1.
|
Clear description of the referenced document:
|
|
|
2.
|
Status of approval:
|
|
This is a W3C Recommendation of 11 April 2013.
|
3.
|
Justification for the specific reference:
|
|
This W3C standard defines XML Signature Syntax and Processing rules that are used in this Recommendation
|
4.
|
Current information, if any, about IPR issues:
|
|
No Issues.
|
5.
|
Other useful information describing the "Quality" of the document:
|
|
XML Signature was published in April 2013, and has been widely used. Conformance requirements are clear, and the specification is readily and widely available.
|
6.
|
The degree of stability or maturity of the document:
|
|
The document is considered stable and provides a complete description of XML digital signature processing. Approved 11 April 2013.
|
7.
|
Relationship with other existing or emerging documents:
|
|
See clause 8
|
8.
|
Any explicit references within that referenced document should also be listed:
|
|
[ECC-ALGS]/
D. McGrew; K. Igoe; M. Salter. RFC 6090: Fundamental Elliptic Curve Cryptography Algorithms. February 2011. IETF Informational RFC. URL: http://www.rfc-editor.org/rfc/rfc6090.txt/
[FIPS-180-3]/
FIPS PUB 180-3 Secure Hash Standard. U.S. Department of Commerce/National Institute of Standards and Technology. URL: http://csrc.nist.gov/publications/fips/fips180-3/fips180-3_final.pdf/
[FIPS-186-3]/
FIPS PUB 186-3: Digital Signature Standard (DSS). June 2009. U.S. Department of Commerce/National Institute of Standards and Technology. URL: http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf/
[HMAC]/
H. Krawczyk, M. Bellare, R. Canetti. HMAC: Keyed-Hashing for Message Authentication. February 1997. IETF RFC 2104. URL: http://www.ietf.org/rfc/rfc2104.txt/
[HTTP11]/
R. Fielding et al. Hypertext Transfer Protocol - HTTP/1.1. June 1999. RFC 2616. URL: http://www.ietf.org/rfc/rfc2616.txt/
[LDAP-DN]/
K. Zeilenga. Lightweight Directory Access Protocol : String Representation of Distinguished Names. June 2006. IETF RFC 4514. URL: http://www.ietf.org/rfc/rfc4514.txt/
[NFC]/
M. Davis, Ken Whistler. TR15, Unicode Normalization Forms.. 17 September 2010, URL: http://www.unicode.org/reports/tr15//
[PGP]/
J. Callas, L. Donnerhacke, H. Finney, D. Shaw, R. Thayer. OpenPGP Message Format. IETF RFC 4880. November 2007. URL: http://www.ietf.org/rfc/rfc4880.txt/
[PKCS1]/
J. Jonsson and B. Kaliski. Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1. RFC 3447 (Informational), February 2003. URL: http://www.ietf.org/rfc/rfc3447.txt/
[RFC2045]/
N. Freed and N. Borenstein. Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies. November 1996. URL: http://www.ietf.org/rfc/rfc2045.txt/
[RFC2119]/
S. Bradner. Key words for use in RFCs to Indicate Requirement Levels. March 1997. Internet RFC 2119. URL: http://www.ietf.org/rfc/rfc2119.txt/
[RFC3279]/
W. Polk, R. Housley, L. Bassham. Algorithmupdates and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. April 2002. Internet RFC 3279. URL: http://www.ietf.org/rfc/rfc3279.txt/
[RFC3406]/
