WSS XML Signature and XML Encryption

WSS XML Signature and XML Encryption

Chief Information Officer

IC Technical Specifications

WSS XML Signature & XML Encryption


This IC information guidance document provides guidance to solutions architects, integrators, and developers on how to minimize the risks and vulnerabilities with the use of XML Signature and XML Encryption.


This high level guidance is intended to provide an understanding of risks associated with the vulnerabilities of using XML Signature and XML Encryption.  This document does not provide low-level details needed for implementation, but points to lower-level specifications and standards for the necessary details and should be sufficient to act as a consistent basis upon which solutions architects, integrators, and developers can design and implement specific security solutions.

This standard supports Executive Order (EO) 13526, Classified National Security Information which "prescribes a uniform system for classifying, safeguarding, and declassifying national security information," across national security disciplines, networks, services, and data.


Compliance with this specification is measured against all aspects of the technical and documentary artifacts contained within the specification release package.

This specification is maintained by the IC Chief Information Officer via the Data Services Coordination Activity (DSCA) and Common Metadata Standards Tiger Team (CMSTT).


Technical Specification Downloads


Latest Approved Public Release:


Mission Requirements


This informational guidance document applies to solutions using World Wide Web Consortium (W3C) XML Signature and XML Encryption for XML message in transit through HTTP-based web service (SOAP and REST).  The W3C XML Security Working Group develops updates to the core XML Security specifications, which include the W3C recommendations for XML Encryption, XML Signature and XML Signature Properties.  The group publishes working group notes that provide best practice guides, use cases, requirements, and test cases for the specifications.