Xml dsig 99
Download
1 / 29

XML-DSIG’99 - PowerPoint PPT Presentation


  • 96 Views
  • Uploaded on

Richard D. Brown GlobeSet, Inc. Austin TX - U.S. Proposal for XML Digital Signature. XML-DSIG’99. Motivations Objectives Specification Process Driving Requirements Syntax Proposal Conclusion. Summary. XML enables production and exchange of structured data, but this is not sufficient.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' XML-DSIG’99' - etoile


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Xml dsig 99

Richard D. Brown

GlobeSet, Inc. Austin TX - U.S.

Proposal for XML Digital Signature

XML-DSIG’99


Summary

Motivations

Objectives

Specification Process

Driving Requirements

Syntax Proposal

Conclusion

Summary


Motivations

XML enables production and exchange of structured data, but this is not sufficient.

The usefulness of such structured data depends upon our ability to assess its origin and authenticity.

Existing binary syntaxes are not satisfactory for building authentication in XML applications.

These syntaxes tend to externalize signature from the application logic.

The lack of XML cryptography standard is a real show stopper for our industry.

Slow down development and adoption of XML applications.

Rapid proliferation of proprietary and limited solutions.

Motivations


Objectives

Define syntax and procedures for the computation, verification, and encoding of digital signatures using XML

Signing XML document and element

Using XML for signing WEB resources

Objectives


Specification process
Specification Process verification, and encoding of digital signatures using XML


Specification process1
Specification Process verification, and encoding of digital signatures using XML


Specification process2
Specification Process verification, and encoding of digital signatures using XML


Requirements

Ease signature support in XML applications and propose an XML alternative to binary syntaxes

Support for digital signatures and authentication codes

Support for certificate-based and account-based authentication schemes

Authentication of internal and external resources

Authentication of part or totality of a document

Support for composite documents

Support for extended signature functionality such as co-signature, endorsement, etc...

Requirements


Syntax basics

<Signature> XML alternative to binary syntaxes

<Manifest>

(authenticated attributes)

</Manifest>

<Value>

(encoded signature value)

</Value>

</Signature>

Syntax Basics

<Certificates>

(certificate information blocks)

</Certificates>


Signature manifest
Signature Manifest XML alternative to binary syntaxes

<Manifest>

(resources information block)

(other authenticated attributes)

(originator information block)

(recipient information block)

(key-agreement algorithm information block)

(signature algorithm information block)

</Manifest>


Resources

<Resources> XML alternative to binary syntaxes

<Resource>

<Locator href=‘resource locator’/>

<ContentInfo type=‘type qualifier’/>

<Digest>

(encoded digest value)

</Digest>

</Resource>

</Resources>

Resources


Attributes

<Attributes> XML alternative to binary syntaxes

<Attribute type=‘resource locator’

critical=‘boolean/>

(ANY attribute value)

</Attribute>

</Attributes>

Attributes


Originator and recipient

<OriginatorInfo> XML alternative to binary syntaxes

(ANY identification information blocks)

(ANY keying material information block)

</OriginatorInfo>

<RecipientInfo>

(ANY identification information blocks)

(ANY keying material information block)

</RecipientInfo>

Originator and Recipient


Signature and key agreement

<KeyAgreementAlgorithm> XML alternative to binary syntaxes

(algorithm information block)

</KeyAgreementAlgorithm>

<SignatureAlgorithm>

(algorithm information block)

</SignatureAlgorithm>

Signature and Key-agreement


Signature principles

Enabling signature in XML applications XML alternative to binary syntaxes

Encapsulating arbitrary content

Implementing endorsement

Supporting composite documents

Enabling one-pass processing

Signature Principles


Signature in xml applications

<AppDoc XML alternative to binary syntaxesxmlns:dsig=‘signature DTD URI’>

<AppElement id=‘authenticated’>

</AppElement>

<dsig:Signature>

...