L. Daigle, D. van Gulik, R. Iannella, P. Faltstrom. URN Namespace Definition Mechanisms.. IETF RFC 3406 October 2002. URL: http://www.ietf.org/rfc/rfc3406.txt/
[RFC4055]/
J. Schaad, B. Kaliski, R. Housley. Additional Algorithms and Identifiers for RSA Cryptography for use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. June 2005. IETF RFC 4055. URL: http://www.ietf.org/rfc/rfc4055.txt/
[RFC5280]/
D. Cooper, et. al. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. . IETF RFC 5280 May 2008. URL: http://www.ietf.org/rfc/rfc5280.txt/
[RFC5480]/
S. Turner, et. al. Elliptic Curve Cryptography Subject Public Key Information.. IETF RFC 5480 March 2009. URL: http://www.ietf.org/rfc/rfc5480.txt/
[RFC6931]/
D. Eastlake 3rd. Additional XML Security Uniform Resource Identifiers. RFC 6931 April 2013. URL: http://tools.ietf.org/html/rfc6931/
[SP800-57]/
Recommendation for Key Management – Part 1: General (Revision 3). SP800-57. July 2012. U.S. Department of Commerce/National Institute of Standards and Technology. URL: http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf/
[URI]/
T. Berners-Lee; R. Fielding; L. Masinter. Uniform Resource Identifiers (URI): generic syntax. January 2005. RFC 3986. URL: http://www.ietf.org/rfc/rfc3986.txt/
[URN]/
R. Moats. URN Syntax. IETF RFC 2141. May 1997. URL: http://www.ietf.org/rfc/rfc2141.txt/
[URN-OID]/
M. Mealling. A URN Namespace of Object Identifiers. . IETF RFC 3061. February 2001. URL: http://www.ietf.org/rfc/rfc3061.txt/
[UTF-8]/
F. Yergeau. UTF-8, a transformation format of ISO 10646. IETF RFC 3629. November 2003. URL: http://www.ietf.org/rfc/rfc3629.txt/
[X509V3]/
ITU-T Recommendation X.509 version 3 (1997). "Information Technology - Open Systems Interconnection - The Directory Authentication Framework" ISO/IEC 9594-8:1997./
[XML-C14N]/
John Boyer. Canonical XML Version 1.0. 15 March 2001. W3C Recommendation. URL: http://www.w3.org/TR/2001/REC-xml-c14n-20010315/
[XML-C14N11]/
John Boyer; Glenn Marcy. Canonical XML Version 1.1. 2 May 2008. W3C Recommendation. URL: http://www.w3.org/TR/2008/REC-xml-c14n11-20080502//
[XML-EXC-C14N]/
Donald E. Eastlake 3rd; Joseph Reagle; John Boyer. Exclusive XML Canonicalization Version 1.0. 18 July 2002. W3C Recommendation. URL: http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718//
[XML-MEDIA-TYPES]/
Ümit Yalçınalp; Anish Karmarkar. Describing Media Content of Binary Data in XML. 4 May 2005. W3C Note. URL: http://www.w3.org/TR/2005/NOTE-xml-media-types-20050504//
[XML-NAMES]/
Richard Tobin et al. Namespaces in XML 1.0 (Third Edition). 8 December 2009. W3C Recommendation. URL: http://www.w3.org/TR/2009/REC-xml-names-20091208//
[XML10]/
C. M. Sperberg-McQueen et al. Extensible Markup Language (XML) 1.0 (Fifth Edition). 26 November 2008. W3C Recommendation. URL: http://www.w3.org/TR/2008/REC-xml-20081126//
[XMLDSIG-XPATH-FILTER2]/
Merlin Hughes; John Boyer; Joseph Reagle. XML-Signature XPath Filter 2.0. 8 November 2002. W3C Recommendation. URL: http://www.w3.org/TR/2002/REC-xmldsig-filter2-20021108//
[XMLENC-CORE1]/
J. Reagle; D. Eastlake; F. Hirsch; T. Roessler. XML Encryption Syntax and Processing Version 1.1. 11 April 2013. W3C Recommendation. URL: http://www.w3.org/TR/2013/REC-xmlenc-core1-20130411//
