[Search] [pdf|bibtex] [Tracker] [WG] [Email] [Nits]

Versions: 00                                                            
Internet Draft                                          Richard D. Brown
                                                          GlobeSet, Inc.
Expires July 1999                                           January 1999




                       Digital Signatures for XML
                       ------- ---------- --- ---

                            Richard D. Brown
                             GlobeSet, Inc.


Status of This Document

   This draft, file name draft-brown-xml-dsig-00.txt, is intended to be
   become a Proposed Standard RFC.  Distribution of this document is
   unlimited. Comments should be sent to the DSIG mailing list <xml-
   dsig@socratic.org> or to the author.

   This document is an Internet-Draft.  Internet-Drafts are working
   documents of the Internet Engineering Task Force (IETF), its areas,
   and its working groups.  Note that other groups may also distribute
   working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six
   months.  Internet-Drafts may be updated, replaced, or obsoleted by
   other documents at any time.  It is not appropriate to use Internet-
   Drafts as reference material or to cite them other than as a
   ``working draft'' or ``work in progress.''

   To view the entire list of current Internet-Drafts, please check the
   "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
   Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern
   Europe), ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific
   Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast).



Abstract

   A syntax and procedures for the computation and verification of XML
   digital signatures is specified.











Richard D. Brown                                                [Page 1]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


Table of Contents

      Status of This Document....................................1
      Abstract...................................................1

      Table of Contents..........................................2

      1. Introduction............................................4
      2. Objective and Requirements..............................4
      3. Signature Basics........................................5
      3.1 Signature Element......................................5
      3.2 Resource Element.......................................5
      3.3 Other Attributes Element...............................6
      3.4 Originator and Recipient Information Elements..........6
      3.5 Key Agreement Algorithm Element........................7
      3.6 Signature Algorithm Element............................8
      4. Signature Principles....................................8
      4.1 Enabling Signature in XML Applications.................8
      4.2 Encapsulating Arbitrary Contents.......................9
      4.3 Implementing Endorsement..............................10
      4.4 Supporting Composite Documents........................10
      4.5 Facilitating One-pass Processing......................11
      5. Detailed Signature Syntax..............................12
      5.1 Namespace Attributes..................................12
      5.2 dsig:eval Global Attribute............................13
      5.3 Uniform Resource Names................................14
      5.4 Document..............................................14
      5.5 DigestAlgorithm.......................................15
      5.6 Algorithm.............................................16
      5.7 Parameter.............................................16
      5.8 Package...............................................17
      5.9 ContentInfo...........................................18
      5.10 Value................................................18
      5.11 Signatures...........................................19
      5.12 Signature............................................19
      5.13 Manifest.............................................20
      5.14 Resource.............................................20
      5.15 Locator..............................................21
      5.16 Digest...............................................21
      5.17 Attributes...........................................22
      5.18 Attribute............................................22
      5.19 Date.................................................23
      5.20 OriginatorInfo.......................................24
      5.21 RecipientInfo........................................24
      5.22 Identifier...........................................25
      5.23 IssuerAndSerialNumber................................25
      5.24 SignatureAlgorithm...................................26
      5.25 Certificates.........................................26
      5.26 Certificate..........................................26
      5.27 Integer..............................................27


Richard D. Brown                                                [Page 2]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


      5.28 Real.................................................28
      5.29 Keyword..............................................28
      5.30 Resources............................................29
      6. Supported Algorithms...................................29
      6.1 Digest Algorithms.....................................30
      6.2 Key Agreement Algorithms..............................30
      6.3 Key Exchange Aglorithms...............................30
      6.4 Signature Algorithms..................................31
      6.5 SHA1..................................................31
      6.6 DOM-HASH..............................................31
      6.7 XHASH.................................................32
      6.8 PKCS12-PBE............................................32
      6.9 HMAC..................................................33
      6.10 DSA..................................................33
      6.11 RSA..................................................33
      6.12 ECDSA................................................34
      7. Uniform Resource Names.................................34
      8. Certificate Supplement.................................34
      9. Conformance Requirements...............................35
      10. Examples..............................................35
      10.1 Signature DTD - Embedded Content.....................35
      10.2 Signature DTD - Detached Signature...................37
      10.3 Extended DTD - Domain-specific Attribute.............38
      11. Signature DTD.........................................40
      12. Security Considerations...............................41

      References................................................42
      Author's Address..........................................42
      Expiration and File Name..................................42























Richard D. Brown                                                [Page 3]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


1. Introduction

   XML, the Extensible Markup Language [XML], is a syntactical standard
   elaborated by the World Wide Web Consortium.  XML is a subset of an
   existing and widely used international text processing standard known
   as SGML (Standard Generalized Markup Language). XML is intended
   primarily for structuring data exchanged and served over the World
   Wide Web.

   As it is anticipated that XML will be widely used in the exchange of
   business and commercial data, and it has been already established
   that digital signatures will play an important role in enabling
   electronic commerce, the necessity to promote a digital signature
   standard for general XML documents becomes evident.

   Drafted with IOTP (Internet Open Trading Protocol) requirements in
   mind, this document has been further enhanced as comments were
   received and alternative proposals disclosed. It is now expected that
   it provides a more general solution to signing XML documents.



2. Objective and Requirements

   The objective of this document is to propose syntax and procedures
   for the computation and verification of digital signatures applicable
   to general XML documents.

   This proposal has been established in light of the requirements that
   have been gathered while reviewing diverse projects and alternative
   approaches such as IOTP [draft-ietf-trade-iotp-v1.0-protocol-*.txt],
   eCheck [x], BIPS [x], SDML [x], and XMLDSIG [x]. The following
   requirements have been identified:

   -- The solution shall provide a means for building authentication
      into XML applications, but shall also propose an XML alternative
      to binary signature syntax for signing arbitrary contents.

   -- The solution shall provide indifferently for digital signature and
      message authentication codes, considering symmetric and asymmetric
      authentication schemes as well as dynamic negotiation of keying
      material.

   -- The solution shall provide a mechanism that eases the production
      of composite documents that consist of the combination by addition
      or deletion of authenticated blocks of information, while
      preserving verifiability of the origin and authenticity of these
      blocks of information.




Richard D. Brown                                                [Page 4]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


   -- The solution shall enable authentication of part or totality of an
      XML document.

   -- The solution shall enable authentication of internal and external
      resources.

   -- The solution shall provide for extended signature functionality
      such as co-signature, endorsement, plurality of recipients, etc.



3. Signature Basics



3.1 Signature Element

   This specification consists primarily of the definition of an XML
   element known as the Signature element. This element is comprised of
   two sub-elements. The first one is a set of authenticated attributes,
   known as the signature Manifest, which comprises such things as a
   unique reference to the resource being authenticated and an
   indication of the keying material and algorithms being used. The
   second sub-element consists of the digital signature value.

      <Signature>
          <Manifest>
              (resource information block)
              (originator information block)
              (recipient information block)
              (other attributes)
              (signature algorithms information block)
          </Manifest>
          <Value encoding= "encoding scheme">
              (encoded signature value)
          <Value>
      </Signature>

   The digital signature is not computed directly from the pieces of
   information to be authenticated. Instead, the digital signature is
   computed from a set of authenticated attributes (the Manifest), which
   include a reference to, and a digest of, these pieces of information.
   The authentication is therefore "indirect".



3.2 Resource Element

   The Resource element consists of a unique and unambiguous reference
   to the resource being authenticated. It is constructed of a locator,


Richard D. Brown                                                [Page 5]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


   a fingerprint, and optionally a content-type qualifier.

