XML-Signature XPath Filter 2.0
RFC 3653

Document Type RFC - Informational (December 2003; No errata)
Last updated 2015-10-14
Stream IETF
Formats plain text html pdf htmlized bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state RFC 3653 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Russ Housley
Send notices to (None)
Network Working Group                                           J. Boyer
Request for Comments: 3653                            PureEdge Solutions
Category: Informational                                        M. Hughes
                                                         Betrusted, Inc.
                                                               J. Reagle
                                                                     W3C
                                                           December 2003

                     XML-Signature XPath Filter 2.0

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

Abstract

   XML Signature recommends a standard means for specifying information
   content to be digitally signed and for representing the resulting
   digital signatures in XML.  Some applications require the ability to
   specify a subset of a given XML document as the information content
   to be signed.  The XML Signature specification meets this requirement
   with the XPath transform.  However, this transform can be difficult
   to implement efficiently with existing technologies.  This
   specification defines a new XML Signature transform to facilitate the
   development of efficient document subsetting implementations that
   interoperate under similar performance profiles.

   This document is the W3C XML Signature XPath-Filter 2.0
   Recommendation.  This document has been reviewed by W3C Members and
   other interested parties and has been endorsed by the Director as a
   W3C Recommendation.  It is a stable document and may be used as
   reference material or cited as a normative reference from another
   document.  W3C's role in making the Recommendation is to draw
   attention to the specification and to promote its widespread
   deployment.  This enhances the functionality and interoperability of
   the Web.

Boyer, et al.                Informational                      [Page 1]
RFC 3653             XML-Signature XPath Filter 2.0        December 2003

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . .  2
       1.1.  Acknowledgements (Informative) . . . . . . . . . . . .  4
       1.2.  W3C Status . . . . . . . . . . . . . . . . . . . . . .  4
   2.  Terminology. . . . . . . . . . . . . . . . . . . . . . . . .  4
   3.  Specification of Signature Filter Transform. . . . . . . . .  5
       3.1.  Algorithm Identifier . . . . . . . . . . . . . . . . .  5
       3.2.  Syntax of Signature Filter Transform . . . . . . . . .  5
       3.3.  Input and Evaluation Context of Signature Filter
             Transform. . . . . . . . . . . . . . . . . . . . . . .  7
       3.4.  Processing Model of Signature Filter Transform . . . .  7
   4.  Examples of Signature Filter Transform . . . . . . . . . . .  9
   5.  Normative References . . . . . . . . . . . . . . . . . . . . 13
   6.  Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 14
   7.  Full Copyright Statement . . . . . . . . . . . . . . . . . . 15

1.  Introduction

   The XML Recommendation [XML] specifies the syntax of a class of
   objects called XML documents.  The Namespaces in XML Recommendation
   [XML-NS] specifies additional syntax and semantics for XML documents.
   The XML Signature Recommendation [XML-DSig] defines standard means
   for specifying information content to be digitally signed, including
   the ability to select a portion of an XML document to be signed using
   an XPath transform.

   This specification describes a new signature filter transform that,
   like the XPath transform [XML-DSig, section 6.6.3], provides a method
   for computing a portion of a document to be signed.  In the interest
   of simplifying the creation of efficient implementations, the
   architecture of this transform is not based on evaluating an [XPath]
   expression for every node of the XML parse tree (as defined by the
   [XPath] data model).  Instead, a sequence of XPath expressions is
   used to select the roots of document subtrees -- location sets, in
   the language of [XPointer] -- which are combined using set
   intersection, subtraction and union, and then used to filter the
   input node-set.  The principal differences from the XPath transform
   are:

      *  A sequence of XPath operations can be executed in a single
         transform, allowing complex filters to be more easily expressed
         and optimized.
      *  The XPath expressions are evaluated against the input document
         resulting in a set of nodes, instead of being used as a boolean
         test against each node of the input node-set.

Boyer, et al.                Informational                      [Page 2]
RFC 3653             XML-Signature XPath Filter 2.0        December 2003
Show full document text