W3C

XML Canonicalization Requirements

W3C Note 5-June-1999

This version:
http://www.w3.org/TR/1999/NOTE-xml-canonical-req-19990605
Latest version:
http://www.w3.org/TR/NOTE-xml-canonical-req
Previous version
http://www.w3.org/TR/1999/NOTE-xml-canonical-req-19990307
Editors
James Tauber () 
Joel Nava ()

Status of this document

This is a W3C Note produced as a deliverable of the XML Syntax WG according to its charter. A list of current W3C Working Drafts and Notes can be found at http://www.w3.org/TR.

This document is a work in progress representing the current consensus of the W3C XML Syntax Working Group. This version of the XML Canonicalization Requirements document has been approved by the XML Syntax Working Group and the XML Plenary to be posted for review by W3C members and other interested parties. Publication of this specification does not imply endorsement by the W3C membership. Comments should be sent to the automatically and publicly archived email list: www-xml-canonicalization-comments@w3.org.

This document is being processed according to the following review schedule:

Review Schedule 
Process Closing Date Status Contact
XML Syntax WG sign off 1999/05/26 Done XML Syntax WG
XML CG Review 199/05/28 Done XML Syntax WG
XML-DSig review 1999/06/4 Done XML Syntax WG, W3C/IETF XML-DSig WG, reagle@w3.org
XML Plenary sign off 1999/06/4 Done jnava@adobe.com, jtauber@jtauber.com, reagle@w3.org
Publish as W3C Note 1999/06/7 Done www-xml-canonicalization-comments@w3.org
Checkpoint of comments 1999/06/28 Underway www-xml-canonicalization-comments@w3.org

Comments about this document should be submitted to the "contact" listed above for each process.

Abstract

This document lists the design principles, scope and requirements for the Canonicalization of XML for digital signatures in XML and XML Processor conformance. These are being developed by the World Wide Web Consortium's XML Syntax Working Group.

Table of Contents

1. Introduction
2. Design Principles and Scope
3. Requirements
4. References

1. Introduction

The XML 1.0 Recommendation [XML] describes the syntax of a class of data objects called XML documents. It is possible, however, for logically equivalent XML documents to differ in their physical representation. In particular, two equivalent XML documents may differ on such issues as physical (i.e. entity) structure, attribute ordering, character encoding and insignificant whitespace. This means that equivalence testing cannot be done at the byte level for arbitrary XML documents. Though, byte level equivalence testing is useful in the domain of digital signatures for XML.

Work has started elsewhere on the broader question of digital signatures in XML [IOTP-DSig, Brown-XML-DSig, DOMHASH]. The W3C hosted a workshop on signed XML [DS-XML], and is forming a W3C/IETF XML-DSig WG [XML-DSig].

The Canonical XML specification aims to introduce a notion of equivalence between XML documents which can be tested at the syntactic level and, in particular, by byte-for-byte comparison. It shall describe the canonicalization of XML documents such that logically equivalent documents will have the same byte-for-byte representation. This form is referred to as the canonical form of the document.

2. Design Principles and Scope

  1. The specification for Canonical XML shall describe how to derive the canonical form of any XML document.
  2. Canonicalization shall reflect the logical structure of the XML document and decide whether to retain any of the physical (i.e. entity) structure.
  3. The specification shall not consider the canonicalization of the document type declaration.
  4. The specification shall consider the canonicalization of documents that make use of namespaces.
  5. Canonicalization shall be designed to be consistent with the XML Information Set Specification [Infoset-WD] and W3C I18N work [Char-Mod, Char-Req].
  6. Canonicalization shall be designed in coordination with the W3C/IETF XML-DSig WG [XML-DSig], and the XML Information Set WG. To that end, The XML Syntax WG shall do the following:
    1. Allow WG emails, to do with canonicalization, to be summarized, forwarded, or cross posted to the XML-DSig WG's public email list and the XML Information Set WG's internal email list.
    2. Be dependent on the review of the Specification by the XML-DSig WG and the, XML Information Set WG and allow them to hold up the Last Call, PR or REC process if needed.
  7. The specification proposes to describe 3 level of canonicalization, changeable by the needs of the DSig WG:
    Level 0 - Do nothing to the XML document.
    Level 1 - Convert the encoding of the document to UTF-8 is it is not already UTF-8
    Level 2 - Whatever is decided upon as full Canonicalization.
  8. The WG will decide if it can propose one full Canonicalization for both use cases, or to come up with different algorithms for each.
     
     

3. Requirements

  1. Every XML document shall have a unique canonical form.
  2. The canonical form of an XML document shall be a well formed XML document with the following invariant property:
    1. Any XML document, say X, processed by a canonicalizer, will produce an XML Document X'.
    2. X' passed through the same canonicalizer must produce X'.
    3. X' passed through any other conforming canonicalizer should produce X', or else one of them in not conformant.
  3. Canonicalization shall produce byte comparable forms of characters defined by Unicode [Unicode] to be equivalent.
  4. The canonical form shall use the terms from, and work in cooperation with the XML Information Set WG to ensure there is no confusion between the Canonicalization and Information Set specifications.

4. References

XML
Extensible Markup Language (XML) Recommendation. http://www.w3.org/TR/REC-xml
Namespaces
Namespaces in XML Recommendation. http://www.w3.org/TR/REC-xml-names
Infoset-WD
XML Information Set Working Draft of May 17, 1999. http://www.w3.org/TR/xml-infoset
Char-Mod
Character Model for the World Wide Web Working Draft http://www.w3.org/TR/WD-charmod
Char-Req
Requirements for String Identity and Character Indexing Definitions for the WWW http://www.w3.org/TR/WD-charreq
XML-DSig
The W3C/IETF XML-DSig Charter http://www.w3.org/1999/05/XML-DSig-charter-990521.html
Unicode
The Unicode Consortium. The Unicode Standard, Version 2.0. Reading, Mass.: Addison-Wesley Developers Press, 1996
IOTP-DSig
Internet Draft. Digital Signatures for the Internet Open Trading Protocol http://www.ietf.org/internet-drafts/draft-ietf-trade-iotp-v1.0-dsig-00.txt
Brown-XML-DSig
Internet Draft. Digital Signatures for XML http://search.ietf.org/internet-drafts/draft-brown-xml-dsig-00.txt
DOMHASH
Internet Draft. Digest Values for DOM (DOMHASH) http://search.ietf.org/internet-drafts/draft-hiroshi-dom-hash-01.txt
DS-XML
XML-DSig '99: The W3C Signed XML Workshop http://www.w3.org/1999/02/ds-xml-cfp-19990218.html