      <Resource>
          <Locator href= "resource locator"/>
          <ContentType type= "type qualifier"/>
          <Digest>
              (digest information block)
          </Digest>
      </Resource>

   The resource locator is implemented as a simple XML Link [XLink].
   This not only provides a unique addressing scheme for internal and
   external resources, but also facilitates authentication of composite
   documents.



3.3 Other Attributes Element

   The Attributes element consists of a collection of Attribute elements
   that could be used for inserting specific pieces of information
   directly into the Signature element. An Attribute element is
   constructed of a type, a criticality, and a value.

      <Attributes>
          <Attribute type='signing-time' critical='true'>
              <Date value='1998-10-28T08:15-0500'>
          </Attribute>
          <Attribute type='private-type' critical='false'>
              (ANY attribute value)
          </Attribute>
      </Attributes>

   The attribute value consists of ANY content that is defined in the
   application DTD. Nevertheless, to facilitate the adoption of such as
   'signing-time.'



3.4 Originator and Recipient Information Elements

   The purpose of the Originator and Recipient information elements
   consists of providing identification and keying material for these
   respective parties.








Richard D. Brown                                                [Page 6]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


      <OriginatorInfo>
          (identification information block)
          (keying material information block)
      </OriginatorInfo>

      <RecipientInfo>
          (identification information block)
          (keying material information block)
      </RecipientInfo>

   The actual content of these two elements depends on the
   authentication scheme being used and the existence or non-existence
   of a prior relationship between the parties. In some circumstances,
   it may be quite difficult to distinguish between identification and
   keying material information. A unique reference to a digital
   certificate provides for both. This may also stand true for an
   account number when a prior relationship exists between the parties.

   The Originator information element is mandatory. Depending on the
   existence or non-existence of a prior relationship with the
   recipient, this block either refers to a public credential such as a
   digital certificate or displays a unique identifier known by the
   recipient.

   The Recipient information element may be used when a document
   contains multiple signature information blocks, each being intended
   for a particular recipient.  A unique reference in the Recipient
   information block helps the recipients identify their respective
   Signature information block.

   The Recipient information element may also be used when determination
   of the authentication key consists of a combination of keying
   material provided by both parties. This would be the case, for
   example, when establishing a key by means of Diffie Hellman
   [Schneier] Key Exchange algorithm.



3.5 Key Agreement Algorithm Element

   The Key Agreement Algorithm element indicates the algorithm to be
   used for deriving a one-time session key from a master key. Usage of
   one-time session key prevents some kinds of attack that require a
   large volume of cipher-text to be produced by a given key.

      <KeyAgreementAlgorithm>
          (algorithm information block)
      </KeyAgreementAlgorithm>




Richard D. Brown                                                [Page 7]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


3.6 Signature Algorithm Element

   The Signature Algorithm element indicates the algorithm to be used
   for computation of the signature value.

      <SignatureAlgorithm>
          (algorithm information block)
      </SignatureAlgorithm>

   In consideration of the requirements stated previously, this document
   uses the terminology of "signature" for qualifying indifferently
   signature and authentication schemes. Therefore, the signature
   algorithm mentioned above might refer to a signature algorithm such
   as DSS or to a message authentication code (MAC) such as HMAC.



4. Signature Principles



4.1 Enabling Signature in XML Applications

   As mentioned previously, this specification provides a means for
   building authentication into general XML applications. The mechanism
   adopted herein considers the "XML Namespaces" specifications[x],
   which define the requirements for combining multiple DTDs or parts of
   individual DTD into a single document.

   According to these specifications, an XML application can build
   digital signature support by referring explicitly to the elements
   defined in the Signature DTD. This is accomplished by associating a
   namespace prefix to the Signature DTD and qualifying Signature
   element names by means of this prefix.

   Association of a namespace prefix to a DTD shall be done by means of
   a xmlns attribute, which could appear in any element that either
   refers to or contains sub-elements that refer to elements of the DTD
   considered. A qualified name consists of a namespace prefix, a colon,
   and a name.












Richard D. Brown                                                [Page 8]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


   <Document xmlns:dsig="Signature-DTD-URI">

       <MyElement id="authenticated-infos" ...>
           ...
       </MyElement>

       <dsig:Signature>
           <Manifest>
               <Resource>
                   <Locator href=" #authenticated-infos"/>
                   ...
               </Resource>
               ...
           </Manifest>
           <Value>
               ...
           </Value>
       </dsig:Signature>
   </Document>

   [The XML Namespaces specifications are still work in progress at W3C.
   A final draft should be available soon, as the specifications entered
   "last call" September 16, 1998.

   There are still a few unknowns regarding combination of DTD and use
   of qualified names in an application DTD that inherits definitions
   from another DTD. The current paragraph will be developed, as
   clarifications will be obtained.]



4.2 Encapsulating Arbitrary Contents

   To facilitate encapsulation of arbitrary contents into an XML
   document, the Signature DTD defines a Package element. Quite similar
   to a MIME wrapper, this element provides for such things as content
   type and content encoding.

      <Package>
           <ContentType type= "type qualifier"/>
           <Value encoding= "encoding scheme">
                (safe content)
           </Value>
      </Package>

   Though it addresses a similar purpose, the Package element specified
   by this draft proposal is radically different from the one given in
   the " XML Package" proposal[x]. Such decision has been driven by the
   possibility to leverage other element definitions of this DTD.
   However, the current definition might be amended in time if the


Richard D. Brown                                                [Page 9]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


   Package proposal were to be adopted.



4.3 Implementing Endorsement

   Endorsement consists of signing another signature. To facilitate
   endorsement, the definition of the Signature element provides for an
   element identifier attribute, which can be used to target a Signature
   element from a Resource element.

   <Signature id=" Signature">
       <Manifest>
           <Resource>
               <Locator href=" resource locator"/>
               ...
           </Resource>
           ...
       </Manifest>
       ...
   </Signature>

   <Signature id=" CounterSignature">
       <Manifest>
           <Resource
               <Locator href="# Signature"/>
               ...
           </Resource>
           ...
       </Manifest>
       ...
   </Signature>



4.4 Supporting Composite Documents

   Some protocols consist of the exchange of documents that result from
   the combination by addition or deletion of common information blocks.
   This proposal preserves verifiability of the origin and authenticity
   of these blocks of information as they are exchanged between parties.

   To facilitate creation and verifiability of composite documents, the
   current draft proposal has adopted an element, known as the Resources
   element, which consist of a collection of Resource elements. The
   authentication of the Resources element is sufficient for ensuring
   proper authentication of the blocks of information that it
   references, and verifiability is preserved when individual blocks of
   information are missing.



Richard D. Brown                                               [Page 10]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


      <Block id=" Block01">
          ...
      </Block>

      <Block id=" Block02">
          ...
      </Block>

      <Resources id=" Resources">
          <Resource>
              <Locator href="# Block01"/>
              ...
          </Resource>
          <Resource>
              <Locator href="# Block02">
              ...
          </Resource>
      </Resources>

      <Signature>
          <Manifest>
              <Resource>
                  <Locator href="# Resources">
                  ...
              </Resource>
              ...
          </Manifest
          ...
      </Signature>

   The adoption of simple XML links as resource locators makes possible
   the authentication of composite documents. If IDREFs were used
   instead, it would have been impossible to ensure validity of partial
   documents - some IDREFs could have been left referencing non-embedded
   IDs.



4.5 Facilitating One-pass Processing

   Without further definitions, it would be impossible to determine
   which blocks of information require authentication and which
   algorithms need to be employed before interpretation of the Resource
   elements. These elements being generally located at the end of the
   document, this restriction would prevent computation of the digests
   during acquisition of the blocks of information.

   To facilitate one-pass processing, this specification uses another
   functionality offered by the namespaces proposal. This functionality
   provides for the definition of global attributes that may be used and


Richard D. Brown                                               [Page 11]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


   recognized across multiple elements. This document specifies the
   dsig:eval global attribute, which could be used for identifying the
   blocks of information to be authenticated. This attribute shall
   reference a Digest Algorithms element, which should be declared
   before making use of the attribute.

       <dsig:DigestAlgorithm id="digest-algorithm">
       ...
       </dsig:DigestAlgorithm>

       <MyElement id="authenticated-infos"
           dsig:eval="digest-algorith">
           ...
       </MyElement>

       <dsig:Signature>
           <Manifest>
               <Resource>
                   <Locator href="#authenticated-infos">
                   ...
               </Resource>
               ...
           </Manifest>
           ...
       </dsig:Signature>

   When encountering the dsig:eval global attribute on the Authenticated
   Block element, the XML parser is immediately aware of the requirement
   of computing the digest of this element. All the pieces of
   information necessary for such computation are provided by the Digest
   Algorithm element referenced by the attribute.



5. Detailed Signature Syntax

   Though it is expected that Signature support will be primarily built
   into general XML applications by incorporating definitions of the
   Signature DTD into other XML applications, the Signature DTD defines
   the elements necessary to providing an XML alternative to binary
   signature syntaxes.



5.1 Namespace Attributes

   All the elements defined by the Signature DTD are explicitly bound to
   the XMLDSIG namespace by means of a dsig prefix. In order to make
   sure that every element could be individually imported by other XML
   applications, the element definitions given hereinafter


Richard D. Brown                                               [Page 12]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


   systematically declare a fixed xmlns:dsig attribute.

      <!ELEMENT dsig:element definition...>

      <!ATTLIST dsig:element
          xmlns:dsig   CDATA   #FIXED   %xmldsig.dtd;
          ...
      >

   Recall that many XML applications, presumably including namespaces-
   sensitive ones, fail to require validating processors. For correct
   operation with such applications, namespaces declarations must be
   also provided either directly or via default attributes declared in
   the internal subset of the DTD.



5.2 dsig:eval Global Attribute

   As mentioned previously, this draft proposal specifies a dsig:eval
   global attribute that could be used for identifying a block of
   information to be authenticated.  This attribute shall refer to a
   Digest Algorithms element, which should be declared before making use
   of the attribute.

   The XML Namespaces specifications do not explicitly provide for
   declaration of global attributes. Distinguishing between global
   attributes and element attributes exists only in the prose
   description of such attributes. An essential property of global
   attributes consists nonetheless of the uniqueness of their name that
   is independent of the elements where they are defined.

   The definition of elements that could be subject to authentication
   may define the dsig:eval attribute as follows:

      <!ELEMENT element definition...>

      <!ATTLIST element
          dsig:eval   IDREF   #IMPLIED
      >

   Recall that the namespace prefix that is bound to the XMLDSIG
   namespace shall be defined before being employed. However, such
   definition may occur in the element that defines the dsig:eval
   attribute.

   The reader shall notice that the terminology "dsig:eval" is
   inappropriate and used solely for illustrative purposes. This simply
   means that the name of this attribute is hash and it belongs to the
   XMLDSIG namespace (whatever prefix is used).


Richard D. Brown                                               [Page 13]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


5.3 Uniform Resource Names

   To prevent potential name conflicts in the definition of the numerous
   type qualifiers considered herein, this specification uses Uniform
   Resource Names [RFC 2141]. Nonetheless, the current draft proposal
   leverages established standards such as MIME types by providing
   unambiguous mapping conventions.

   A complete list of proposed URNs is given in appendix. This list is
   temporary and will be submitted for approval to the authors or
   promoters of the algorithms and data types referenced by these URNs.



5.4 Document

   The Document element constitutes the outermost envelope of an XML
   document that conforms to the Signature DTD. The definition of this
   element has been intentionally kept simple and is intended to provide
   an XML alternative to the ASN1 data types Authenticated Data and
   Signed Data defined by CMS[x] and PKCS7[x] binary syntax standards.

   It is expected that this simple, though complete, definition will
   help the adoption of this proposal and facilitate the production of
   conformant implementations by a plurality of providers. This
   definition does not preclude however the definition of more
   sophisticated constructions to be adopted by particular XML
   applications. Such applications may either redefine the Document
   element or promote their own DTD, which shall be partially
   constructed of elements defined by the Signature DTD.

      <!ELEMENT dsig:Document (
          ( dsig:DigestAlgorithms, dsig:Package )?,
          dsig:Signatures, dsig:Certificates?
      )>

      <!ATTLIST dsig:Document
          xmlns:dsig CDATA   #FIXED   %xmldsig.dtd;
      >

   The definition given above has been deemed sufficient for
   implementing the following functionality provided by CMS or PKCS7:
   Authentication of arbitrary contents: This may be done by adequate
      encapsulation and encoding of the arbitrary contents into the
      Package element, which shall be further authenticated by means of
      a Signature element.
   -- Detached signature: This may be done by means of a Signature
      element that refers to a resource external to the document.
   -- Authentication versus signature: The distinction between
      authentication and signature only depends upon the algorithms


Richard D. Brown                                               [Page 14]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


      being employed for computation of the "signature" value.
   -- Plurality of recipients: This consists of the insertion of a
      plurality of Signature elements, each making use of recipient-
      dependent keying material.
   -- Plurality of signers: This consists of the insertion of a
      plurality of Signature elements, each making use of originator-
      dependent keying material.

   Content Description

      DigestAlgorithms: This element has been made mandatory whenever
           the document embeds the contents to be authenticated. This
           element specifies the algorithms to be used for computation
           of the digest of the Package element, thus enabling one-pass
           processing.

      Package:  This element is used for enveloping and encoding of the
           contents to be authenticated.  Whenever employed, this
           element shall make use of the dsig:eval global attribute to
           refer to the Digest Algorithms element described above.

      Signatures:  This element consists of a collection of Signature
           elements.

      Certificates:  This element consists of a collection of
           Certificate elements, which may be required by a given key
           management infrastructure.

   The definition of collection elements (i.e. Certificates and
   Signatures) for the sole purpose of grouping similar sub-elements has
   been adopted for facilitat- ing DOM manipulations.



5.5 DigestAlgorithm

   The purpose of the DigestAlgorithm element consists of specifying the
   algorithm to be employed in the computation of a message digest. This
   element is used either as a standalone element for enabling one-pass
   processing or as a sub-element of the Digest element.

      <!ELEMENT dsig:DigestAlgorithm (dsig:Algorithm)>

      <!ATTLIST dsig:DigestAlgorithms
          xmlns   CDATA   #FIXED   %xmldsig.dtd;
          id      ID      #IMPLIED
      >

   Content Description



Richard D. Brown                                               [Page 15]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


      Algorithm:  Algorithm and parameters to be used for Computation of
           the digest value.

   Attributes Description

      id:  Element identifier that is used on standalone element for
           enabling reference by the dsig:eval global attribute.



5.6 Algorithm

   The current draft proposal has adopted a unique Algorithm data type.
   Though noticeably different from its ASN1 counterpart, this data type
   serves a similar purpose and provides for the definition of
   algorithm-specific parameters. The most noticeable difference with
   ASN1 consists of the assimilation of sub-algorithms as parameters of
   the primary algorithm.

      <!ELEMENT dsig:Algorithm ( dsig:Parameter* )>

      <!ATTRLIST dsig:Algorithm
          xmlns:dsig    PCDATA    #FIXED    %xmldsig.dtd;
          type          PCDATA    #REQUIRED
      >

   Content Description

      Parameter: The contents of an Algorithm element consists of an
           optional collection of Parameter elements which are specified
           on a per algorithm basis.

   Attributes Description

      type:  The type of the algorithm expressed as a Uniform Resource
           Name.



5.7 Parameter

   A Parameter element provides the value of a particular algorithm
   parameter, Whose name and format have been specified fo rthe
   algorithm considered.








Richard D. Brown                                               [Page 16]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


      <!ELEMENT dsig:Parameter ANY>

      <!ATTLIST dsig:Parameter
          xmlns:dsig    PCDATA    #FIXED    %xmldsig.dtd;
          type          PCDATA    #REQUIRED
      >

   Content Description

      ANY:  The contents of a Parameter element consists of ANY valid
           Construct, which is specified on a per algoritm per parameter
           basis.

   Attributes Description

      type:  The type of the parameter expressed as a free form string,
           whose value is specified on a per algorithm basis.



5.8 Package

   The Package element enables encapsulation of an arbitrary content
   into an XML document. Behaving like a MIME wrapper, the Package
   element provides for such things as content type identification and
   content encoding.

      <!ELEMENT dsig:Package (
          dsig:ContentInfo?, dsig:Value
      )>

      <!ATTLIST dsig:Package
          xmlns:dsig    CDATA    #FIXED    %xmldsig.dtd;
          dsig:eval     IDREF    #IMPLIED
          id            ID       #IMPLIED
      >

   Content Description

      ContentInfo:  Type qualifier for the content.

           Value:  Content value.

   Attributes Description

      id: Element identifier that could be used for referencing this
           element from a Resource element.





Richard D. Brown                                               [Page 17]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


5.9 ContentInfo

   The purpose of the ContentInfo element is to describe a given content
   such that a receiving user agent can deal with the data in an
   appropriate manner.

      <!ELEMENT dsig:ContentType EMPTY>

      <!ATTLIST dsig:ContentType
          xmlns:dsig    PCDATA    #FIXED    %xmldsig.dtd;
          type          PCDATA    #REQUIRED
          subtype       PCDATA    #IMPLIED
      >

   Attributes Description

      type:  Type of the content expressed as a Universal Resource Name.

      subtype:  Optional sub-classing of the content type.



5.10 Value

      <!ELEMENT dsig:Value ( #PCDATA )>

      <!ATTLIST dsig:Value
          xmlns:disg      CDATA      #FIXED    %xmldsig.dtd;
          encoding ( base64 | none ) #REQUIRED 'none'
      >

   Content Description

      PCDATA:  Content value after adequate encoding.

   Attributes Description

      encoding:  This attribute specifies the decoding scheme to be
           employed for recovering the original byte stream from the
           content of the element. The current draft proposal recognizes
           the following two schemes:

           none: the content has not been subject to any particular
           encoding. This does not preclude however the use of native
           XML encoding such as CDATA section or XML escaping.

           base64: The content has been encoded by means of the base64
           encoding scheme.




Richard D. Brown                                               [Page 18]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


5.11 Signatures

   The Signatures element consists of a collection of Signature
   elements. As mentioned in a previous paragraph, this element has been
   defined for the purpose of facilitating DOM manipulations.

      <!ELEMENT dsig:Signatures ( dsig:Signature+ )>

      <!ATTLIST dsig:Signatures
           xmlns:dsig    CDATA    #FIXED    %xmldsig.dtd;
      >

   Content Description

      Signature: A collection of Signature elements.



5.12 Signature

   The Signature element constitutes the core of this specification.  It
   is comprised of two sub-elements. The first one is a set of
   attributes, known as the Manifest, which actually constitutes the
   authenticated part of the document.  The second sub-element consists
   of the signature value.

      <!ELEMENT dsig:Signature ( dsig:Manifest, dsig:Value )>

      <!ATTLIST dsig:Signature
          xmlns:dsig    CDATA    #FIXED    %xmldsig.dtd;
          dsig:eval     IDREF    #IMPLIED
          id            ID       #IMPLIED
      >

   Content Description

      Manifest:  A set of attributes that actually constitutes the
           authenticated part of the document.

      Value:  Encoding of the signature value.

   Attributes Description

      id: Element identifier that could be used for referencing the
           Signature element from a Resource element when implementing
           endorsement.






Richard D. Brown                                               [Page 19]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


5.13 Manifest

   The Manifest element consists of a collection of attributes that
   specify such things as a unique reference to the resource being
   authenticated and an indication of the keying material and algorithms
   to be used.

      <!ELEMENT dsig:Manifest (
          dsig:Resource, dsig:Attributes?,
          dsig:OriginatorInfo, dsig:RecipientInfo?,
          dsig:KeyAgreementAlgorithm?, dsig:SignatureAlgorithm
      )>

      <!ATTLIST dsig:Manifest
          xmlns:dsig    PCDATA    #FIXED    %xmldsig.dtd;
      >

           Content Description

      Resource:  Unique and unambiguous reference to the resource being
           authenticated.

      Attributes:  Optional element that consists of a collection of
           complementary attributes to be authenticated.

      OriginatorInfo:  Element that provides dentification and keying
           material information related to the originator.

      RecipientInfo:  Optional element that provides identification and
           keying material information related to the recipient.

      KeyAgreementAlgorithm:  Optional element that indicates the
           algorithm to be used for establishment of a one-time session
           key.

      SignatureAlgorithm: Algorithm to be used for computation of the
           signature value.



5.14 Resource

   The Resource element consists of a unique and unambiguous reference
   to a resource being authenticated. It is comprised of a resource
   locator, a fingerprint, and optionally a content-type qualifier.







Richard D. Brown                                               [Page 20]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


      <!ELEMENT dsig:Resource (
          dsig:ContentInfo?, dsig:Locator, dsig:Digest
      )>

      <!ATTLIST dsig:Resource
          xmlns:dsig    CDATA    #FIXED    %xmldsig.dtd;
      >

   Content Description

      ContentInfo:  Content type qualifier.

      Locator: Locator value that contains either a URI [RFC 2396], a
           fragment identifier, or both. Notice that making use of a
           fragment identifier for a document content other than XML is
           out of the scope of this draft proposal and may lead to
           inconsistent results.

      Digest: Fingerprint of the resource.



5.15 Locator

   The Locator element consists of simple XML link [XLink].  This
   element allows unambiguous reference to a resource or fragment of a
   resource.

      <!ELEMENT dsig:Locator EMPTY>

      <!ATTLIST dsig:Locator
          xmlns:disg    CDATA    #FIXED    %xmldsig.dtd;
          xml:link      CDATA    #FIXED    'simple'
          href          CDATA    #REQUIRED
      >

   Attributes Description

      xml:link  Required XML link attribute that specifies the nature of
           the link (simple in this case).

      href: Locator value that may contains either a URI [RFC 2396], a
           fragment identifier, or both.



5.16 Digest

   The Digest element consists of the fingerprint of a given resource.
   This element is constructed of two sub-elements. This first one


Richard D. Brown                                               [Page 21]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


   indicates the algorithm to be used for computation of the
   fingerprint. The second element consists of the fingerprint value.

      <!ELEMENT dsig:Digest ( dsig:DigestAlgorithm, dsig:Value )>

      <!ATTLIST dsig:Digest
           xmlns:disg    CDATA    #FIXED    %xmldsig.dtd;
      >

   Content Description

      DigestAlgorithm:  Algorithm to be used for computation of the
           fingerprint.

      Value:   Encoding of the fingerprint value.



5.17 Attributes

   The Attributes element consists of a collection of complementary
   attributes, which shall be included in the authenticated part of the
   document.

      <!ELEMENT dsig:Attributes ( dsig:Attribute+ )>

      <!ATTLIST dsig:Attributes
          xmlns:disg    PCDATA    #FIXED    %xmldsig.dtd;
      >

   Content Description

      Attribute:  Collection of Attribute elements.



5.18 Attribute

   The Attribute element consists of a complementary piece of
   information, which shall be included in the authenticated part of the
   document. Though the current draft proposal defines well-known
   attributes, this element has been defined primarily for enabling some
   level of customization in the signature element. An Attribute element
   consists of a value, a type, and a criticality.








Richard D. Brown                                               [Page 22]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


      <!ELEMENT dsig:Attribute ANY>

      <!ATTLIST dsig:Attribute
          xmlns:disg    CDATA       #FIXED        %xmldsig.dtd;
          type          NMTOKEN     #REQUIRED
          critical ( true | false ) #REQUIRED    'false'
      >

   Content Description

      ANY: The actual value of an attribute depends solely upon its
           type.

   Attributes Description

      type:  Type of the attribute.

      critical: Boolean value that indicates if the attribute is
           critical (true) or not (false). A recipient shall reject a
           signature that contains a critical attribute that he does not
           recognize. However, an unrecognized non-critical attribute
           may be ignored.

   Signing-time Attribute

      Standard attribute that could be used for specifying the time at
      which the originator purportedly performed the signature process.
      This attribute content shall be given as a Date element (cf.
      element description). The type identifier of this attribute is
      given in the URN appendix.



5.19 Date

   The Date element consists of a constrained ISO 8601:1998 date and
   time value.

      <!ELEMENT dsig:Date EMPTY>

      <!ATTLIST dsig:Date
          xmlns:disg    CDATA    #FIXED    %xmldsig.dtd;
          value         CDATA    #REQUIRED
      >

   Attributes Description

      value:  Identification data value.

   Date Format


Richard D. Brown                                               [Page 23]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


      The current draft proposal requires date values to be expressed
           according to the following pattern: YYYY '-' MM '-' DD 'T' hh
           ':' mm [':' ss ['.' f+]]('+' | '-') hhmm

      YYYY:  four-digit year
      MM:    two-digit month (01=January, etc.)
      DD:    two-digit day of the month (01-31)
      hh:    two digits of hour (00-23)
      mm:    two digits of minute (00-59)
      ss:    two digits of second (00-59) optional
      f:     digit(s) of fractions of second - optional
      zzzz:  four digits of amount of offset from UTC expressed in hour
           (00-11) and minute (00-59)

      For example "1994-11-05T16:15:02.031-0500" denotes November 5,
           1994, 4:15:02 pm and 31 milliseconds, US Eastern Standard
           Time.



5.20 OriginatorInfo

   The OriginatorInfo element is used for providing identification and
   keying material information for the originator.

      <!ELEMENT dsig:OriginatorInfo ANY>

      <!ATTLIST dsig:OriginatorInfo
           xmlns:disg    PCDATA    #FIXED    %xmldsig.dtd;
      >

   Content Description

      ANY:  Identification and keying material information may consist
           of ANY construct.  Such a definition allows the adoption of
           application-specific schemes.  However, implementations that
           comply with the current DTD MUST be able to recognize and
           process the elements Identifier and IssuerAndSerialNumber
           defined below.



5.21 RecipientInfo

   The RecipientInfo element is used for providing identification and
   keying material information for the recipient. This element is used
   either for enabling recognition of a Signature element by a given
   recipient or when determination of the authentication key consists of
   the combination of keying material provided by both the recipient and
   the originator.


Richard D. Brown                                               [Page 24]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


   Content Description

      The content of this element is similar to the one defined for the
           Originator (cf. OriginatorInfo element descrition).



5.22 Identifier

   The Identifier element enables identification between parties that
   benefit from a prior relationship. The actual meaning and content of
   this element is left to the parties.

      <!ELEMENT dsig:Identifier EMPTY>

      <!ATTLIST dsig:Identifier
           xmlns:disg    CDATA    #FIXED    %xmldsig.dtd;
           value         CDATA    #REQUIRED
      >

   Attributes Description

      value:  Identification data value.



5.23 IssuerAndSerialNumber

   The IssuerAndSerialNumber element identifies a certificate, and
   thereby an entity and a public key, by the distinguished name of the
   certificate issuer and an issuer-specific certificate serial number.

      <!ELEMENT dsig:IssuerAndSerialNumber EMPTY >

      <!ATTLIST dsig:IssuerAndSerialNumber
           xmlns:disg    CDATA    #FIXED    %xmldsig.dtd;
           issuer        CDATA    #REQUIRED
           number        CDATA    #REQUIRED
      >

   Attributes Description

      issuer:  Distinguished name of the issuing certification
           authority.

      number:   Issuer-specific certificate serial number.






Richard D. Brown                                               [Page 25]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


5.24 SignatureAlgorithm

   The SignatureAlgorithms element is used for specifying the algorithms
   to be used for computation of the signature value.

      <!ELEMENT dsig:SignatureAlgorithm ( dsig:Algorithm )>

      <!ATTLIST dsig:SignatureAlgorithm
          xmlns:dsig    PCDATA    #FIXED    %xmldsig.dtd;
      >

   Content Description

      Algorithm:  Algorithm and parameters to be used for computation of
           the signature value.



5.25 Certificates

   The Certificates element consists of a collection of Certificate
   elements. The Certificate elements contained in this element are
   intended to be sufficient to make chains from the originator
   credential(s) to a recognized "certification authority" for all the
   recipients. However, this element may contain more Certificate
   elements than necessary or, alternatively, less than necessary if it
   is known that recipients have an alternate means of obtaining
   necessary certificates.

      <!ELEMENT dsig:Certificates ( dsig:Certificate+ )>

      <!ATTLIST dsig:Certificates
          xmlns:dsig    CDATA    #FIXED    %xmldsig.dtd;
      >

   Content Description

      Certificate:  A collection of Certificate elements.



5.26 Certificate

   The Certificate element may be used for either providing the value of
   a digital certificate or specifying a location from where it may be
   retrieved.






Richard D. Brown                                               [Page 26]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


      <!ELEMENT dsig:Certificate (
          dsig:IssuerAndSerialNumber,
          ( dsig:Value | dsig:Locator )
      )>

      <!ATTLIST dsig:Certificate
          xmlns:disg    CDATA      #FIXED    %xmldsig.dtd;
          type          NMTOKEN    #REQUIRED
      >

   Content Description

      IssuerAndSerialNumber:  Unique identifier of this certificate.
           This element has been made mandatory is order to prevent
           unnecessary decoding during validation of a certificate
           chain. This feature also helps certificates caching,
           especially when the value is not directly provided.

      Value:  Encoding of the certificate value. The actual value to be
           encoded depends upon the type of the certificate.

      Locator: XML link element that could be used for retrieving a copy
           of the digital certificate. The actual value being returned
           by means of this locator depends upon the protocol being
           used.

   Attributes Description

      type:  Type of the digital certificate. This attribute is
           specified as a Universal Resource Name (cf.  Certificate
           Supplement).



5.27 Integer

   The Integer element is a primary data type that is used in the
   definition of algorithm parameters.

      <!ELEMENT dsig:Integer EMPTY>

      <!ATTLIST dsig:Integer
          xmlns:disg    CDATA      #FIXED    %xmldsig.dtd;
          value         CDATA      #REQUIRED
      >

   Attributes Description

      value:  Value of the element given according to the format given
           below.


Richard D. Brown                                               [Page 27]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


   Integer Format

      The current specification requires integer values to be expressed
           According to the following pattern:

                                   ['+'|'-'] n+

           For example, +128, -35635, and 64535 are valid integer
           values.



5.28 Real

   The Real element is a primary data type that is used in the
   definition of algorithm parameters.

      <!ELEMENT dsig:Real EMPTY>

      <!ATTLIST dsig:Real
          xmlns:disg    CDATA      #FIXED    %xmldsig.dtd;
          value         CDATA      #REQUIRED
      >

   Attributes Description

      value:  Value of the element given according to the format given
           below.

   Real Format

      The current specification requires real values to be expressed
           according To the following pattern:

                     ['+'|'-'] n+ ['. ' f+]['E' ('+'|'-') ee]

           For example, 12, -12.34, +12.34E-01, and +0.5 are valid real
           numbers.



5.29 Keyword

   The Keyword element is a primary data type that is used in the
   definition of algorithm parameters.







Richard D. Brown                                               [Page 28]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


      <!ELEMENT dsig:Keyword EMPTY>

      <!ATTLIST dsig:Keyword
          xmlns:disg    CDATA      #FIXED    %xmldsig.dtd;
          value         CDATA      #REQUIRED
      >

   Attributes Description

      value:  Value of the element given as a free form string.



5.30 Resources

   The Resources element consists of a collection of Resource elements.
   Though inaccessible from the Document element of the Signature DTD,
   this element is available to more sophisticated constructs that make
   use of composite documents.

      <!ELEMENT dsig:Resources ( dsig:Resource+ )>

      <!ATTLIST Resources
          xmlns:disg    CDATA    #FIXED    %xmldsig.dtd;
          dsig:eval     IDREF    #IMPLIED
          id            ID       #IMPLIED
      >

   Content Description

      Resource:  A collection of Resource elements.

   Attributes Description

      id: Element identifier that could be used for referencing this
           element from a Resource element.



6. Supported Algorithms

   This specification uses a unique Algorithm data type. Though
   noticeably different from its ASN1 counterpart, this data type serves
   a similar purpose and provides for the definition of algorithm-
   specific parameters.

   The most noticeable difference with ASN1 consists of the assimilation
   of sub-algorithms as parameters of the primary algorithm. In other
   words, where ASN1 recognizes an algorithm of the type AlgxWithAlgy
   (i.e. DsaWithSha1) the current specifications recognize Algx with an


Richard D. Brown                                               [Page 29]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


   Algy parameter. Such a recursive construct is expected to facilitate
   integration with cryptographic toolkits.



6.1 Digest Algorithms

   This specificaiton contemplates two kinds of digest algorithms:

   Surface string digest algorithms: These algorithms do not have any
      particular knowledge about the content being digested and operate
      on the raw content value. Changes in the surface string of a given
      content affect directly the value of the digest being produced.

   Canonical digest algorithms: These algorithms have been tailored for
      a particular content type and produce a digest value that depends
      upon the core semantics of such content. Changes limited to the
      surface string of a given content do not affect the value of the
      digest being produced.



6.2 Key Agreement Algorithms

   A key-agreement algorithm consists of a function that is used for
   deriving a one-time session key from a given master key. Usage of
   one-time session keys prevents some kinds of attacks that require a
   large volume of cipher-text to be produced with a given key.

   Key-agreement algorithms shall not be mistaken with key-exchange
   algorithms, which may be implicitly employed for computation of a
   master key that results from the combination of keying material
   provided by the parties involved in an exchange. In other words,
   parties provided with credentials such as Diffie-Hellmann-based
   certificates shall establish the value of the master key by means of
   the key exchange algorithm and may further derive a one-time session
   key from this master key by means of a key-agreement algorithm. A
   similar procedure is recommended when making use of a message
   authentication code and a shared secret.




6.3 Key Exchange Aglorithms

   A key-exchange algorithm consists of a function that is used for
   deriving a one-time session key from a given master key. (TBD)





Richard D. Brown                                               [Page 30]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


6.4 Signature Algorithms

   This specification abusively uses the terminology of 'digital
   signature' for qualifying indifferently digital signature and message
   authentication codes.  Thus, the signature algorithms contemplated
   herein include public key digital signature algorithms such as DSA
   and message authentication codes such as HMAC [RFC 2104].



6.5 SHA1

   Surface string digest algorithm designed by NIST and NSA for use with
   the Digital Signature Standard. This algorithm produces a 160-bit
   hash value.

   This algorithm does not require any parameter.



6.6 DOM-HASH

   XML canonical digest algorithm proposed by IBM Tokyo Research
   Laboratory and documented in the DOMHASH proposal[x]. This algorithm
   operates on the DOM representation of the document and provides an
   unambiguous means for recursive computation of the hash value of the
   nodes that constitute the DOM tree. This algorithm has many
   applications such as computation of digital signature and
   synchronization of DOM trees. However, because the hash value of an
   element is computed from the hash values of the inner elements, this
   algorithm is better adapted to small documents that do not require
   one-pass processing.

   As of today, this algorithm is limited to the contents of an XML
   document and, therefore, does not provide for authentication of the
   internal or external subset of the DTD. Also, there is no explicit
   support for XML Namespaces.

   The DOM-HASH algorithm requires a single parameter, which shall
   consist of a surface string digest algorithm such as SHA1.

   Example

      <dsig:Algorithm type='dom-hash urn'>
          <dsig:Parameter type='digst-algorithm'>
              <dsig:Algorithm type='sha1 urn'/>
          </dsig:Parameter>
      </dsig:Algorithm>




Richard D. Brown                                               [Page 31]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


6.7 XHASH

   XML canonical digest algorithm proposed by GlobeSet and documented in
   the XHASH proposal[x]. This algorithm has been inspired by the DOM-
   HASH proposal, but operates closer to the surface string of the
   document.  Elements and attributes are subject to formalization in a
   way quite similar to the one proposed by DOM-HASH - XML delimiters
   are represented by binary values and entities are replaced by their
   actual values.  However, formalization happens as elements are
   acquired.  Furthermore, this algorithm has been tailored for explicit
   support of the XML Namespaces and it takes into account some
   specifics of this specification (e.g. dsig:eval attribute).

   The XHASH algorithm makes use of two parameters.  The first one
   consists of a surface string digest algorithm such as SHA1.  The
   second one, optional, may be used for specifying how non-significant
   SPACE characters shall be handled by default.  Actually, the XML
   Specifications define the xml:space attribute that could be used for
   specifying if non-significant SPACE characters are to be preserved.
   However, possible values for this attribute are limited to 'default'
   and 'preserve'.  Thus, there is no known way to explicitly specify
   that non-significant SPACE characters should be discarded.

   Example

      <dsig:Algorithm type='xhash urn'>
          <dsig:Parameter type='digest-algorithm'>
              <dsig:Algorithm type='sha1 urn'/>
          </dsig:Parameter>
          <dsig:Parameter type='white-spaces'>
              <dsig:Algorithm type='ignore'/>
          </dsig:Parameter>
      </dsig:Algorithm>



6.8 PKCS12-PBE

   Key-agreement algorithm proposed by RSA Laboratories and documented
   in PKCS12[x]. This algorithm is a generalization of the PBE algorithm
   defined in PKCS5[x] and provides for the generation of symmetric keys
   and other cryptographic parameters from an established password.

   This algorithm requires three parameters. The first one consists of a
   one-way hash function (i.e. SHA1), the second one of a random string
   (salt), and the last one of an iteration count.






Richard D. Brown                                               [Page 32]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


   Example

      <dsig:Algorithm type='pkcs12-pbe urn'>
          <dsig:Parameter type='digest-algorithm'>
              <dsig:Algorithm type='sha1 urn'/>
          </dsig:Parameter>
          <dsig:Parameter type='random-string'>
              <dsig:Value encoding='base64'>
                  Abkirjegks123qwgtawd456g47
              <dsig:/Value>
          </dsig:Parameter>
          <dsig:Parameter type='iteration-count'>
              <dsig:Integer value='128'/>
          </dsig:Parameter>
      </dsig:Algorithm>



6.9 HMAC

   Generalities [RFC 2104]

   Example

      <dsig:Algorithm type='hmac urn'>
          <dsig:Parameter type='digest-algorithm'>
              <dsig:Algorithm type='xhash urn'>
                  <dsig:Parameter type='digest-algorithm'>
                      <dsig:Algorithm type='sha1 urn'/>
                  </dsig:Parameter>
                  <dsig:Parameter type='white-spaces'>
                      <dsig:Keyword value='ignore'>
                  </dsig:Parameter>
              </dsig:Algorithm>
          </dsig:Parameter>
      </dsig:Algorithm>



6.10 DSA



6.11 RSA








Richard D. Brown                                               [Page 33]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


6.12 ECDSA

   <dsig:Algorithm type='eccdsa urn'>
       <dsig:Parameter type='digest-algorithm'>
           <dsig:Algorithm type='xhash urn'>
               <dsig:Parameter type='digest-algorithm'>
                   <dsig:Algorithm type='sha1 urn'/>
               </dsig:Parameter>
               <dsig:Parameter type='white-spaces'>
                   <dsig:Keyword value='ignore'>
               </dsig:Parameter>
       </dsig:Parameter>
       <dsig:Parameter type='curve-factor-a'>
           <dsig:Integer value='3'>
       </dsig:Parameter>
       <dsig:Parameter type='curve-factor-b'>
           <dsig:Integer value='5'>
       </dsig:Parameter>
       <dsig:Parameter type='point'>
           <dsig:Integer value='7'>
       </dsig:Parameter>
   </dsig:Algorithm>



7. Uniform Resource Names

   Generalities [RFC 2141]

   Content-type URNs
         Leveraging MIME [RFC 2046] types.
         Other content-types

   Algorithm URNs

   Certificate Type URNs



8. Certificate Supplement

   Locator Protocols (HTTP, LDAP)

   Expected Formats








Richard D. Brown                                               [Page 34]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


9. Conformance Requirements

   TBD



10. Examples

   The URN given in the following examples are purely illustrative and,
   therefore, shall not be used as reference material.



10.1 Signature DTD - Embedded Content

   <?xml version='1.0'?>
   <!DOCTYPE dsig:Document PUBLIC 'urn:ietf:xmldsig.dtd'
     SYSTEM 'http://www.dtd.reg.int/dtd/xmldsig.dtd'
   >

   <dsig:Document>
     <dsig:DigestAlgorithm id='digest-algorithm'>
       <dsig:Algorithm type='urn:com-globeset:xhash'>>
         <dsig:Parameter type='digest-algorithm'/>
           <dsign:Algorithm type='urn:fips:sha1'>>
         </dsig:Parameter>
         <dsig:Parameter type='white-spaces'/>
           <dsig:Keyword value='ignore'/>
         </dsig:Parameter>
       </dsig:Algorithm>
     </dsig:DigestAlgorithm>

     <dsig:Package id='data'
       dsig:eval='#digest-algorithms'>
       <dsig:ContentInfo type='urn:mime:application-msword'/>
       <dsig:Value encoding='base64'>
         abncjflf311257gghn6mj2k134h64AANHdd12==
       </dsig:Value>
     </dsig:Package>

     <dsig:Signatures>

       <dsig:Signature>
         <dsig:Manifest>
           <dsig:Resource>
             <dsig:Locator href='#data'/>
             <dsig:ContentInfo type='urn:mime:application-msword'/>
             <dsig:Digest>
               <dsig:Algorithm type='urn:com-globeset:xhash'>>
                 <dsig:Parameter type='digest-algorithm'/>


Richard D. Brown                                               [Page 35]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


                   <dsign:Algorithm type='urn:fips:sha1'>>
                  </dsig:Parameter>
                 <dsig:Parameter type='white-spaces'/>
                   <dsig:Keyword value='ignore'/>
                 </dsig:Parameter>
               </dsig:Algorithm>
               <dsig:Value encoding='base64'>
                 bndWGryrt245u6t1dgURTIrr4ir5=
               </dsig:Value>
             </dsig:Digest>
           </dsig:Resource>
           <dsig:OriginatorInfo>
             <dsig:IssuerAndSerialNumber
                 issuer='o=GlobeSet Inc., c=US'
                 number='123456789102356'/>
           </dsig:OriginatorInfo>
           <dsig:Attributes>
             <dsig:Attribute
                 type='urn:ietf:xmldsig.signing-time'>
               <dsig:Date value='1998-10-29T13:26-0500'/>
             </dsig:Attribute>
           </dsig:Attributes>
           <dsig:SignatureAlgorithm>
             <dsig:Algorithm type='urn:com-rsa:rsa-pks1'>
               <dsig:Parameter type='digest-algorithm'>
                 <dsig:Algorithm type='urn:com-globeset:xhash'>
                   <dsig:Parameter type='digest-algorithm'>
                     <dsig:Algorithm type='urn:fips:sha1'/>
                   </dsig:Parameter>
                   <dsig:Parameter type='white-spaces'>
                     <dsig:Keyword value='ignore'/>
                   </dsig:Parameter>
                 </dsig:Algorithm>
               </dsig:Parameter>
             </dsig:Algorithm>
           </dsig:SignatureAlgorithm>
         </dsig:Manifest>
         <dsig:Value encoding='base64'>
           xsqsfasDys2h44u4ehJDe54he5j4dJYTJ=
         </dsig:Value>
       </dsig:Signature>

     </dsig:Signatures>

     <dsig:Certificates>

       <dsig:Certificate type='urn:X500:X509v3'>
         <dsig:IssuerAndSerialNumber
             issuer='o=GlobeSet Inc., c=US'
             number='123456789102356'/>


Richard D. Brown                                               [Page 36]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


         <dsig:Locator href='http://certs.globeset.com/smith.der'/>
       </dsig:Certificate>

       <dsig:Certificate type='urn:X500:X509v3'>
         <dsig:IssuerAndSerialNumber
             issuer='o=GlobeSet Inc., c=US'
             number='123456789102356'/>
         <dsig:Value encoding='base64'>
           xsqsfasDys2h44u4ehJDe54he5j4dJYTJ
         </dsig:Value>
       </dsig:Certificate>

     </dsig:Certificates>

   </dsig:Document>



10.2 Signature DTD - Detached Signature

   <?xml version='1.0'?>
   <!DOCTYPE dsig:Document PUBLIC 'urn:ietf:xmldsig.dtd'
     SYSTEM 'http://www.dtd.reg.int/dtd/xmldsig.dtd'
   >
   <dsig:Document>

     <dsig:Signatures>

       <dsig:Signature>
         <dsig:Manifest>
           <dsig:Resource>
             <dsig:ContentInfo type='urn:mime:application-msword'/>
             <dsig:Locator href='http://www.globeset.com/xml.doc'/>
             <dsig:Digest>
               <dsig:Algorithm type='urn:fips:sha1'/>
               <dsig:Value encoding='base64'>
                   bndWGryrt245u6t1dgURTIrr4ir5=
               </dsig:Value>
             </dsig:Digest>
           </dsig:Resource>
           <dsig:OriginatorInfo>
             <dsig:IssuerAndSerialNumber
                 issuer='o=GlobeSet Inc., c=US'
                 number='123456789102356'/>
           </dsig:OriginatorInfo>
           <dsig:Attributes>
             <dsig:Attribute
                 type='urn:ietf:xmldsig.signing-time'>
               <dsig:Date value='1998-10-29T13:26-0500'/>
             </dsig:Attribute>


