HomeSecurity Page 21 - Safeguarding the Identity and Integrity of XML Messages
Summary - Security
XML Signature and XML Encryption, two of the three major pillars of the WS-Security standard, are so predominant in current thinking about Web Services Security that some people mistake them as the only strategy for securing Web services. This is really not the case at all. Read more in this chapter from Securing Web Services with WS-Security, by Rosenberg and Remy (ISBN 0672326515, SAMS, 2004).
XML Signature is the latest and greatest technology for you to use to ensure integrity and non-repudiation (to the extent possible). Its remarkable flexibility allows you to sign parts or all of XML documents as well as binary and remote objects.
Despite the depth and size of this chapter, the medium-level concepts behind XML Signature and the way it works are not difficult to understand. An XML Signature is represented by a Signature element. The core elements of an XML Signature are the SignedInfo and SignatureValue elements. The SignedInfo element contains the CanonicalizationMethod, the SignatureMethod, and one or more Reference elements. The Reference elements contain URIs (pointers) to resources to be signed, zero or more Transform elements, a DigestMethod, and a DigestValue. Transforms are algorithms that modify the resource being referenced in some way. The SignedInfo element and all its descendents are canonicalized and signed, using the specified algorithms, with the result put into the SignatureValue element.
In addition to SignedInfo and SignatureValue, a Signature can have two other optional elements: Object and KeyInfo. The Object element is a flexible element typically used to contain items to be signed and/or other information about the Signature. The Object element may contain a SignatureProperties element, which is a place to put properties about an XML Signature such as the time the Signature occurred. Also, an Object element could contain a Manifest, which is a set of Reference elements, formatted exactly like SignedInfo, with the only difference being the application is notified if a Reference from a Manifest fails validation; whereas if a Reference from SignedInfo fails validation, the entire signature fails. KeyInfo provides the key, or a pointer to the key, needed to validate the XML Signature.
The Reference URI is quite flexible and can point to resources in a variety of ways. There are three types of References, also known as XML Signature types: Enveloping Signatures, in which the Signature element wraps the item being signed; Enveloped Signatures, in which the Signature element is a descendent of the resource being signed; and Detached Signatures, in which the resource being pointed to is none of the above. Detached Signatures can have Reference URIs pointing to an XML element within the current document (but not to an ancestor node), to a binary file such as a GIF image, or to all or part of an external XML document.
We have spent extra time on helping you to understand XML Signature primarily because it is the first of the XML Security standards and is fundamental to the newer XML and Web Services Security standards. A good familiarity with XML Signature will help you understand the following standards, as well as provide you with a powerful tool for securing your Web services applications.
In the next chapter, we look at XML Signature's sibling standard: XML Encryption.