<dsig:Resource>

<dsig:Locator href=‘#authenticated’/>

</dsig:Signature>

</AppDoc>

Signature in XML Applications


Encapsulating arbitrary content

<dsig:Package id=‘ XML alternative to binary syntaxesauthenticated’>

<dsig:ContentInfo type=‘type qualifier’/>

<dsig:Value encoding=‘scheme’>

(encoded value)

</dsig:Value>

</dsig:Package>

Encapsulating Arbitrary Content


Implementing endorsement

<dsig:Signature id=‘ XML alternative to binary syntaxessignature’>

...

</dsig:Signature>

<dsig:Signatue id=‘counter-signature’>

...

<dsig:Resource>

<dsig:Locator href=‘#signature’/>

</dsig:Signature>

Implementing Endorsement


Supporting composite documents

<dsig:Resources id=‘ XML alternative to binary syntaxesshared-resources’>

...

</dsig:Resources>

<dsig:Signature>

...

<dsig:Resource>

<dsig:Locator href=‘#shared-resources’/>

...

</dsig:Signature>

<dsig:Signature>

...

<dsig:Resource>

<dsig:Locator href=‘#shared-resources’/>

...

</dsig:Signature>

Supporting Composite Documents


Enabling one pass processing

<dsig:DigestAlgorithms> XML alternative to binary syntaxes

<dsig:Algorithm id=‘SHA1’ type=‘urn:nist-gov:sha1’/>

<dsig:Algorithm id=‘MD5’ type=‘urn:rsasdi-com:md5’/>

</dsig:DigestAlgorithms>

<AppElement id=‘authenticated’ dsig:eval=‘SHA1 MD5’>

</AppElement>

<dsig:Signature>

...

<dsig:Resource>

<dsig:Locator href=‘#authenticated’/>

<dsig:Digest>

<dsig:Algorithm type=‘urn:nist-gov:sha1’/>

...

</dsig:Signature>

Enabling One-Pass Processing


Algorithms

Element Definition XML alternative to binary syntaxes

Supported Algorithms

Algorithms


Algorithm element
Algorithm Element XML alternative to binary syntaxes

<!ELEMENT Algorithm (Parameter*)>

<!ATTLIST Algorithm

id ID #IMPLIED

type CDATA #REQUIRED

>

<!ELEMENT Parameter ANY>

<!ATTLIST Parameter

type CDATA #REQUIRED

>


Algorithm element1
Algorithm Element XML alternative to binary syntaxes

<dsig:Algorithm id=‘DSA-XHASH-SHA1’

type=‘urn:nist-gov:dsa’>

<dsig:Parameter type=‘digest-algorithm’>

<dsig:Algorithm type=‘urn:globeset-com:xhash’>

<dsig:Parameter type=‘digest-algorithm’>

<dsig:Algorithm type=‘urn:nist-gov:SHA1’/>

</dsig:Parameter>

</dsig:Parameter>

</dsig:Algorithm>

<dsig:Algorithm id=‘DSA-XHASH-SHA1’

type=‘urn:xmldsig:dsa-xhash-sha1’/>


Supported algorithms
Supported Algorithms XML alternative to binary syntaxes

  • Digest Algorithms

  • Key-agreement Algorithms

  • Key-exchange Algorithms

  • Signature Algorithms


Digest algorithms
Digest Algorithms XML alternative to binary syntaxes

  • Surface String Digest Algorithms

    • NIST SHA1

  • Canonical Digest Algorithms

    • IBM DOM-HASH

    • GlobeSet XHASH


Key agreement algorithms
Key-agreement Algorithms XML alternative to binary syntaxes

  • RSA Laboratories PKCS12 PBE


Key exchange algorithms
Key-exchange Algorithms XML alternative to binary syntaxes

  • Static Diffie Hellman


Signature algorithms
Signature Algorithms XML alternative to binary syntaxes

  • Authentication Codes

    • IETF HMAC

  • Public-key Signature Algorithms

    • NIST DSA

    • RSA Labs RSA Encryption T1

    • ? ECDSA


Conclusion
Conclusion XML alternative to binary syntaxes

  • Current Proposal

    • A good start

    • Enter phase 3

  • Next

    • First Implementations

    • Standard Body

    • Formalization


ad