signature> Element

<Signature>
  <SignedInfo>
    (CanonicalizationMethod)
    (SignatureMethod)
    (<Reference (URI=)? >
      (Transforms)?
      (DigestMethod)
      (DigestValue)
    </Reference>)+
  </SignedInfo>
  (SignatureValue)
  (KeyInfo)?
  (Object)*
</Signature>

Listing 4.2 is a highly oversimplified XML Signature snippet to give you a feel for what an XML Signature might look like if it is cut down to its bare essence.

Listing 4.2 A Highly Simplified XML Signature Snippet

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
 <SignedInfo>
  <Reference URI="http://www.foo.com/secureDocument.html" />
 </SignedInfo>
 <SignatureValue>...</SignatureValue>
 <KeyInfo>...
 </KeyInfo>
</Signature>

In this example, the three children of the Signature element are the SignedInfo element, the SignatureValue element, and the KeyInfo element. The SignedInfo element contains information about what is being signed, the SignatureValue element contains the actual signature bits, and the KeyInfo element contains information about the public key needed to validate this digital signature. Of course, this example is highly simplified; there is more detail to each of these elements, and there are more elements to discuss. However, these are the most significant three elements within a typical XML Signature.

Specifying the Items Being Signed

The set of pointers, represented by the Reference element, can point to an internal resource in the XML document, in which case they point to an XML node, or they can be external. If they are external, they can point to a binary or non-XML file (for example, an image or text document), or they can point to another XML document or even a node within another XML document. We discuss this usage in more depth in the section titled "The Reference Element." The content behind these references is what is being signed.

Understanding this reference concept is important because it can affect the meaning and usage of XML Signatures substantially. Most descriptions of XML Signature describe three classifications of XML Signatures: Enveloping, Enveloped, and Detached. Each reflects where the Reference element is pointing. Let's go through these three types of XML Signatures and then come back to that point.

SamsThis chapter is from Securing Web Services Security with WS-Security, by Jothy Rosenberg and David Remy (Sams, 2004, ISBN: 0672326515). Check it out at your favorite bookstore today.

Buy this book now.



 
 
>>> More Security Articles          >>> More By Sams Publishing
 

blog comments powered by Disqus
   

SECURITY ARTICLES

- Secure Your Business for Data Privacy Day
- Google Testing Security Fob Password Alterna...
- Security News Highlights Concerns
- Going to Extremes for Data Security
- Skipfish Website Vulnerability Scanner
- Critical Microsoft Visual Studio Security Pa...
- US Faces Tech Security Expert Deficit
- LAN Reconnaissance
- An Epilogue to Cryptography
- A Sequel to Cryptography
- An Introduction to Cryptography
- Security Overview
- Network Security Assessment
- Firewalls
- What’s behind the curtain? Part II
Find More Security Articles

Developer Shed Affiliates

 

© 2003-2013 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap

Dev Shed Tutorial Topics: