World Wide Web Consortium Issues XML Signature as a W3C Recommendation

R. A. Hettinga rah at shipwright.com
Sat Feb 16 00:12:37 EST 2002


http://www.w3.org/2002/02/xmlsignature-pressrelease




World Wide Web Consortium Issues XML Signature as a W3C Recommendation

Joint work with IETF produces XML-based solution for digital signatures,
foundation for Secure Web services

Contact America --
Janet Daly, <janet at w3.org>, +1.617.253.5884 or +1.617.253.2613
Contact Europe --
Marie-Claire Forgue, <mcf at w3.org>, +33.492.38.75.94
Contact Asia --
Saeko Takeuchi <saeko at w3.org>, +81.466.49.1170


(also available in French and Japanese)


Testimonials are also available.
------------------------------------------------------------------------

http://www.w3.org/ -- 14 February 2002 -- The World Wide Web Consortium
(W3C) has issued XML-Signature Syntax and Processing (XML Signature) as a
W3C Recommendation, representing cross-industry agreement on an XML-based
language for digital signatures. A W3C Recommendation indicates that a
specification is stable, contributes to Web interoperability, and has been
reviewed by the W3C Membership, who favor its widespread adoption.

"XML Signature is a critical foundation on top of which we will be able to
built more secure Web services," explained Tim Berners-Lee, W3C Director.
"By offering basic data integrity and authentication tools, XML Signature
provides new power for applications that enable trusted transactions of all
sorts."

Digital Signatures are Essential to Web Services

Digital signatures are created and verified using cryptography, the branch
of applied mathematics concerned with transforming messages into seemingly
unintelligible forms and then back again. Digital signatures are created by
performing an operation on information such that others can confirm both
the identity of the signer, and the fidelity of the information. This
capability is important to a growing number of XML protocol, publishing and
commerce applications.

XML Signature Combines Data Integrity with Extensibility

While there are technologies one can use to sign an XML file, XML Signature
brings two additional benefits.

First, XML Signature can be implemented with and use many of the same
toolkits one is using for XML applications.

Second, XML Signature can process XML as XML instead of a single large
document. This means multiple users may apply signatures to sections of
XML, not simply the whole document.

As more commercial applications are used to send XML documents through a
series of intermediaries, the ability to sign sections of a document
without invalidating other portions is invaluable, whether for invoices,
orders, or applications.

One may independently sign an XML payload from the XML envelope that
carries it for a short period. As a result, when you remove, add or change
the protocol envelope the signature on the payload itself is still valid.

Similarly, XML Signature provides flexibility when a signed XML form is
delivered to a user. If the signature were over the full XML form, any
change by the user to the default form values would invalidate the original
signature. XML Signature permits both the original form and user's entries
to be independently signed without invalidating the other.

And of course, while XML Signature is tailored to XML processing, it can be
used to sign any data, such as a PNG image.

XML Signature Supports XML Encryption and Key Management

XML Signature serves as the foundation for other ongoing W3C work including
XML Encryption, which provides a mechanism to secure parts of XML
documents, and XML Key Management, which provides a simple protocol for
lightweight XML applications to obtain the key necessary for signature and
encryption.

IETF/W3C Brings Together Industry Experts; Public Review

The XML Signature Working Group is the first joint W3C/IETF Working Group,
and is the first W3C technical Working Group to operate entirely as a
public group. This provided independent developers with a clear window on
the XML Signature work in all stages of development, and brought a wide
range of implementation experience. XML Signature already enjoys
significant support and deployment, as highlighted in the testimonials.

Participants in the joint IETF/W3C Working Group included representatives
from organizations whose lead research and commercial work in the area of
digital signatures and security, including Accelio, Baltimore, Capslock,
Citigroup, Corsec, Georgia State University, IAIK TU Graz, IBM, Microsoft,
Motorola, Pure Edge, Reuters Health, Signio, Sun Microsystems, University
of Siegen, University of Waterloo, VeriSign Inc., and XMLsec.

About the World Wide Web Consortium [W3C]

The W3C was created to lead the Web to its full potential by developing
common protocols that promote its evolution and ensure its
interoperability. It is an international industry consortium jointly run by
the MIT Laboratory for Computer Science (MIT LCS) in the USA, the National
Institute for Research in Computer Science and Control (INRIA) in France
and Keio University in Japan. Services provided by the Consortium include:
a repository of information about the World Wide Web for developers and
users, and various prototype and sample applications to demonstrate use of
new technology. To date, over 500 organizations are Members of the
Consortium. For more information see http://www.w3.org/


------------------------------------------------------------------------

Press Release


------------------------------------------------------------------------
------------------------------------------------------------------------


Testimonials


------------------------------------------------------------------------



-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list