XML Signature

Functionally, it has much in common with PKCS #7 but is more extensible and geared towards signing XML documents.

However, because of the extensibility of the canonicalization and transform methods, the verifying party must also make sure that what was actually signed or digested is really what was present in the original data, in other words, that the algorithms used there can be trusted not to change the meaning of the signed data.

These algorithms guarantee that semantically-identical documents produce exactly identical serialized representations.

XML Signature is more flexible than other forms of digital signatures such as Pretty Good Privacy and Cryptographic Message Syntax, because it does not operate on binary data, but on the XML Infoset, allowing to work on subsets of the data (this is also possible with binary data in non-standard ways, for example encoding blocks of binary data in base64 ASCII), having various ways to bind the signature and signed information, and perform transformations.

Another core concept is canonicalization, that is to sign only the "essence", eliminating meaningless differences like whitespace and line endings.