World Wide Web Consortium Issues Exclusive Canonical XML as a W3C Recommendation

New XML specification furthers portable digital signatures

Contact America --
Janet Daly, <janet@w3.org>, +1.617.253.5884 or +1.617.253.2613
Contact Europe --
Marie-Claire Forgue, <mcf@w3.org>, +33.492.38.75.94
Contact Asia --
Saeko Takeuchi <saeko@w3.org>, +81.466.49.1170

(also available in French and Japanese)

http://www.w3.org/ -- 18 July 2001 -- The World Wide Web Consortium (W3C) today announced the release of Exclusive XML Canonicalization as a W3C Recommendation. This specification augments the previous Canonical XML Recommendation to better enable a portion of an XML document (i.e., a fragment) to be as portable as possible while preserving the digital signature. It works in combination with XML Signatures, the W3C Recommendation produced jointly by W3C and the IETF in February, representing cross-industry agreement on an XML-based language for digital signatures.

A W3C Recommendation indicates that a specification is stable, contributes to Web interoperability, and has been reviewed by the W3C Membership, who are in favor of supporting its adoption by academic, industry, and research communities.

Exclusive XML Canonicalization Makes XML Signatures Work with Complex Applications, Web Services

Digital signatures provide integrity, signature assurance and non-repudiatability over Web data. Such features are especially important for documents that represent commitments such as contracts, price lists, and manifests.

XML Signatures have the potential to provide reliable XML-based signature technology, and are considered a mandatory component of many models for Web Services. However, various processors may introduce incidental changes into a document over the course of its processing. The process of canonicalization removes these incidental changes. Additionally, in some cases, particularly for signed XML in protocol applications (that is, ones that use SOAP 1.2, HTTP/1.1, or others) there is a need to canonicalize a subdocument in such a way that it is substantially independent of its XML context. This is because, in protocol applications, it is common to envelope XML in various layers of message or transport elements, to strip off such enveloping, and to construct new protocol messages, parts of which were extracted from different messages previously received. If the pieces of XML in question are signed, they need to be canonicalized in a way such that these operations do not break the signature but the signature still provides as much security as possible.

Exclusive XML Canonicalization meets this need by providing a method of serializing an XML fragment into a portable and canonical form. This functionality, when combined with XML Signature, is critical for electronic commerce because it ensures the integrity of documents and protocol messages that travel between multiple XML processors.

Exclusive XML Canonicalization Strengthens the XML Family of Technologies

Exclusive XML Canonicalization adds another critical piece to the Extensible Markup Language (XML) family of technologies under development at W3C, which began with the XML 1.0 Recommendation, and includes Namespaces in XML, Extensible Stylesheet Language Transformations (XSLT) 1.0, XML Path Language (XPath) 1.0, and XML Signature, all of which are W3C Recommendations, and hosts of other essential components as well as applications of XML (such as XHTML 1.1).

Working Group Participants Bring Diverse Perspectives, Implementations

The IETF/W3C XML Signatures Working Group brings together a diverse and influential group from industry, academia, as well as independent developers. It includes representatives from: Baltimore Technologies; IAIK TU Graz; IBM; Microsoft; Motorola; PureEdge; University Siegen; Sun Microsystems; and VeriSign Inc.

About the World Wide Web Consortium [W3C]

The W3C was created to lead the Web to its full potential by developing common protocols that promote its evolution and ensure its interoperability. It is an international industry consortium jointly run by the MIT Laboratory for Computer Science (MIT LCS) in the USA, the National Institute for Research in Computer Science and Control (INRIA) in France and Keio University in Japan. Services provided by the Consortium include: a repository of information about the World Wide Web for developers and users, and various prototype and sample applications to demonstrate use of new technology. To date, nearly 500 organizations are Members of the Consortium. For more information see http://www.w3.org/