XML Security Algorithm Cross-Reference

Similar documents
XML Security Derived Keys

JSON Web Algorithms (JWA) draft-ietf-jose-json-web-algorithms-01

2010 Martin v. Löwis. Data-centric XML. XML Signature and Encryption

Internet Engineering Task Force (IETF) Request for Comments: 6931 Obsoletes: 4051 April 2013 Category: Standards Track ISSN:

3.2 The EncryptionMethod Element

Internet Engineering Task Force (IETF) Request for Comments: 7192 Category: Standards Track April 2014 ISSN:

Internet Engineering Task Force (IETF) Request for Comments: 6160 Category: Standards Track April 2011 ISSN:

Updates: 2409 May 2005 Category: Standards Track. Algorithms for Internet Key Exchange version 1 (IKEv1)

OASIS XACML XML DSig Profile

1 URI stands for Universal Resource Identifier.

Internet Engineering Task Force (IETF) Request for Comments: 5959 Category: Standards Track August 2010 ISSN:

Subject Key Attestations in KeyGen2

NIST Cryptographic Toolkit

LSS Technical Specification

XACML v3.0 XML Digital Signature Profile Version 1.0

SMPTE Standards Transition Issues for NIST/FIPS Requirements

Request for Comments: CIO Austria T. Kobayashi NTT Y. Wang UNCC April 2005

Network Working Group Request for Comments: 4869 Category: Informational May Suite B Cryptographic Suites for IPsec. Status of This Memo

Network Working Group. Category: Informational Betrusted, Inc. J. Reagle W3C December 2003

Internet Engineering Task Force (IETF) ISSN: January Suite B Profile for Transport Layer Security (TLS)

Intended status: Standards Track January 13, 2015 Expires: July 17, 2015

Internet Engineering Task Force (IETF) April Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC

Category: Informational January 2010 ISSN:

Encrypted DigiDoc Format Specification

Cryptographic Mechanisms: Recommendations and Key Lengths

SOA-Tag Koblenz 28. September Dr.-Ing. Christian Geuer-Pollmann European Microsoft Innovation Center Aachen, Germany

PKI Knowledge Dissemination Program. PKI Standards. Dr. Balaji Rajendran Centre for Development of Advanced Computing (C-DAC) Bangalore

Internet Engineering Task Force (IETF) Request for Comments: 7518 Category: Standards Track May 2015 ISSN:

CORRIGENDA ISIS-MTT SPECIFICATION 1.1 COMMON ISIS-MTT SPECIFICATIONS VERSION JANUARY 2008 FOR INTEROPERABLE PKI APPLICATIONS

Cipher Suite Configuration Mode Commands

Internet Engineering Task Force (IETF) Request for Comments: 5754 Updates: 3370 January 2010 Category: Standards Track ISSN:

XML ELECTRONIC SIGNATURES

Experience XML Security

Request for Comments: 3110 Obsoletes: 2537 May 2001 Category: Standards Track. RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)

Network Working Group Request for Comments: 4432 March 2006 Category: Standards Track

Internet Engineering Task Force (IETF) Request for Comments: Category: Informational ISSN: March 2011

Extended Package for Secure Shell (SSH) Version: National Information Assurance Partnership

Web Services Security SOAP Messages with Attachments (SwA) Profile 1.0 Interop 1 Scenarios

3emplate for comments and secretariat observations Date: 14/X/2013 Document:

IBM [11] DOM : Web Services, security, WS-Security, XML, performance, RSA DSA HMAC

FIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2

Web Services Description Language (WSDL) Version 1.2

XML Information Set. Working Draft of May 17, 1999

Category: Standards Track Queen s University December Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer

Elaine Barker and Allen Roginsky NIST June 29, 2010

PKCS #5 v2.0: Password-Based Cryptography Standard

RSA-PSS in XMLDSig. Position Paper W3C Workshop Mountain View

Internet Engineering Task Force (IETF) Request for Comments: Category: Informational ISSN: January 2010

ISO/IEC INTERNATIONAL STANDARD. Information technology Trusted Platform Module Part 2: Design principles

XML Encryption Syntax and Processing Version 1.1

Encryption, Signing and Compression in Financial Web Services

Using SRP for TLS Authentication

Internet Engineering Task Force (IETF) Category: Standards Track ISSN: October 2015

