W3C Makes XML Signatures More Portable

The World Wide Web Consortium (W3C) Thursday advanced a recommendation critical to the XML family of technologies; a recommendation
which is especially important to Web services.

Exclusive XML Canonicalization builds on the previous Canonical
XML recommendation, enabling the portability of fragments of XML documents while preserving digital signatures.

The new recommendation provides a method of serializing an XML fragment into a portable and canonical form. Combined with the XML
Signature recommendation, produced by the W3C and Internet Engineering Task Force (IETF) in February, Exclusive XML Canonicalization
ensures the integrity of documents and protocol messages that travel between multiple XML processors.

Digital signatures are essential for documents that represent commitments, like contracts, price lists and manifests. They are also
considered a mandatory component of many Web services models. However, various XML processors can introduce incidental changes to
documents during processing, which could invalidate the signatures.

The Exclusive XML Canonicalization recommendation makes it possible to remove those incidental changes. It also provides a way to
canonicalize a portion of the XML document so that it is independent of its XML context.

The W3C explained that this is an especially important feature for signed XML in protocol applications:

“This is because, in protocol applications, it is common to envelope XML in various layers of message or transport elements, to
strip off such enveloping, and to construct new protocol messages, parts of which were extracted from different messages previously
received. If the pieces of XML in question are signed, they need to be canonicalized in a way such that these operations do not
break the signature but the signature still provides as much security as possible.”

News Around the Web