Richard D. Brown                                               [Page 37]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


           </dsig:Attributes>
           <dsig:SignatureAlgorithm>
             <dsig:Algorithm type='urn:com-rsa:rsa-pks1'>
               <dsig:Parameter type='digest-algorithm'>
                 <dsig:Algorithm type='urn:com-globeset:xhash'>
                   <dsig:Parameter type='digest-algorithm'>
                     <dsig:Algorithm type='urn:fips:sha1'/>
                   </dsig:Parameter>
                   <dsig:Parameter type='white-spaces'>
                     <dsig:Keyword value='ignore'/>
                   </dsig:Parameter>
                 </dsig:Algorithm>
               </dsig:Parameter>
             </dsig:Algorithm>
           </dsig:SignatureAlgorithm>
         </dsig:Manifest>
         <dsig:Value encoding='base64'>
             xsqsfasDys2h44u4ehJDe54he5j4dJYTJ=
         </dsig:Value>
       </dsig:Signature>

     </dsig:Signatures>

     <dsig:Certificates>

       <dsig:Certificate type='urn:X500:X509v3'>
         <dsig:IssuerAndSerialNumber
             issuer='o=GlobeSet Inc., c=US'
             number='123456789102356'/>
         <dsig:Locator href='http://certs.globeset.com/smith.der'/>
       </dsig:Certificate>

     </dsig:Certificates>

   </dsig:Document>



10.3 Extended DTD - Domain-specific Attribute

   <?xml version='1.0'?>
   <!DOCTYPE Document PUBLIC 'urn:ietf:xmldsig.dtd'
     SYSTEM  'http://www.dtd.reg.int/dtd/xmldsig.dtd' [
     <!ELEMENT MyDocument (
       dsig:Resources, dsig:Signature
     )>
     <!ELEMENT AssetCategory EMPTY>
     <!ATTLIST AssetCategory
       type    PCDATA    #REQUIRED
     >


Richard D. Brown                                               [Page 38]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


   ]>
   <MyDocument>
     <dsig:Resources id='data'>
       <dsig:Resource>
         <dsig:ContentType type='urn:com-globeset:demo-invoice'/>
         <dsig:Locator href='http://www.globeset.com/invoice.xml'/>
         <dsig:Digest>
           <dsig:Algorithm type='urn:com-globeset:xhash'>>
             <dsig:Parameter type='digest-algorithm'/>
               <dsign:Algorithm type='urn:fips:sha1'>>
              </dsig:Parameter>
             <dsig:Parameter type='white-spaces'/>
               <dsig:Keyword value='ignore'/>
             </dsig:Parameter>
           </dsig:Algorithm>
           <dsig:Value encoding='base64'>
             bndWGryrt245u6t1dgURTIrr4ir5=
           </dsig:Value>
         </dsig:Digest>
       </dsig:Resource>
       <dsig:Resource>
         <dsig:ContentType type='urn:com-globeset:demo-receipt'/>
         <dsig:Locator href='http://www.globeset.com/receipt.xml'/>
         <dsig:Digest>
           <dsig:Algorithm type='urn:com-globeset:xhash'>>
             <dsig:Parameter type='digest-algorithm'/>
               <dsign:Algorithm type='urn:fips:sha1'>>
              </dsig:Parameter>
             <dsig:Parameter type='white-spaces'/>
               <dsig:Keyword value='ignore'/>
             </dsig:Parameter>
           </dsig:Algorithm>
           <dsig:Value encoding='base64'>
             bndWGryrt245u6t1dgURTIrr4ir5=
           </dsig:Value>
         </dsig:Digest>
       </dsig:Resource>
     </dsig:Resources>
     <dsig:Signature>
       <dsig:Manifest>
         <dsig:Resource>
           <dsig:Locator href='#data'/>
           <dsig:Digest>
             <dsig:Algorithm type='urn:com-globeset:xhash'>>
               <dsig:Parameter type='digest-algorithm'/>
                 <dsign:Algorithm type='urn:fips:sha1'>>
                </dsig:Parameter>
               <dsig:Parameter type='white-spaces'/>
                 <dsig:Keyword value='ignore'/>
               </dsig:Parameter>


Richard D. Brown                                               [Page 39]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


             </dsig:Algorithm>
             <dsig:Value encoding='base64'>
               bndWGryrt245u6t1dgURTIrr4ir5=
             </dsig:Value>
           </dsig:Digest>
         </dsig:Resource>
         <dsig:OriginatorInfo>
           <dsig:Identifier value='smith'/>
         </dsig:OriginatorInfo>
         <dsig:Attributes>
           <dsig:Attribute
             type='urn:com-globeset:asset-category'
             critical='true'
           >
             <AssetCategory type='HDW325DPT7896'/>
           </dsig:Attribute>
         </dsig:Attributes>
         <dsig:SignatureAlgorithm>
           <dsig:Algorithm type='urn:com-rsa:rsa-pks1'>
             <dsig:Parameter type='digest-algorithm'>
               <dsig:Algorithm type='urn:com-globeset:xhash'>
                 <dsig:Parameter type='digest-algorithm'>
                   <dsig:Algorithm type='urn:fips:sha1'/>
                 </dsig:Parameter>
                 <dsig:Parameter type='white-spaces'>
                   <dsig:Keyword value='ignore'/>
                 </dsig:Parameter>
               </dsig:Algorithm>
             </dsig:Parameter>
           </dsig:Algorithm>
         </dsig:SignatureAlgorithm>
       </dsig:Manifest>
       <dsig:Value encoding='base64'>
           xsqsfasDys2h44u4ehJDe54he5j4dJYTJ=
       </dsig:Value>
     </dsig:Signature>
   </MyDocument>



11. Signature DTD

   (Insert here)









Richard D. Brown                                               [Page 40]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


12. Security Considerations

   The entirety of this document is concerned with a signature standard
   for XML.
















































Richard D. Brown                                               [Page 41]


INTERNET-DRAFT                January 1999    Digital Signatures for XML


References

   [RFC 2046] - N. Freed & N. Borenstein, "Multipurpose Internet Mail
   Extensions (MIME) Part Two: Media Types", November 1996.

   [RFC 2104] - H. Krawczyk, M. Bellare, R. Canetti, "HMAC: Keyed-
   Hashing for Message Authentication", February 1997.

   [RFC 2141] - R. Moats, "URN Syntax", May 1997.

   [RFC 2396] - T. Berners-Lee, R. Fielding, L. Masinter, "Uniform
   Resource Identifiers (URI): Generic Syntax", August 1998.

   [Schneier] - Bruce Schneier, "Applied Cryptography: Protocols,
   Algorithms, and Source Code in C", 1996, John Wiley and Sons

   [XLink] - Eve Maler, Steve DeRose, "XML Linking Language (XLink)",
   <http://www.w3.org/TR/1998/WD-xlink-19980303>

   [XML] - Tim Bray, Jean Paoli, C. M. Sperber-McQueen, "Extensible
   Markup Language (XML) 1.0", <http://www.w3.org/TR/1998/REC-xml-
   19980210>

   [...more to come]

   draft-ietf-trade-iotp-v1.0-protocol-*.txt - David Burdett



Author's Address

   Richard D. Brown
   GlobeSet, Inc.
   1250 Capital of TX Hwy. So.
   Building One, Suite 300
   Austin, TX 78746 USA

   EMail:       richard_dbrown@globeset.com



Expiration and File Name

   This draft expires July 1999.

   Its file name is draft-brown-xml-dsig-00.doc.






Richard D. Brown                                               [Page 42]