IBM Research Report. XML Signature Element Wrapping Attacks and Countermeasures

UNCLASSIFIED INFORMATION TECHNOLOGY SECURITY GUIDANCE

Symantec Corporation

Internet Engineering Task Force (IETF) Category: Informational July 2012 ISSN: S/MIME Capabilities for Public Key Definitions

Network Working Group Request for Comments: December 2004

Category: Informational September 2004

Web Services Description Language (WSDL) Version 1.2

Computer Security: Principles and Practice

Internet Engineering Task Force (IETF) Category: Informational May 2015 ISSN:

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

Web Services Security SOAP Messages with Attachments (SwA) Profile 1.1

Subject Key Attestations in KeyGen2

Internet Engineering Task Force (IETF) Request for Comments: 6379 Obsoletes: 4869 Category: Informational October 2011 ISSN:

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

E. Rescorla. <draft-ietf-smime-x txt> October 1998 (Expires April 1999) Diffie-Hellman Key Agreement Method. Status of this Memo

Cryptography MIS

Key Management Interoperability Protocol Crypto Profile Version 1.0

XML Signature Best Practices

IPSec Transform Set Configuration Mode Commands

Internet Engineering Task Force (IETF) Category: Standards Track August 2018 ISSN:

FIPS Compliance of Industry Protocols in Edward Morris September 25, 2013

Cryptography and Network Security. Sixth Edition by William Stallings

On Partial Encryption of RDF-Graphs

Web Services Security: XCBF Token Profile

FIPS Security Policy

PKCS #5 v2.0: Password-Based Cryptography Standard

Summary of PGP Services

Metadata for SAML 1.0 Web Browser Profiles

Metadata for SAML 1.0 Web Browser Profiles

[MS-SSRTP]: Scale Secure Real-time Transport Protocol (SSRTP) Extensions

OpenSSH. 24th February ASBL CSRRT-LU (Computer Security Research and Response Team Luxembourg) 1 / 12

6 Cryptographic Operations API

Web Services Security X509 Certificate Token Profile

Cryptography. Summer Term 2010

APNIC elearning: Cryptography Basics

Network Working Group Request for Comments: 2085 Category: Standards Track NIST February HMAC-MD5 IP Authentication with Replay Prevention

Oracle Solaris Userland Cryptographic Framework Software Version 1.0 and 1.1

Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status

IPSec Transform Set Configuration Mode Commands

Web Services Security XCBF Token Profile

Bluefly Processor. Security Policy. Bluefly Processor MSW4000. Darren Krahn. Security Policy. Secure Storage Products. 4.0 (Part # R)

CSCE 813 Internet Security Secure Services I

Sharing Secrets using Encryption Facility - Handson

Version 2.0. FIPS Non-Proprietary Security Policy. Certicom Corp. September 27, 2005

Signature Profile for BankID

XML Query (XQuery) Requirements

CSCE 715: Network Systems Security

Transcription:

http://www.w3.org/tr/2009/wd-xmlsec-algor... 1 3/28/2009 11:34 AM XML Security Algorithm Cross-Reference W3C Working Draft 26 February 2009 This version: http://www.w3.org/tr/2009/wd-xmlsec-algorithms-20090226/ Latest version: http://www.w3.org/tr/xmlsec-algorithms/ Editors: Frederick Hirsch, Nokia Thomas Roessler, W3C Kelvin Yiu, Microsoft Copyright 2009 W3C (MIT, ERCIM, Keio), All Rights Reserved. W3C liability, trademark and document use rules apply. Abstract This Note summarizes XML Security algorithm URI identifiers and the specifications associated with them. Status of this Document This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at http://www.w3.org/tr/. This is a First Public Working Draft of "XML Security Algorithm Cross-Reference." This document is intended to serve as a cross-reference to various commonly used XML security specifications. It does not include any normative requirements of its own. This document was developed by the XML Security Working Group. Please send comments about this document to public-xmlsec-comments@w3.org (with public archive). Publication as a Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents

http://www.w3.org/tr/2009/wd-xmlsec-algor... 2 3/28/2009 11:34 AM at any time. It is inappropriate to cite this document as other than work in progress. This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. The group does not expect this document to become a W3C Recommendation. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy. Table of Contents 1 Introduction 2 Namespaces 3 Signature Algorithms 3.1 DSA 3.2 RSA 3.3 Elliptic Curve DSA 3.4 HMAC 4 Digest Methods 4.1 MD5 4.2 SHA variants 4.3 RIPEMD-160 5 Symmetric Key Encryption Algorithms 5.1 Block Encryption Algorithms DES 6 Key Transport Algorithms 7 Key Agreement Algorithm URIs 8 Symmetric Key Wrap Algorithm URIs 9 Canonicalization Algorithms 9.1 Inclusive Canonicalization 9.2 Exclusive Canonicalization 10 Transform Algorithms 11 Retrieval method type identifiers 12 References 1 Introduction The various XML Security specifications have defined a number of algorithms of various types, while allowing and expecting additional algorithms to be defined later. Over time, these identifiers have been defined in a number of different specifications, including XML Signature, XML Encryption, RFCs and elsewhere. This makes it difficult for users of the XML Security specifications to know whether and where a URI for an algorithm of interest has been defined, and can lead to the use of incorrect URIs. The purpose of this Note is to collect the various known URIs at the time of its publication and indicate the specifications in which they are defined in order to avoid confusion and errors. This note is not intended as an exhaustive list of all known related identifiers, some of

http://www.w3.org/tr/2009/wd-xmlsec-algor... 3 3/28/2009 11:34 AM which may have been defined by other standards or specifications. Furthermore, this note is not to be taken as normative regarding the information provided; if information here conflicts with the referenced specification, the specification takes precedence in all cases. The architecture of the XML Security specifications distinguishes between the (universally useful) identifiers for algorithms and the roles that these algorithms can take. Roles are identified through elements like ds:signaturemethod, ds:digestmethod, ds:canonicalizationmethod, or ds:transform, whereas the algorithms are identified through URIs. Explicit parameters for the respective algorithms are transmitted in child elements of the role element. 2 Namespaces This specification uses the following XML namespace prefixes: ds http://www.w3.org/2000/09/xmldsig# xenc http://www.w3.org/2001/04/xmlenc# dsig11 http://www.w3.org/2009/xmldsig11# dsigmore http://www.w3.org/2001/04/xmldsig-more# Algorithm URIs have been coined in a variety of namespaces, and are always given in full. 3 Signature Algorithms The algorithms listed in this section are typically used in the signature algorithm role, identified through the ds:signaturemethod role element ([XMLDSIG2e], section 4.3.2). Each signature method takes an octet-stream as input, and produces a signature value (an octet-stream that is always base64 encoded, see section 4.2 of [XMLDSIG2e]). 3.1 DSA A container for key material, ds:dsakeyvalue, is defined in section 4.4.2.1 of [XMLDSIG2e]. When used with ds:retrievalmethod, this container type is identified through the URI http://www.w3.org/2000/09/xmldsig#dsakeyvalue. DSA-SHA1 http://www.w3.org/2000/09/xmldsig#dsa-sha1 section 6.4.1 of [XMLDSIG2e] Implementation of this algorithm is required in both [XMLDSIG] and [XMLDSIG2e].

http://www.w3.org/tr/2009/wd-xmlsec-algor... 4 3/28/2009 11:34 AM 3.2 RSA This section lists variants of the RSA algorithm. A container for key material, ds:rsakeyvalue, is defined in section 4.4.2.2 of [XMLDSIG]. When used with ds:retrievalmethod, this container type is identified through the URI http://www.w3.org/2000/09/xmldsig#rsakeyvalue. RSA-MD5 http://www.w3.org/2001/04/xmldsig-more#rsa-md5 section 2.3.1 of [RFC4051] We only list the algorithm URI for RSA-MD5 for the sake of completeness. The cryptographic strength of the MD5 algorithm is sufficiently doubtful that its use is not recommended at this time. RSA-SHA1 http://www.w3.org/2000/09/xmldsig#rsa-sha1 section 6.4.2 of [XMLDSIG] Implementation of this algorithm is recommended in [XMLDSIG] and [XMLDSIG2e]. RSA-SHA256 http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 section 2.3.2 of [RFC4051] This algorithm is under consideration as a mandatory to implement algorithm for a future version of XML Signature [XMLDSIG11]. RSA-SHA384 http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 section 2.3.3 of [RFC4051] RSA-SHA512 http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 section 2.3.4 of [RFC4051] RSA-RIPEMD160 http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160 section 2.3.5 of [RFC4051]