[XMLSCHEMA-1]/
Henry S. Thompson et al. XML Schema Part 1: Structures Second Edition. 28 October 2004. W3C Recommendation. URL: http://www.w3.org/TR/2004/REC-xmlschema-1-20041028//
[XMLSCHEMA-2]/
Paul V. Biron; Ashok Malhotra. XML Schema Part 2: Datatypes Second Edition. 28 October 2004. W3C Recommendation. URL: http://www.w3.org/TR/2004/REC-xmlschema-2-20041028//
[XPATH]/
James Clark; Steven DeRose. XML Path Language (XPath) Version 1.0. 16 November 1999. W3C Recommendation. URL: http://www.w3.org/TR/1999/REC-xpath-19991116//
[XPTR-ELEMENT]/
Norman Walsh et al. XPointer element() Scheme. 25 March 2003. W3C Recommendation. URL: http://www.w3.org/TR/2003/REC-xptr-element-20030325//
[XPTR-FRAMEWORK]/
Paul Grosso et al. XPointer Framework. 25 March 2003. W3C Recommendation. URL: http://www.w3.org/TR/2003/REC-xptr-framework-20030325//
[XSL10]/
Jeremy Richman et al. Extensible Stylesheet Language (XSL) Version 1.0. 15 October 2001. W3C Recommendation. URL: http://www.w3.org/TR/2001/REC-xsl-20011015//
[XSLT]/
James Clark. XSL Transformations (XSLT) Version 1.0. 16 November 1999. W3C Recommendation. URL: http://www.w3.org/TR/1999/REC-xslt-19991116/
[ABA-DSIG-GUIDELINES]/
Digital Signature Guidelines. 1 August 1996. Information Security Committee, American Bar Association. URL: http://www.signelec.com/content/download/digital_signature_guidelines.pdf/
[CVE-2009-0217]/
Common Vulnerabilities and Exposures List, CVE-2009-0217 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217/
[DOM-LEVEL-1]/
Vidur Apparao et al. Document Object Model (DOM) Level 1. 1 October 1998. W3C Recommendation. URL: http://www.w3.org/TR/1998/REC-DOM-Level-1-19981001//
[IEEE1363]/
IEEE 1363: Standard Specifications for Public Key Cryptography. August 2000. URL: http://grouper.ieee.org/groups/1363//
[RANDOM]/
D. Eastlake, S. Crocker, J. Schiller. Randomness Recommendations for Security.. IETF RFC 4086. June 2005. URL: http://www.ietf.org/rfc/rfc4086.txt/
[RDF-PRIMER]/
Frank Manola; Eric Miller. RDF Primer. 10 February 2004. W3C Recommendation. URL: http://www.w3.org/TR/2004/REC-rdf-primer-20040210//
[RELAXNG-SCHEMA]/
Information technology -- Document Schema Definition Language (DSDL) -- Part 2: Regular-grammar-based validation -- RELAX NG. ISO/IEC 19757-2:2008. URL: http://standards.iso.org/ittf/PubliclyAvailableStandards/c052348_ISO_IEC_19757-2_2008(E).zip/
[RFC4050]/
S. Blake-Wilson; G. Karlinger; T. Kobayashi; Y. Wang. Using the Elliptic Curve Signature Algorithm (ECDSA) for XML Digital Signatures (RFC 4050). April 2005. RFC. URL: http://www.ietf.org/rfc/rfc4050.txt/
[RFC4949]/
R. Shirey. Internet Security Glossary, Version 2.. IETF RFC 4949. August 2007. URL: http://www.ietf.org/rfc/rfc4949.txt/
[SAX]/
D. Megginson, et al. SAX: The Simple API for XML. May 1998. URL: http://www.megginson.com/downloads/SAX//
[SHA-1-Analysis]/
McDonald, C., Hawkes, P., and J. Pieprzyk. SHA-1 collisions now 252 . EuroCrypt 2009 Rump session. URL: http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf/
