Position Paper on
Signed XML
Kent Davidson
kent@differential.com
This document is intended for public perusal. Use, copying, or reproduction is unlimited.
Introduction
Differential provides secure business-to-business electronic commerce
solutions and software which integrates with existing internet standard protocols, EDI systems, and ERP systems.
Differential recently annouced the availability of our eReceipt
line of products, which allows companies to secure business transactions with a non-repudiable audit trail. The
core of the eReceipt product line is an XML digital receipt document which contains digital signatures in XML based
on IETF drafts listed in the Related section below.
Position
A standard for digital signatures in XML should support:
- Ability to sign any arbitrary XML or non-XML document
- Low impact on signed XML document formats
- Meaning, we do not want to have to add 10 attributes to my XML Element to be able to sign it...
- Standardized Entities
- That is, the signor, the sender, the recipient, and any intermediary parties involved in signing should have
a designated format which is already standards-based. e.g.
- An LDAP directory name, or Distinguished Name (dn)
- X.509 Certificate
- In addition, entities need to be extensible to allow the addition of fields or additional data to a single
entity.
- Embedded digital certificates within document
- To allow digitally signed documents to be self-contained if necessary
- Non-proprietary canonicalization algorithms
- This does not exclude proprietary algorithms - just specify a supported and required algorithm that is not
proprietary.
- DOM-HASH is a "public-domain"
signing algorithm from IBM, source code released shortly
- The SAX Library supports simple normalization by canonicalizing white space
- Non-proprietary signing algorithms
- This does not exclude proprietary algorithms - just specify a supported and required algorithm that is not
proprietary.
- e.g. DSA
- Ability to countersign an already signed document
- Support for non-proprietary certificate formats
- Native Language Independence
- Should be able to sign documents in any language
- Providing References to documents
Related Materials
Digital Receipts, Differential, Inc.
Digital Signatures for
the Internet Open Trading Protocol, Internet-Draft, Kent M. Davidson et al.,
Digital Signatures for XML, Internet-Draft,
Richard D. Brown