http://www.w3.org/tr/2009/wd-xmlsec-algor... 5 3/28/2009 11:34 AM 3.3 Elliptic Curve DSA This section lists various variants of the Elliptic Curve DSA (ECDSA) algorithm. A container for key material, dsigmore:ecdsakeyvalue, is defined in [RFC4050]. No ds:retrievalmethod type URI is defined for this container. Work is under way to revise this container format. ECDSA-SHA1 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 section 2.3.6 of [RFC4051] ECDSA-SHA224 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224 section 2.3.6 of [RFC4051] ECDSA-SHA256 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 section 2.3.6 of [RFC4051] This algorithm is under consideration as a mandatory to implement algorithm for a future version of XML Signature [XMLDSIG11]. ECDSA-SHA384 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 section 2.3.6 of [RFC4051] ECDSA-SHA512 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 section 2.3.6 of [RFC4051] 3.4 HMAC The following URIs have been defined for various Message Authentication Codes that use the HMAC construction [RFC2104]. All of these algorithms take an explicit truncation length parameter. A container for this parameter, ds:hmacoutputlength, is defined in section 6.3.1 of [XMLDSIG2e]. This container occurs as a child element of the role element. HMAC-SHA1 http://www.w3.org/2000/09/xmldsig#hmac-sha1

http://www.w3.org/tr/2009/wd-xmlsec-algor... 6 3/28/2009 11:34 AM section 6.3 of [XMLDSIG] This algorithm is used as the default MAC algorithm in [XKMS2]. It is mandatory to implement in XML Signature [XMLDSIG], [XMLDSIG2e]. HMAC-SHA256 http://www.w3.org/2001/04/xmldsig-more#hmac-sha256 section 2.2.2 of [RFC4051] This algorithm is under consideration as a recommended algorithm for a future version of XML Signature [XMLDSIG11]. HMAC-SHA384 http://www.w3.org/2001/04/xmldsig-more#hmac-sha384 section 2.2.2 of [RFC4051] HMAC-SHA512 http://www.w3.org/2001/04/xmldsig-more#hmac-sha512 section 2.2.2 of [RFC4051] HMAC-RIPEMD160 http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160 Section 2.2.3 of [RFC4051] 4 Digest Methods The following URIs have been defined for Digest Methods. They are typically used in the ds:digestmethod role in [XMLDSIG]. Note that ds:digestmethod also occurs as in the context of xenc:agreementmethod, as specified in the Key Agreement part of [XMLENC]. 4.1 MD5 MD5 http://www.w3.org/2001/04/xmldsig-more#md5 section 2.1.1 of [RFC4051] We only list the algorithm URI for MD5 for the sake of completeness. The cryptographic strength of this algorithm is sufficiently doubtful that its use is not recommended at this time. 4.2 SHA variants

http://www.w3.org/tr/2009/wd-xmlsec-algor... 7 3/28/2009 11:34 AM Note that URIs for the various algorithms of the Secure Hash Algorithm family have been coined in a number of name spaces and specifications, specifically [XMLDSIG] (and, in this regard identically, [XMLDSIG2e]), [XMLENC], and [RFC4051]. SHA-1 http://www.w3.org/2000/09/xmldsig#sha1 section 6.2.1 of [XMLDSIG2e] SHA-1 is the only digest algorithm defined in [XMLDSIG2e], and is mandatory to implement in that specification, and in [XMLENC]. Given recent cryptographic research, however, future versions of the XML Signature specification are likely to recommend use of other, stronger digest algorithms over use of SHA-1, while maintaining SHA-1 as a mandatory to implement algorithm. SHA-224 http://www.w3.org/2001/04/xmldsig-more#sha224 section 2.1.2 of [RFC4051] SHA-256 http://www.w3.org/2001/04/xmlenc#sha256 section 5.7.2 of [XMLENC] This algorithm is under consideration as a mandatory to implement algorithm for a future version of XML Signature [XMLDSIG11]. It is recommended in [XMLENC]. SHA-384 http://www.w3.org/2001/04/xmldsig-more#sha384 section 2.1.3 of [RFC4051] SHA-512 http://www.w3.org/2001/04/xmlenc#sha512 section 5.7.3 of [XMLENC] 4.3 RIPEMD-160 RIPEMD-160 http://www.w3.org/2001/04/xmlenc#ripemd160 section 5.7.4 of [XMLENC]

