W3C-XML-SIGNATURE
W3C XML Signature XML-DSig digital signature.
Definition
XML-DSig structure: <Signature> root element XML namespace 'http://www.w3.org/2000/09/xmldsig#'. Children: <SignedInfo> (CanonicalizationMethod, SignatureMethod, Reference with URI + Transforms + DigestMethod + DigestValue), <SignatureValue> (base64 signature bytes), <KeyInfo> (X509Certificate, KeyValue, KeyName). Standard algorithms: Digest (SHA-1 deprecated, SHA-256 default, SHA-384, SHA-512), Signature (RSA-SHA256, ECDSA-SHA256, DSA-SHA256), Canonicalization (Canonical XML 1.0, C14N 1.1, Exclusive C14N), Transform (Enveloped Signature, XPath, XSLT). Signature types: (1) Detached (signature separate from signed data), (2) Enveloped (signature within same signed document), (3) Enveloping (signed data within Signature element). Massive usage: SOAP WS-Security (security headers), SAML assertions (SSO identity), XBRL filings SEC France/CNAV/etc., XAdES (XML Advanced Electronic Signatures EU eIDAS), e-invoicing FatturaPA Italy, Saudi ZATCA Phase 2, Mexico SAT CFDI.
Origin
W3C XML Signature Working Group 1999 ; XML Signature 1.0 W3C Recommendation 12 February 2002 ; XML Signature 1.1 W3C Recommendation 11 April 2013 (basically tightening 1.0).
Example in context
FatturaPA Italy uses XML-DSig to sign e-invoice invoices: invoice XML enveloped signature, RSA-SHA256 algorithm, ICP-Italia X509 certificate, SdI Sistema di Interscambio transmission validates signature before relaying to recipient.
Related terms
- W3C XML Encryption — XML security complement.