The World Wide Web Consortium (W3C) Thursday advanced a major recommendation in the realm of Web services: XML Signature Syntax and
Processing.
The recommendation represents a cross-industry agreement on an XML-based language for digital signatures, and is the foundation upon
which other W3C efforts, like XML Encryption for securing XML documents, and XML Key Management, will be built.
“XML Signature is a critical foundation on top of which we will be able to build more secure Web services,” said Tim Berners-Lee,
creator of the World Wide Web and director of the W3C. “By offering basic data integrity and authentication tools, XML Signature
provides new power for applications that enable trusted transactions of all sorts.”
Digital signatures allow others to confirm the identity of the signer of information and the fidelity of that information.
The XML Signature specification brings two important things to the table in that regard. First, the specification can be implemented
with and use the same toolkits that are being used for XML applications, with no additional software required. Secondly, XML
Signature is capable of processing XML as XML rather than as a single large document, allowing multiple users to apply signatures to
sections of XML and not the document as a whole.
The second part becomes increasingly important as more commercial applications are used to send XML documents through a series of
intermediaries, whether for invoices, orders or applications. In this way, those intermediaries are able to sign sections of the
document without invalidating other portions of it.