http://www.w3.org/tr/2009/wd-xmlsec-algor... 8 3/28/2009 11:34 AM 5 Symmetric Key Encryption Algorithms The following URIs have been defined for symmetric key encryption algorithms. They typically appear in the xenc:encryptionmethod role. 5.1 Block Encryption Algorithms DES Triple DES (CBC mode) http://www.w3.org/2001/04/xmlenc#tripledes-cbc section 5.2.1 of [XMLENC] This algorithm is mandatory to implement in [XMLENC]. AES-128 (CBC mode) http://www.w3.org/2001/04/xmlenc#aes128-cbc section 5.2.2 of [XMLENC] This algorithm is mandatory to implement in [XMLENC]. AES-192 (CBC mode) http://www.w3.org/2001/04/xmlenc#aes192-cbc section 5.2.2 of [XMLENC] AES-256 (CBC mode) http://www.w3.org/2001/04/xmlenc#aes256-cbc section 5.2.2 of [XMLENC] This algorithm is mandatory to implement in [XMLENC]. 6 Key Transport Algorithms The following URIs have been defined for key transport algorithms. RSA-v1.5 http://www.w3.org/2001/04/xmlenc#rsa-1_5 section 5.4.1 of [XMLENC] This algorithm is mandatory to implement in [XMLENC]. RSA-OAEP

http://www.w3.org/tr/2009/wd-xmlsec-algor... 9 3/28/2009 11:34 AM http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p section 5.4.2 of [XMLENC] 7 Key Agreement Algorithm URIs The following URIs have been defined for key agreement algorithms. Diffie Hellman http://www.w3.org/2001/04/xmlenc#dh section 5.5.1 of [XMLENC] While this is the only key agreement algorithm defined in [XMLENC], it is optional to implement. A container for key material for this key agreement algorithm, xenc:dhkeyvalue, is defined in section 5.5.2 of [XMLENC]. When used with ds:retrievalmethod, this container type is identified through the URI http://www.w3.org/2001/04/xmlenc#dh. Elliptic Key Diffie-Hellman Key Agreement (Ephemeral-Static Mode) http://www.w3.org/2009/xmlenc11#ecdh-es section 5.5.4 of [XMLENC11] This algorithm is under consideration as a mandatory to implement algorithm for a future version of XML Encryption. [XMLENC11]. 8 Symmetric Key Wrap Algorithm URIs The following URIs have been defined for symmetric key wrap algorithms. CMS Triple-DES Key Wrap http://www.w3.org/2001/04/xmlenc#kw-tripledes section 5.6.2 of [XMLENC] This algorithm is mandatory to implement in [XMLENC]. AES Key Wrap 128 http://www.w3.org/2001/04/xmlenc#kw-aes128 section 5.6.3 of [XMLENC] This algorithm is mandatory to implement in [XMLENC].

http://www.w3.org/tr/2009/wd-xmlsec-algor... 10 3/28/2009 11:34 AM AES Key Wrap 192 http://www.w3.org/2001/04/xmlenc#kw-aes192 section 5.6.3 of [XMLENC] AES Key Wrap 256 http://www.w3.org/2001/04/xmlenc#kw-aes256 section 5.6.3 of [XMLENC] This algorithm is mandatory to implement in [XMLENC]. 9 Canonicalization Algorithms Canonicalization algorithms are used in [XMLDSIG]; they are typically used in the ds:canonicalizationmethod and ds:transform roles. 9.1 Inclusive Canonicalization Canonical XML 1.0 [C14N1.0] without comments is mandatory to implement in both XML Signature [XMLDSIG] and XML Signature Second Edition [XMLDSIG2e]. XML Signature Second Edition recommends use of Canonical XML 1.1 [C14N1.1] over use of Canonical XML 1.0 when inclusive canonicalization is desired, to address known issues with Canonical XML 1.0. The canonicalization methods listed in this section accept a node-set or octet-stream as input, and produce an octet-stream as output. Canonical XML 1.0 (omits comments) http://www.w3.org/tr/2001/rec-xml-c14n-20010315 section 6.5.1 of [XMLDSIG2e] This algorithm is mandatory to implement in [XMLDSIG] and [XMLDSIG2e]. Canonical XML 1.0 with Comments http://www.w3.org/tr/2001/rec-xml-c14n-20010315#withcomments section 6.5.1 of [XMLDSIG2e] Canonical XML 1.1 (omits comments) http://www.w3.org/2006/12/xml-c14n11 section 6.5.2 of [XMLDSIG2e] This algorithm is mandatory to implement in [XMLDSIG2e]. Its use is recommended over Canonical XML 1.0.

