Re: Signing/Encrypting XML

Joseph M. Reagle Jr. (
Wed, 24 Feb 1999 14:18:56 -0500

At 10:31 PM 1/31/99 -0800, The Jester wrote:
>Which brings me to my question, does anyone know of any work to define a
>canonical form for XML so as to make it suitable for hashing, needed to
>generate signatures? Better yet, does anyone know of any code (preferably
>in Java) which will take XML (preferably from the DOM) and output the
>canonical form?

A couple of weeks later, but....

Call for Participation:

XML-DSig '99: The W3C Signed XML Workshop

April 15th and 16th, 1999
Boston, Massachusetts

* Workshop Scope
* Expected Audience
* Position Papers
* Registration
* Workshop Organization

See the following for the complete call for participation:

Workshop Scope

Structured information permits data to be easily read, exchanged, and
acted upon by Web agents. The scope of such information often includes
media-independent data for electronic publishing, electronic commerce
and -- critically -- information about other information (metadata).
The W3C's Extensible Markup Language (XML) Recommendation
specifies a standard syntax for structuring Web documents. The content
of the document structure is arbitrary; anyone can create a XML data
structure (be it a bibliographic format or cooking recipe) as long as
it is well formed. One can also associate (through RDF or
Xlink) the meaning of the structured information to a Web
resource. For example, "The resource at
has a bibliographic entry as follows ...." This is very powerful!

However, the usefulness of structured information is dependent on how
trustworthy it is. Is the authenticity of an assertion or the
integrity of a price list assured? The goal of the XML-DSig workshop
is to explore current work on XML, metadata, and machine readable
semantics in the context of digital signatures. A result of this
workshop may be a W3C activity that produces a specification for
assuring the authenticity and integrity of Web data.

Further information on the character of W3C workshops can be seen in
the W3C process document.

Expected Audience

We expect several groups to contribute to the workshop:
* Members of W3C working groups that are concerned about the
integrity and authenticity of metadata structures and
applications, such as the XML, RDF, and P3P working groups.
* Organizations addressing Web information and capability
* Organizations addressing trust management on the Web.

The workshop is an open event; space is limited and preference will be
given to (1) W3C members and (2) experts in the field of metadata and
digital signatures.

Position Papers

Position papers are the basis for the discussion at the workshop. A
position paper is usually short, around 1 to 4 pages and summarizes:
* What are the needs of your company/organization in the signed XML
area that you would like to have addressed in the Workshop.
* What are your general expectations on the final outputs of the
* Optionally, what can be your potential contributions to the
discussion, related ideas, suggested solutions. In the case of a
well-defined technical contribution, this may be accompanied to
the position paper as a separate paper, that may exceed the 5
pages limit.

Example topics:
* The canonicalization of XML syntax; the canonicalization of
XML/DOM or RDF semantics.
* A schema definition (XML/RDF) or link type definition
(XLink) that captures common semantics relevant to signed
assertions about Web resources and their relationships.
* Methods for processing composite/compound documents consisting of
XML and non-XML data as well as for processing external signature
blocks and assertions.
* Reports of cryptographic implementations that are used to sign Web
information today; reports of real world experiences in satisfying
the business and legal requirements for binding agreements in
digital form.
* Requirements for digital signatures over international
cryptographic and content formats.
* Methods of achieving interoperability and extensibility over a
variety encoding methods, algorithms and trust management systems.
* Requirements for applying signed-XML to HTML, particularly to the
HTML <HEAD> element so as to help alleviate problems of
"header-spam" that results in biased or poor query results at
search engines.
* Survey of Web applications requiring signatures: XML-EDI, payment,
P3P, workflow processing, etc.
* The relationship of trust languages or logic to metadata (XML)
query languages. (Trust and permissions questions might be
represented as a query over structured permissions, see the recent
Query Language Workshop.)

Position papers must be sent via e-mail to the Workshop Chair
( by the March 29 1999. Allowed formats are HTML and
ASCII. Good examples of position papers can be seen from the QL'98

Position papers will be published on the public web pages (unless the
author requests otherwise) and distributed as printed notes to all the
participants. The Chair can ask the authors of particularly
representative position papers to explicitly present their position at
the workshop to foster discussion. In this case, the authors are also
invited to make the slides of the presentation available on the
workshop web site. Note that it is not required that every member or
organization represented at the workshop submit a position paper.
However, everyone is requested to submit some statement of their
interest in the topic to the Workshop Chair.


Registration and Information to Expected Participants

There will be a limit of 40 participants. ALL participants must
register. More than two participants from any single organization is

There is no registration fee for W3C members. Others are required to
pay a fee of $200 to help cover W3C's costs in running the workshop.
The attendence limit may be exceeded or the fee may be waived at the
discretion of the Workshop Chair for participants with compelling
position papers. Registration is handled on a first-come first-served
basis, so if you plan to attend the workshop please register as soon
as possible. If you would like to attend the workshop, please fill out
the registration form before March 29 1999. Registration is
required! The payment can be made on-site at the workshop; accepted
forms of payment are MasterCard, Visa, or a check in US dollars made
payable to MIT/W3C. If you have trouble with these forms of payment,
please contact the chair (

Workshop Organization

W3C Signed-XML Contact and Workshop Chair:

Joseph M. Reagle Jr. (W3C)

<> + 1.617.258.7621
Massachusetts Institute of Technology
Laboratory for Computer Science
W3C, NE43-350
545 Technology Square
Cambridge, MA 02139 USA

W3C Meeting Planner:

Susan Hardy (W3C)

Tel.: +1 617 253 2613
The World Wide Web Consortium
MIT Lab for Computer Science
545 Technology Square
Cambridge MA 02139 USA

Joseph Reagle E0 D5 B2 05 B6 12 DA 65 BE 4D E3 C1 6A 66 25 4E
independent research account