Integrity and Non-Repudiation: XML Signature
XML Signature is used to ensure message integrity on all or part of an XML document. The standard doesn't define new signature methods, but instead specifies how the digital signature technology we've already discussed can be used inside XML documents. As we've seen, digital signatures can be used to ensure message integrity by showing that data has not been changed through some error during transport or as the result of a malicious attack. Digital signatures also prevent a signer from repudiating a message. XML Signature is a foundational standard that is used by other standards we'll discuss in this chapter, such as SAML, because they are also based on XML.
Like any standard, XML Signature has options for numerous contingencies that make it seem complicated, but at its heart it is quite simple. An XML Signature is contained in a <Signature/> element and consists of three main parts:
The
<SignedInfo/>element contains a reference to the data that has been signed along with information about how it was made canonical, what signature method was used, relevant digest information, and any transformations that were applied.The
<SignatureValue/>element contains the actual signature.The
<KeyInfo/>element contains the key information necessary to validate the signature.
Using the XML Signature standard, parts of a document can be signed, and multiple entities can sign the same or different parts of a single document.
The following example of an ...
Get Digital Identity now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