http://www.w3.org/tr/2009/wd-xmlsec-algor... 11 3/28/2009 11:34 AM Canonical XML 1.1 with Comments http://www.w3.org/2006/12/xml-c14n11#withcomments section 6.5.2 of [XMLDSIG2e] 9.2 Exclusive Canonicalization Exclusive Canonicalization XML 1.0 (omits comments) http://www.w3.org/2001/10/xml-exc-c14n# section 4 of [EXC-C14N1.0] Exclusive Canonicalization XML 1.0 with Comments http://www.w3.org/2001/10/xml-exc-c14n#withcomments section 4 of [EXC-C14N1.0] 10 Transform Algorithms This section lists algorithms that typically occur in the ds:transform role. ds:transform is defined in detail in the XML Signature Reference Processing Model ([XMLDSIG2e], section 4.3.3.2). This processing model is, in turn, applied both to signed material, and to key material referenced through ds:retrievalmethod ([XMLDSIG2e], section 4.4.3). The ds:transform role element is also used by the optional xenc:transforms feature which is specified in the context of xenc:cipherreference in XML Encryption ([XMLENC], section 3.3.1). Transform algorithms can take an octet-stream or a node-set as input, and can produce either an octet-stream or a node-set as output. Base64 decoding transform http://www.w3.org/2000/09/xmldsig#base64 section 6.6.2 of [XMLDSIG2e] Input: octet-stream, node-set Output: octet-stream Implementation is required in [XMLDSIG2e] and [XMLENC]. XPath Filtering http://www.w3.org/tr/1999/rec-xpath-19991116

http://www.w3.org/tr/2009/wd-xmlsec-algor... 12 3/28/2009 11:34 AM section 6.6.3 of [XMLDSIG2e] Input: octet-stream, node-set Output: node-set XML-Signature XPath Filter 2.0 http://www.w3.org/2002/06/xmldsig-filter2 [FILTER2] Input: octet-stream, node-set Output: node-set Enveloped Signature Transform http://www.w3.org/2000/09/xmldsig#enveloped-signature section 6.6.4 of [XMLDSIG2e] Input: node-set (same-document) Output: node-set This transform is required in [XMLDSIG], [XMLDSIG2e]. XSLT Transform http://www.w3.org/tr/1999/rec-xslt-19991116 section 6.6.5 of [XMLDSIG2e] Input: octet-stream Output: octet-stream Decryption Transform (XML mode) http://www.w3.org/2002/07/decrypt#xml [DecryptTransform] Input: node-set Output: node-set Decryption Transform (binary mode) http://www.w3.org/2002/07/decrypt#binary [DecryptTransform] Input:

http://www.w3.org/tr/2009/wd-xmlsec-algor... 13 3/28/2009 11:34 AM node-set Output: octet-stream 11 Retrieval method type identifiers The ds:retrievalmethod element permits referencing key material that is stored outside a ds:keyinfo element. The type of the material that results from retrieval of the URI reference (and possible transform processing) can be identified using the Type attribute. Note: ds:retrievalmethod may be deprecated in future versions of XML Signature, and is rarely used in practice. The following Type values identify an XML element or document with the given element as its root: http://www.w3.org/2000/09/xmldsig#dsakeyvalue ds:dsakeyvalue, see section 4.4.2.1 of [XMLDSIG2e]. http://www.w3.org/2000/09/xmldsig#rsakeyvalue ds:rsakeyvalue, see section 4.4.2.2 of [XMLDSIG2e]. http://www.w3.org/2000/09/xmldsig#x509data ds:x509data, see section 4.4.4 of [XMLDSIG2e]. http://www.w3.org/2000/09/xmldsig#pgpdata ds:pgpdata, see section 4.4.5 of [XMLDSIG2e]. http://www.w3.org/2000/09/xmldsig#spkidata ds:spkidata, see section 4.4.6 of [XMLDSIG2e]. http://www.w3.org/2000/09/xmldsig#mgmtdata ds:mgmtdata, see section 4.4.7 of [XMLDSIG2e]. http://www.w3.org/2001/04/xmldsig-more#keyvalue ds:keyvalue, see section 4.4.2 of [XMLDSIG2e]. http://www.w3.org/2001/04/xmldsig-more#retrievalmethod ds:retrievalmethod, see secion 4.4.3 of [XMLDSIG2e]. http://www.w3.org/2001/04/xmldsig-more#keyname ds:keyname, see section 4.4.1 of [XMLDSIG2e]. http://www.w3.org/2001/04/xmldsig-more#pkcs7signeddata dsigmore:pkcs7signeddata, see section 3.1 of [RFC4051]. The following Type values identify the type of raw binary data: http://www.w3.org/2001/04/xmldsig-more#rawx509crl http://www.w3.org/2001/04/xmldsig-more#rawpgpkeypacket http://www.w3.org/2001/04/xmldsig-more#rawspkisexp http://www.w3.org/2001/04/xmldsig-more#rawpkcs7signeddata http://www.w3.org/2000/09/xmldsig#rawx509certificate 12 References C14N1.0 Canonical XML 1.0, John Boyer. W3C Recommendation 15 March 2001,

