XML Digital Signatures •  Chapter 5 149 necessary in order to validate the signature.Why then is this element optional and not required? Several situations justify this field being optional. First, we might already know the public key and have it available elsewhere. In this case, having the key information in the signature is redundant, and as our following examples show, the KeyInfo element takes up a significant amount of space once it is filled in. So, if we already have the information elsewhere, we can avoid the extraneous clutter in the signature. Another situation that might be important is one in which the signer does not want just anybody to be able to verify the signature; instead, that ability is to be restricted to only certain parties. In that case, you would have arranged for only those parties to obtain a copy of your public key. To put this structure in context with the way in which digital signatures work, the information being signed is referenced within the SignedInfo element, along with the algorithm used to perform the hash (DigestMethod) and the resulting hash (DigestValue). The public key is then passed within SignatureValue. There are variations as to how the signature can be structured, but this explana- tion is the most straightforward. To validate the signature, you must digest the data object referenced using the relative DigestMethod. If the digest value generated matches the DigestValue speci- fied, the reference has been validated.Then, to validate the signature, obtain the key information from the SignatureValue and validate it over the SignedInfo ele- ment. As with encryption, the implementation of XML digital signatures allows the use of any algorithm to perform any of the operations required of digital sig- natures, such as canonicalization, encryption, and transformations.To increase interoperability, the W3C does have recommendations for which algorithms should be implemented within any XML digital signature implementations; we go into this topic in more detail later in this chapter. Applying XML Digital Signatures to Security XML signatures can be applied in three basic forms: n Enveloped form  The signature is within the document, as shown in the following example: <document> <signature>...</signature> </document> www.syngress.com