11.1 P3P XMLDSIG | Secure XML: The New Syntax for Signatures and Encryption

P3P, the Platform for Privacy Preferences [P3P], provides a syntax for Web sites to specify their privacy policies in a standard format. A privacy policy indicates what information the Web site retains and how it uses that information. P3P seeks to inform Web services users of the available policies of the sites they visit. Users can select among the available policies or refuse to use the offered service if no acceptable policy is acceptable. The intention in standardizing the expression of privacy policies is to enable the automation of such decisions.

Clearly, user assurance of the authenticity of such privacy policy information is desirable for any user who wants to have confidence in the policy descriptions and, potentially, the ability to call on third parties to take action if such policies are violated.

11.1.1 Linkage of XMLDSIG to P3P Semantics

Although P3P policies appear in XML, P3P's syntax does not permit the inclusion of signatures in its constructs. However, the [P3P-Sec] W3C Note profiles a way to "assure" a P3P policy with an enveloping or detached XML digital signature. This assurance means that the specified dispute service enforces the signed P3P policy using the specified remedies, as long as the signature key matches the dispute service key.

You accomplish this goal by specifying an "Assures" element that appears within a SignatureProperty element in a SignatureProperties element. The signing of such a SignatureProperties by a Reference from a Signature element binds the assurance to the key employed for this signing.

In addition, the "verification" attribute of a "disputes" clause in the P3P policy can point to a signature containing an Assures element. The signature can then be found starting with the policy, as shown in Example 11-1.

Applications must use additional mechanisms to determine whether the application can trust that the key belongs to the dispute service. In addition, anyone depending on a signature should confirm that the key size and type and algorithms in use provide adequate security for the user's purposes.

Example 11-1 P3P policy with signature verification

 http://www.example.org/p3p.xml <POLICY xmlns="http://www.w3.org/2000/09/15/P3Pv1" discuri="http://www.example.com/PrivacyPracticeBrowsing.html"> ... <DISPUTES-GROUP>   <DISPUTES resolution-type="independent"     service="http://www.PrivacySeal.example.org"     short-description="PrivacySeal.example.org"     verification="http://www.example.org/Signature.xml">    <IMG src="/books/2/329/1/html/2/http://www.PrivacySeal.example.org/Logo.gif"         alt="PrivacySeal's logo"/>    <REMEDIES><correct/></REMEDIES>   </DISPUTES> </DISPUTES-GROUP> <STATEMENT>   <PURPOSE><admin/><develop/></PURPOSE>   <RECIPIENT><ours/></RECIPIENT>   <RETENTION><stated-purpose/></RETENTION>   <DATA-GROUP>    <DATA ref="#dynamic.clickstream.clientip"/>    <DATA ref="#dynamic.http.useragent"/>   </DATA-GROUP> </STATEMENT> </POLICY>

11.1.2 Specific Assurance Syntax

The syntax of the Assures element follows:

 Schema Definition: <?xml version='1.0'?> <!DOCTYPE schema SYSTEM                  'http://www.w3.org/1999/XMLSchema.dtd'> <schema targetNamespace='http://www.w3.org/2001/02/xmldsig-p3p-profile'   version='0.1'   xmlns='http://www.w3.org/2000/10/XMLSchema'   xmlns:profile='http://www.w3.org/2001/02/xmldsig-p3p-profile'   elementFormDefault='qualified'>   <element name='Assures'>     <complexType>       <all>         <element ref='profile:P3P-Policy' minOccurs='0' />         <element ref='profile:Signature' minOccurs='0' />       </all>       <attribute name='via' type='URI'/>       <attribute name='Id' type='ID' use='optional'/>     </complexType>   </element>   <element name='P3P-Policy'>     <complexType>       <sequence>         <any namespace='http://www.w3.org/2000/10/18/P3Pv1'/>       </sequence>       <attribute name='Id' type='ID' use='required'/>     </complexType>   </element>   <element name='Signature'>     <complexType>       <sequence>         <any namespace='http://www.w3.org/2000/09/xmldsig#'/>       </sequence>       <attribute name='Id' type='ID' use='required'/>     </complexType>   </element> </schema>

11.1.3 P3P XMLDSIG Use

Applications and users can use the P3P profiled XML signature in several ways; some examples follow. Other arrangements are also possible.

Detached Signature Element

A Signature element can appear separately that points to and provides assurance for a P3P policy. Example 11-2 shows a made-up Signature element that signs a P3P policy through its first Reference and then signs the semantic assertion that this policy is assured through its second Reference.

Example 11-2 Detached P3P signature

 <Signature             xmlns="http://www.w3.org/2000/09/xmldsig#">   <SignedInfo>     <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2000/WD-xml-c14n-20000907"/>     <SignatureMethod      Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>     <Reference URI="http://www.foo.example/p3p.xml">       <Transforms>         <Transform Algorithm="http://www.w3.org/TR/2000/WD-xml-c14n-20000907"/>       </Transforms>      <DigestMethod        Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>      <DigestValue>V3CLi8jBwTEODuttbdtXV5e3t6k=</DigestValue>     </Reference>     <Reference URI="#Assurance1" Type="http://www.w3.org/2000/09/xmldsig#SignatureProperties">      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>      <DigestValue>/GgdHYV6emaoqH8UFIdgYKFMTBE=</DigestValue>     </Reference>   </SignedInfo>   <SignatureValue>     Kslvb0xDQ05DQzMeHnXc3GTk5C08PJEJCdeHh6b8/Ijp6Sp1ddRqag==   </SignatureValue>   <KeyInfo>     <DSAKeyValue>       ...KeyInfo of the Disputes Service...     </DASKeyValue>   </KeyInfo>   <Object>     </SignatureProperties>       <SignatureProperty                           Target="#Signature1"         xmlns="http://www.w3.org/2000/09/xmldsig#">         <Assures Policy="http://www.foo.example/p3p.xml" xmlns="http://www.w3.org/2001/02/xmldsig-p3p-profile"/>       </SignatureProperty>     </SignatureProperties>   </Object> </Signature>

Enveloping Signature/Assures

Rather than referencing an external policy, the Signature element can also enclose the policy by adding another Object within the Signature to contain it. The Assures element can also directly enclose the policy. These arrangements are relatively straightforward, so this book does not provide a specific example of them.

11.1.4 Limitations

For P3P to succeed, widespread compatibility and interoperability are clearly desirable. Consequently, the P3P XMLDSIG profile places stringent limitations on the signatures that you use in this context. The following list identifies these limitations and the identifying URIs for allowed choices.

The only CanonicalizationMethod allowed is Canonical XML, http://www.w3.org/TR/2000/WD-xml-c14n-20001011.
Only two SignatureMethod algorithms are allowed:
- DSA, http://www.w3.org/2000/09/xmldsig#dsa-sha1
- RSA, http://www.w3.org/2000/09/xmldsig#rsa-sha1
The only DigestMethod allowed is SHA-1, http://www.w3.org/2000/09/xmldsig#sha1.
Only two Transforms are allowed:
- Canonical XML, http://www.w3.org/TR/2000/WD-xml-c14n-20000907.
- P3P Statement to HTML/English XSLT. This specification provides an [XSLT] instance that changes a P3P statement into an HTML page using English to describe that statement. It is available from http://www.w3.org/2001/02/xmldsig-p3p-profileenglish.xsl.
Only two KeyInfo formats are allowed:
- DSAKeyValue, http://www.w3.org/2000/09/xmldsig#dsa-sha1
- RSAKeyValue, http://www.w3.org/2000/09/xmldsig#rsa-sha1