90 likes | 96 Views
Validation and Semantics of XML Digital Signatures. Paul A. Lambert April 15, 1999 plambert@sprintmail.com. Overview. Meaning Validation processing Key Usage Delegation Recommendations. What is the meaning of a Signature?. I approve? I created? I read? I grant?
E N D
Validation and Semantics of XML Digital Signatures Paul A. LambertApril 15, 1999 plambert@sprintmail.com
Overview Meaning Validation processing Key Usage Delegation Recommendations
What is the meaning of a Signature? • I approve? I created? I read? I grant? • Signature “meaning” is not part of the signed document! • XML signatures must carry signature meaning separate from signed information
Validation • Determine algorithms, signature formats, and key • Hash appropriate data • Use appropriate algorithms and key to create signature over hashed information • Compare computed signature to attached signature • Determine if the key was trusted for this usage • is the key valid? • Is it appropriate for this XML application?
Key Usage • Validation: • cryptographic • key usage • is the key valid? • is the key appropriate fo this application? • Usage must be tied to XML schema • Embed XML in X.509? • Create XML protery authorization certificates!
Delegation and Authorization • XML statements can delegate trust to determine key usage • Trust management • Assignment of rights to make statements in specific ranges. • Grant rights for ranges of target and range of signature semantic property values
Signatures versus Authorization • Signatures are statements of the form:“In {schema}, {key_holder} says {object}has {property}”. • Authorization statements are of the form:“In {schema}, {key_holder-1} grants {key_holder-2}the rights to make statements in {object_range}{property_range}”.
Recommendations • XML signatures should include signature semantics • perhaps all XML signatures are a type of RDF statement • XML signature specification must include complete description of validity processing • Authorization should be supported • perhaps a specifc type of RDF statement to grant property ranges to subject ranges
Contact Information Paul A. Lambert Certicom Corp. 25801 Industrial Blvd. Hayward, CA, 96565 +1-510-780-5400 plambert@sprintmail.com