http://www.w3.org/tr/2001/rec-xml-c14n-20010315. C14N1.1 Canonical XML 1.1, John Boyer, Glenn Marcy. W3C Recommendation 2 May 2008, http://www.w3.org/tr/2008/rec-xml-c14n11-20080502/. DecryptTransform Decryption Transform for XML Signature, Merlin Hughes, Takeshi Imamura, Hiroshi Maruyama. W3C Recommendation 10 December 2008, http://www.w3.org/tr/2002/rec-xmlenc-decrypt-20021210. EXC-C14N1.0 Exclusive XML Canonicalization Version 1.0, John Boyer, Donald E. Eastlake 3rd, Joseph Reagle. W3C Recommendation 18 July 2002, http://www.w3.org/tr/2002/rec-xml-exc-c14n-20020718/. FILTER2 XML-Signature XPath Filter 2.0, J. Boyer, M. Hughes, J. Reagle. W3C Recommendation 8 November 2002. http://www.w3.org/tr/2002/rec-xmldsig-filter2-20021108/. RFC2104 HMAC: Keyed-Hashing for Message Authentication, H. Krawczyk, M. Bellare, R. Canetti, RFC 2104, February 1997. http://www.ietf.org/rfc/rfc2104.txt. RFC4050 Using the Elliptic Curve Signature Algorithm (ECDSA) for XML Digital Signatures. S. Blake-Wilson, G. Karlinger, T. Kobayashi, Y. Wang. IETF 4050, April 2005. http://www.ietf.org/rfc/rfc4050.txt. RFC4051 Additional XML Security Uniform Resource Identifiers (URIs), D. Eastlake, RFC 4051, April 2005, http://www.ietf.org/rfc/rfc4051.txt. XKMS2 XML Key Management Specification (XKMS 2.0) Version 2.0, P Hallam-Baker, S. Mysore, W3C Recommendation 28 June 2005, http://www.w3.org/tr/2005/rec-xkms2-20050628/. XMLDSIG XML-Signature Syntax and Processing, D. Eastlake, J. R., D. Solo, M. Bartel, J. Boyer, B. Fox, E. Simon. W3C Recommendation, 12 February 2002, http://www.w3.org/tr/2002/rec-xmldsig-core-20020212/. XMLDSIG11 XML Signature Syntax and Processing Version 1.1. W3C Working Draft 26 February 2009, http://www.w3.org/tr/2009/wd-xmldsig-core1-20090226/. XMLDSIG2e XML Signature Syntax and Processing (Second Edition), W3C Recommendation 10 June 2008 http://www.w3.org/tr/2008/rec-xmldsig-core-20080610/ XMLENC XML Encryption Syntax and Processing, D. Eastlake, J. Reagle, W3C Recommendation 10 December 2002, http://www.w3.org/tr/2002/rec-xmlenc-core-20021210/. XMLENC11 XML Encryption Syntax and Processing Version 1.1, W3C Working Draft 26 February 2009, http://www.w3.org/tr/2009/wd-xmlenc-core1-20090226/. http://www.w3.org/tr/2009/wd-xmlsec-algor... 14 3/28/2009 11:34 AM

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback