1 / 9

Validation and Semantics of XML Digital Signatures

Learn about the meaning, validation process, key usage, delegation, and recommendations for XML digital signatures. Discover how to validate signatures, determine key usage, delegate trust, and differentiate signatures from authorization statements.

balog
Download Presentation

Validation and Semantics of XML Digital Signatures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Validation and Semantics of XML Digital Signatures Paul A. LambertApril 15, 1999 plambert@sprintmail.com

  2. Overview Meaning Validation processing Key Usage Delegation Recommendations

  3. What is the meaning of a Signature? • I approve? I created? I read? I grant? • Signature “meaning” is not part of the signed document! • XML signatures must carry signature meaning separate from signed information

  4. Validation • Determine algorithms, signature formats, and key • Hash appropriate data • Use appropriate algorithms and key to create signature over hashed information • Compare computed signature to attached signature • Determine if the key was trusted for this usage • is the key valid? • Is it appropriate for this XML application?

  5. Key Usage • Validation: • cryptographic • key usage • is the key valid? • is the key appropriate fo this application? • Usage must be tied to XML schema • Embed XML in X.509? • Create XML protery authorization certificates!

  6. Delegation and Authorization • XML statements can delegate trust to determine key usage • Trust management • Assignment of rights to make statements in specific ranges. • Grant rights for ranges of target and range of signature semantic property values

  7. Signatures versus Authorization • Signatures are statements of the form:“In {schema}, {key_holder} says {object}has {property}”. • Authorization statements are of the form:“In {schema}, {key_holder-1} grants {key_holder-2}the rights to make statements in {object_range}{property_range}”.

  8. Recommendations • XML signatures should include signature semantics • perhaps all XML signatures are a type of RDF statement • XML signature specification must include complete description of validity processing • Authorization should be supported • perhaps a specifc type of RDF statement to grant property ranges to subject ranges

  9. Contact Information Paul A. Lambert Certicom Corp. 25801 Industrial Blvd. Hayward, CA, 96565 +1-510-780-5400 plambert@sprintmail.com

More Related