The IETF/W3C Exclusive XML Canonicalization specification has been advanced to a W3C Recommendation, signifying that it is "stable, contributes to Web interoperability, and has been reviewed by the W3C Membership, who are in favor of supporting its adoption by academic, industry, and research communities. The specification augments the previously published Canonical XML Recommendation to better enable a portion of an XML document (fragment) to be as portable as possible while preserving the digital signature. It works in combination with the XML-Signature Syntax and Processing Recommendation produced jointly by W3C and the IETF in February 2002, representing cross-industry agreement on an XML-based language for digital signatures. Exclusive XML Canonicalization provides a method of serializing an XML fragment into a portable and canonical form. This functionality, when combined with XML Signature, is critical for electronic commerce because it ensures the integrity of documents and protocol messages that travel between multiple XML processors."
Bibliographic information: Exclusive XML Canonicalization Version 1.0. W3C Recommendation 18-July-2002. Authors/Editors: John Boyer (PureEdge Solutions Inc.), Donald E. Eastlake 3rd (Motorola), and Joseph Reagle (W3C). Version URL: http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/. Latest version URL: http://www.w3.org/TR/xml-exc-c14n/. Previous version URL: http://www.w3.org/TR/2002/PR-xml-exc-c14n-20020524/.
From the Abstract: "Canonical XML specifies a standard serialization of XML that, when applied to a subdocument, includes the subdocument's ancestor context including all of the namespace declarations and attributes in the xml: namespace. However, some applications require a method which, to the extent practical, excludes ancestor context from a canonicalized subdocument. For example, one might require a digital signature over an XML payload (subdocument) in an XML message that will not break when that subdocument is removed from its original message and/or inserted into a different context. This requirement is satisfied by Exclusive XML Canonicalization."
From the announcement:
Digital signatures provide integrity, signature assurance and non-repudiatability over Web data. Such features are especially important for documents that represent commitments such as contracts, price lists, and manifests.
XML Signatures have the potential to provide reliable XML-based signature technology, and are considered a mandatory component of many models for Web Services. However, various processors may introduce incidental changes into a document over the course of its processing. The process of canonicalization removes these incidental changes. Additionally, in some cases, particularly for signed XML in protocol applications (that is, ones that use SOAP 1.2, HTTP/1.1, or others) there is a need to canonicalize a subdocument in such a way that it is substantially independent of its XML context. This is because, in protocol applications, it is common to envelope XML in various layers of message or transport elements, to strip off such enveloping, and to construct new protocol messages, parts of which were extracted from different messages previously received. If the pieces of XML in question are signed, they need to be canonicalized in a way such that these operations do not break the signature but the signature still provides as much security as possible.
Exclusive XML Canonicalization meets this need by providing a method of serializing an XML fragment into a portable and canonical form. This functionality, when combined with XML Signature, is critical for electronic commerce because it ensures the integrity of documents and protocol messages that travel between multiple XML processors.
The IETF/W3C XML Signatures Working Group brings together a diverse and influential group from industry, academia, as well as independent developers. It includes representatives from: Baltimore Technologies; IAIK TU Graz; IBM; Microsoft; Motorola; PureEdge; University Siegen; Sun Microsystems; and VeriSign Inc.
Related specification: W3C XML-Signature XPath Filter 2.0 was advanced to Candidate Recommendation status on 18-July-2002. Produced by the IETF/W3C XML Signature Working Group, this W3C Candidate Recommendation "defines an alternative to the XPath transform of the XML Signature Recommendation [XML-DSig]. The goal is to: (1) more easily specify XPath transforms and (2) more efficiently process those transforms." From the abstract: "XML Signature recommends a standard means for specifying information content to be digitally signed and for representing the resulting digital signatures in XML. Some applications require the ability to specify a subset of a given XML document as the information content to be signed. The XML Signature specification meets this requirement with the XPath transform. However, this transform can be difficult to implement efficiently with existing technologies. This specification defines a new XML Signature transform to facilitate the development of efficient document subsetting implementations that interoperate under similar performance profiles.... The specification incorporates the resolution of all last call issues. The WG considers the specification to be very stable and invites implementation feedback during this period. The specification presently has three interoperable implementations as shown in the Interoperability Report; [the WG will] try to obtain one more, but otherwise will advance after the Candidate Recommendation period after three weeks (closing 08-August-2002)."
Principal references:
- Announcement: "World Wide Web Consortium Issues Exclusive Canonical XML as a W3C Recommendation. New XML Specification Furthers Portable Digital Signatures."
- Exclusive XML Canonicalization Version 1.0. W3C Recommendation 18-July-2002.
- Canonical XML Version 1.0. W3C Recommendation 15-March-2001.
- XML-Signature Syntax and Processing. W3C Recommendation 12-February-2002.
- IETF/W3C XML Signature Working Group
- See also: "W3C/IETF Canonical XML Specification Published as a W3C Recommendation." News item 2001-03-22.
- "XML Digital Signature (Signed XML - IETF/W3C)" - Main reference page.