[SHA-1-Collisions]/
X. Wang, Y.L. Yin, H. Yu. Finding Collisions in the Full SHA-1. In Shoup, V., editor, Advances in Cryptology - CRYPTO 2005, 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings, volume 3621 of LNCS, pages 17–36. Springer, 2005. URL: http://people.csail.mit.edu/yiqun/SHA1AttackProceedingVersion.pdf (also published in http://www.springerlink.com/content/26vljj3xhc28ux5m/)/
[SOAP12-PART1]/
Noah Mendelsohn et al. SOAP Version 1.2 Part 1: Messaging Framework (Second Edition). 27 April 2007. W3C Recommendation. URL: http://www.w3.org/TR/2007/REC-soap12-part1-20070427//
[UTF-16]/
P. Hoffman , F. Yergeau. UTF-16, an encoding of ISO 10646. IETF RFC 2781. February 2000. URL: http://www.ietf.org/rfc/rfc2781.txt/
[XHTML10]/
Steven Pemberton. XHTML™ 1.0 The Extensible HyperText Markup Language (Second Edition). 1 August 2002. W3C Recommendation. URL: http://www.w3.org/TR/2002/REC-xhtml1-20020801//
[XML-Japanese]/
M. Murata. XML Japanese Profile (2nd Edition). March 2005. W3C Member Submission. URL: http://www.w3.org/Submission/2005/SUBM-japanese-xml-20050324//
[XMLDSIG-BESTPRACTICES]/
Pratik Datta; Frederick Hirsch. XML Signature Best Practices. 11 April 2013. W3C Working Group Note. URL: http://www.w3.org/TR/2013/NOTE-xmldsig-bestpractices-20130411//
[XMLDSIG-CORE]/
Joseph Reagle et al. XML Signature Syntax and Processing (Second Edition). 10 June 2008. W3C Recommendation. URL: http://www.w3.org/TR/2008/REC-xmldsig-core-20080610//
[XMLDSIG-CORE1-CHGS]/
Frederick Hirsch. Functional Explanation of Changes in XML Signature 1.1. 11 April 2013. W3C Working Group Note. URL: http://www.w3.org/TR/2013/NOTE-xmldsig-core1-explain-20130411//
[XMLDSIG-REQUIREMENTS]/
Joseph Reagle Jr. XML-Signature Requirements. 14 October 1999. W3C Working Draft. URL: http://www.w3.org/TR/1999/WD-xmldsig-requirements-19991014/
[XMLSEC-RELAXNG]/
Makoto Murata; Frederick Hirsch. XML Security RELAX NG Schemas. 11 April 2013. W3C Working Group Note. URL: http://www.w3.org/TR/2013/NOTE-xmlsec-rngschema-20130411//
[XMLSEC11-REQS]/
Frederick Hirsch; Thomas Roessler. XML Security 1.1 Requirements and Design Considerations. 11 April 2013. W3C Working Group Note. URL: http://www.w3.org/TR/2013/NOTE-xmlsec-reqs-20130411//
[XPTR-XMLNS]/
Jonathan Marsh et al. XPointer xmlns() Scheme. 25 March 2003. W3C Recommendation. URL: http://www.w3.org/TR/2003/REC-xptr-xmlns-20030325//
[XPTR-XPOINTER]/
Ron Daniel Jr; Eve Maler; Steven DeRose. XPointer xpointer() Scheme. 19 December 2002. W3C Working Draft. URL: http://www.w3.org/TR/2002/WD-xptr-xpointer-20021219//
[XPTR-XPOINTER-CR2001]/
Ron Daniel Jr; Eve Maler; Steven DeRose. XPointer xpointer() Scheme. September 2001. W3C Candidate Recommendation. URL: http://www.w3.org/TR/2001/CR-xptr-20010911/
|
9.
|
Qualification of
W3C:
|
|
W3C is qualified for including references in ITU-T Recommendations under Recommendation A.5 procedures.
|
10.
|
Other (for any supplementary information):
|
|
All standards are available on-line. An index of Recommendation and their status may be found in the W3C archives at http://www.w3.org/TR/ .
|
|