server_playground/doc/www.w3.org/Signature/Activity

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<head>
  <title>XML Digital Signature Activity Statement</title>
  <link type="text/css" rel="stylesheet" href="../StyleSheets/activity.css" />
  <style type="text/css">
<!--
   body { background: #fff; color: #000; } /* for Windows IE3 */
-->


  </style>
</head>

<body xml:lang="en" lang="en">
<p class="banner"><a href="http://www.w3.org/"><img
src="http://www.w3.org/Icons/w3c_home" alt="W3C" height="48" width="72"
/></a><a href="http://www.w3.org/TandS/"><img
src="http://www.w3.org/Icons/tands" alt="Technology and Society Domain"
height="48" width="212" /></a><img
src="http://www.w3.org/Icons/ActivityStatement" alt="Activity Statement"
/></p>

<h1>XML Digital Signatures<br />
Activity Statement</h1>

<div class="splash">
<p>Work on Digital Signatures is being managed as part of W3C's <a
href="../TandS/">Technology and Society</a> domain.</p>
</div>
<ol>
  <li><a href="#intro">Introduction</a></li>
  <li><a href="#role">Role of W3C</a></li>
  <li><a href="#current">Current Situation and Accomplishments</a></li>
  <li><a href="#future">What the Future Holds</a></li>
  <li><a href="#contact">Contact</a></li>
</ol>

<h2><a id="intro" name="intro"></a>Introduction</h2>

<p>Digital signatures provide integrity, signature assurance and
non-repudiatability over Web data. Such features are especially important for
documents that represent commitments such as contracts, price lists, and
manifests. In view of recent Web technology developments, future work will
address the digital signing of XML -- and any of its applications such as <a
href="http://www.w3.org/RDF/">RDF</a> (Resource Description Framework) or <a
href="http://www.w3.org/P3P/">P3P</a> (Platform for Privacy Preferences).
This capability is critical for a variety of electronic commerce
applications, including payment tools.</p>

<div class="color">
<h2>Concepts Simply Explained</h2>

<h3>Overview</h3>

<p>Digital signatures are created and verified using cryptography, the branch
of applied mathematics concerned with transforming messages into seemingly
unintelligible forms and then back again. Digital signatures are created by
performing an operation on information such that others can confirm that a
holder of a secret performed the operation and that the signed information
has not subsequently changed. In a symmetric key system, both the sender and
receiver need to be privy to the secret. In the public key cryptographic
system, the holder of the private (secret) key signs information, but anyone
with access to the public key can confirm that the signature is valid. The
novel feature of public key cryptography is that knowledge of the public key
used to confirm signatures does not reveal information about the private key
itself.</p>

<h3>Web data and digital signatures</h3>

<p>Structured information permits data to be readily read, exchanged, and
acted upon by Web agents. The scope of such information often includes
media-independent data for electronic publishing, electronic commerce and --
critically -- information about other information (metadata). The <a
href="http://www.w3.org/">W3C's</a> <a
href="http://www.w3.org/TR/REC-xml">Extensible Markup Language (XML)</a>
Recommendation specifies a standard syntax for structuring Web documents. The
content of the document structure is arbitrary; anyone can create a XML data
structure (be it a bibliographic format or cooking recipe) as long as it is
well-formed. By adding the ability to associate the semantics of the
structured information to a resource one has the capability to make
assertions about it! The W3C's <a id="PR-rdf-syntax"
href="http://www.w3.org/TR/REC-rdf-syntax/" name="PR-rdf-syntax">Resource
Description Framework (RDF)</a> Recommendation as well as the work on the <a
href="http://www.w3.org/TR/xlink/">XML Linking Language</a> provide this
capability. For example, "The resource at http://example.com/~foo.html &nbsp;
has a bibliographic entry as follows ...." The combination of metadata and
digital signature capabilities will aid in building a genuine Web of
Trust.</p>
</div>

<h2><a id="role" name="role">Role of W3C</a><a
href="http://www.w3.org/TR/REC-rdf-syntax/"></a></h2>

<p>This Working Group is a joint activity of the W3C and the IETF.</p>

<h2><a id="current" name="current">Current Situation and
Accomplishments</a></h2>

<p>All chartered deliverables have been completed.</p>

<p>The <a href="http://www.w3.org/TR/xmldsig-requirements">XML-Signature
Requirements</a> specification completed W3C Last Call in August 1999, and
has been published as <a
href="http://www.ietf.org/rfc/rfc2807.txt">Informational RFC 2807</a>.</p>

<p>In February 2002, the <a href="http://www.w3.org/TR/xmldsig-core/">XML
Signature Syntax and Processing</a> specification was published as a W3C
Recommendation. One month later it was published as Draft Standard <a
href="http://www.ietf.org/rfc/rfc3275.txt">RFC 3275</a>. As of April 2002,
there are 15 implementations reporting interoperability, 3 of which are open
source.</p>

<p>In July 2002, the <a href="http://www.w3.org/TR/xml-exc-c14n">Exclusive
Canonicalization</a> specification was published as a Recommendation. As of
September 2002, there are 6 implementations reporting <a
href="http://www.w3.org/Signature/2002/02/01-exc-c14n-interop.html">interoperability</a>,
2 of which are open source.</p>

<p>In November 2002, the <a
href="Drafts/xmldsig-filter2/Overview.html">XML-Signature XPath Filter
2.0</a> specification was published as a  Recommendation. At that time, there
are 5 implementations reporting <a
href="http://www.w3.org/Signature/2002/05/xmldsig-filter2-interop.html">interoperability</a>,
2 of which are open source.</p>

<h2><a id="future" name="future">What the Future Holds</a></h2>

<p>The XML Signature Working Group charter terminated on <span
class="endingDate">2002-12-31</span>. The mailing list may be used for
discussion discussion of errata, operational experience, and requirements for
new work.</p>

<h2><a id="contact" name="contact">Contact</a></h2>
<address>
  <a href="http://www.w3.org/People/Reagle/Overview.html">Joseph M. Reagle
  Jr.</a>, &lt;<a href="mailto:reagle@w3.org">reagle@w3.org</a>&gt; W3C
  Activity Lead and Co-Chair
</address>

<div class="footer">
<hr />

<p><a href="http://validator.w3.org/"><img src="/Icons/valid-xhtml10"
alt="Valid XHTML 1.0!" height="31" width="88" /></a></p>

<p>Last modified $Date: 2003/04/27 06:33:07 $</p>

<p class="copyright"><a rel="Copyright"
href="/Consortium/Legal/ipr-notice#Copyright">Copyright</a> © 1999-2003 <a
href="/"><acronym
title="World Wide Web Consortium">W3C</acronym></a><sup>®</sup> (<a
href="http://www.lcs.mit.edu/"><acronym
title="Massachusetts Institute of Technology">MIT</acronym></a>, <a
href="http://www.ercim.org/"><acronym
title="European Research Consortium for Informatics and Mathematics">ERCIM</acronym></a>,
<a href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C <a
href="/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a
href="/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a>, <a
rel="Copyright" href="/Consortium/Legal/copyright-documents">document use</a>
and <a rel="Copyright" href="/Consortium/Legal/copyright-software">software
licensing</a> rules apply. Your interactions with this site are in accordance
with our <a href="/Consortium/Legal/privacy-statement#Public">public</a> and
<a href="/Consortium/Legal/privacy-statement#Members">Member</a> privacy
statements.</p>
</div>
</body>
</html>