W3C-XML-SIGNATURE
W3C XML Signature XML-DSig digital signature.
Définition
XML-DSig structure : <Signature> root element XML namespace 'http://www.w3.org/2000/09/xmldsig#'. Children : <SignedInfo> (CanonicalizationMethod, SignatureMethod, Reference avec URI + Transforms + DigestMethod + DigestValue), <SignatureValue> (base64 signature bytes), <KeyInfo> (X509Certificate, KeyValue, KeyName). Algorithms standards : Digest (SHA-1 deprecated, SHA-256 default, SHA-384, SHA-512), Signature (RSA-SHA256, ECDSA-SHA256, DSA-SHA256), Canonicalization (Canonical XML 1.0, C14N 1.1, Exclusive C14N), Transform (Enveloped Signature, XPath, XSLT). Signature types : (1) Detached (signature separe du data signe), (2) Enveloped (signature dans document signe meme), (3) Enveloping (data signe dans element Signature). Usage massif : SOAP WS-Security (security headers), SAML assertions (SSO identity), XBRL filings SEC France/CNAV/etc., XAdES (XML Advanced Electronic Signatures EU eIDAS), e-invoicing FatturaPA Italy, Saudi ZATCA Phase 2, Mexique SAT CFDI.
Origine
W3C XML Signature Working Group 1999 ; XML Signature 1.0 W3C Recommendation 12 fevrier 2002 ; XML Signature 1.1 W3C Recommendation 11 avril 2013 (basically tightening 1.0).
Exemple en contexte
FatturaPA Italie utilise XML-DSig pour signer factures e-invoice : invoice XML enveloped signature, RSA-SHA256 algorithm, certificate ICP-Italia X509, transmission SdI Sistema di Interscambio qui valide signature avant relayer to recipient.
Termes liés
- W3C XML Encryption — complement security XML.