1. Validation and Semantics of XML Digital Signatures
Paul A. Lambert April 15, 1999

2. Overview Meaning Validation processing Key Usage Delegation
Recommendations

3. What is the meaning of a Signature?
I approve? I created? I read? I grant?
Signature “meaning” is not part of the signed document!
XML signatures must carry signature meaning separate from signed information

4. Validation Determine algorithms, signature formats, and key
Hash appropriate data
Use appropriate algorithms and key to create signature over hashed information
Compare computed signature to attached signature
Determine if the key was trusted for this usage
is the key valid?
Is it appropriate for this XML application?

5. Key Usage Validation: Usage must be tied to XML schema cryptographic
is the key valid?
is the key appropriate fo this application?
Usage must be tied to XML schema
Embed XML in X.509?
Create XML protery authorization certificates!

6. Delegation and Authorization
XML statements can delegate trust to determine key usage
Trust management
Assignment of rights to make statements in specific ranges.
Grant rights for ranges of target and range of signature semantic property values

7. Signatures versus Authorization
Signatures are statements of the form: “In {schema}, {key_holder} says {object}has {property}”.
Authorization statements are of the form: “In {schema}, {key_holder-1} grants {key_holder-2} the rights to make statements in {object_range}{property_range}”.

8. Recommendations XML signatures should include signature semantics
perhaps all XML signatures are a type of RDF statement
XML signature specification must include complete description of validity processing
Authorization should be supported
perhaps a specifc type of RDF statement to grant property ranges to subject ranges

9. Contact Information
Paul A. Lambert
Certicom Corp.
25801 Industrial Blvd.
Hayward, CA, 96565