XML Signature

  • Signature, Detached

The signature is over content external to the Signature element, and can be identified via a URI or transform. Consequently, the signature is “detached” from the content it signs. This definition typically applies to separate data objects, but it also includes the instance where the Signature and data object reside within the same XML document but are sibling elements.

  • Signature, Enveloping

The signature is over content found within an Object element of the signature itself. The Object (or its content) is identified via a Reference (via a URI fragment identifier or transform).

  • Signature, Enveloped

The signature is over the XML content that contains the signature as an element. The content provides the root XML document element. Obviously, enveloped signatures must take care not to include their own value in the calculation of the SignatureValue.

  • Enveloped Signature

  • Enveloping Signature

  • Detached Signature

而XML數位簽章(Digital Signature)提供了保證訊息的完整性與交易不可否認性的機制,則可以解決此安全性考量的問題。對於XML簽章的做法,大致可分為以下幾個情況:

  • Full Signature:對整份文件簽章
  • Partial Signature:簽章只簽某些特殊的資料元(Element)
  • Single Signature:一份文件中用一個XML簽章
  • Multiple Signature:一份文件中有多個XML簽章
  • Signing Signature:重疊簽署XML簽章(簽署簽章)

  視文件的重要性與性質不同,簽章會有所差異。如某些XML文件需要多人會簽,則會使用Multiple Signature;若需要階層性地經由多位主管稽核的串簽,則會使用Signing Signature。

目前常見的標準XML簽章可分成以下三種類型:

  • Enveloped Signature:表示簽章被包在被簽署的文件中
  • Enveloping Signature:簽章包住被簽署的資料
  • Detached Signature:簽章與被簽署的資料是拆開的
  • tech/pki/xmlsig.txt
  • 上一次變更: 2008/08/21 07:29
  • jonathan