Any particular application of XMLDSIG requires a specific profiling of XMLDSIG. That is, it requires a specification of the following issues:
When developers design security into an application from the beginning, they should integrate this profiling of XMLDSIG (and perhaps XML Encryption) into the general specification of the application. XML Key Management (see Chapter 14) is an application that uses XMLDSIG as a building block and so integrates a profile of how XMLDSIG will be used into its general specification. P3P (Platform for Privacy Preferences) and SOAP (see Chapter 8) are two examples of initially insecure applications for which separate profiles have been written. These profiles, which exist as separate W3C Notes, are described in this chapter. Because neither is a standard yet, changes or replacements may occur before a security profile emerges as a standard for P3P or SOAP.
This chapter assumes familiarity with the XML Digital Signature standard (see Chapter 10). Some familiarity with P3P and SOAP will also be helpful.