Before we understand what XML Signature is, we must first understand what digital signatures are. A digital signature leverages encryption technology to support nonrepudiation, or the ability to validate that a party has "signed off" on a particular document. This is a binding legal agreement, such as ordering custom-built products. Digital signatures, in general, rely on public key cryptography, applying a signing encryption algorithm with a private key. The receiver can validate the signature by using a verification encryption algorithm, and thus the generated value should match up. If the information is different, then they won't match and the signature will be invalid. This is important in the world of application integration when considering work flow issues, or the movement of information between parties, and the validation of that information as signed off by the parties. What's more, some data exchange operations may rely on digital signatures, as well; for example, the ability to do electronic business with a clear understanding that agreements digitally signed are as good as signed work orders or purchase orders. XML Signature is the specific syntax that represents a digital signature over any digital content. XML Signatures can be applied to any digital content, including XML, an HTML page, binary-encoded data (such as a GIF), XML-encoded data, and a specific section of an XML file. There are three types of XML Signatures:
An enveloped signature is a signature on a document, where the XML Signature will be embedded within the signed document. An enveloping signature is a signature where the signed data is embedded within the XML Signature structure itself. A detached signature is a signature where the signed entities and signature are separate from each other. Once we understand digital signatures, we also need to understand how an application might create and verify a signature. All PKI systems provide APIs that allow you to leverage process signatures, but it would be much more efficient if this code was reusable. To address this issue, the OASIS Digital Signature Services (DSS) Technical Committee is to create a specification for a set of Web services that can create and validate XML Signatures.
|