W3C Logo

Implementation report C14N 1.1

Author
Thomas Roessler <tlr@w3.org>
Last Modified
$Date: 2008/06/09 22:20:55 $ by $Author: roessler $

Overview

This implementation report is intended to demonstrate fulfillment of the Candidate Recommendation Exit Criteria for Canonical XML 1.1:

-- Canonical XML 1.1, W3C Candidate Recommendation 21 June 2007

Canonical XML 1.1 differs from Canonical XML 1.0 in the handling of attributes in the xml namespace when document subsets are canonicalized. All tests were performed within the context of implementations of the XML Signature specification (see detailed description of test case setup), using an XPath transform to identify the signed document subset, and Canonical XML 1.1 to canonicalize it.

Testing was organized and performed by the members of the XML Security Specifications Maintenance Working Group. Five implementations participated in the testing. All five implementations submitted identical canonicalization results for all test cases.

Test Cases

The test cases covered the following xml namespace attributes:

Participating Implementations

IBM XML Digital Signature Package (IBM)

The XML Digital Signature package is bundled into IBM JREs that ship with IBM products or are downloaded for IBM systems. The XML Digital Signature package bundled into all IBM JREs at the Java 6.0 level or higher, and by special arrangement at earlier levels. It is a separate security provider, so would either need to be in the provider list in jre/lib/security/java.security or added programmatically at runtime. The C14N11 capability is currently (11 January, 2008) a technology preview that is not yet generally available.

Sun Java XML Digital Signature API and Implementation (Sun)

Sun's XML Digital Signature implementation is an implementation of the standard JSR 105 API (Java XML Digital Signature API) and is included in Sun's JDK 6 and Application Server products. The C14N 1.1 implementation is not yet generally available but is targeted for future releases.

Oracle XML Digital Signature package (Oracle)

The XML Digital Signature package is part of Oracle Security Developer Tools which is part of Oracle's Fusion Middleware platform. The upcoming AS11R1 release of Fusion Middleware includes full support for C14N version 1.1 in addition to XML Signature, XML Encryption, XML Key Management, SAML and Web Services Security technologies. The XML Digital Signature functionality can be accessed using the industry standard JSR 105 APIs (by using the Oracle provider) or through the current OSDT XML Security APIs.

upcxslib xml signature package (Universitat Politecnica de Catalunya)

The upcxslib xml signature package runs on Java 1.4.2 or higher. It uses Sun's security provider within the JRE for basic cryptographic tasks. CN14N 1.1 is not generally available at present, but its incorporation is targeted for a near future.

IAIK XML Security Toolkit (XSECT) (Graz University of Technology)

The IAIK XML Security Toolkit (XSECT) is the successor of the IAIK XML Signature Library (IXSIL). XSECT 1.12 or higher is scheduled to ship in Q2/2008 and will contain the C14N 1.1 implementation. C14N 1.1 will be enabled in the default mode for signature creation and may be turned off by a configuration flag allowing for maximum flexibility. XSECT 1.12 will support all Java^(TM) versions since JDK 1.3.1 or higher.

Test results

SUN IAIK IBM ORCL UPC
xmlbase-c14n11spec-102 PASS PASS PASS PASS PASS
xmlbase-c14n11spec2-102 PASS PASS PASS PASS PASS
xmlbase-c14n11spec3-103 PASS PASS PASS PASS PASS
xmlbase-prop-1 PASS PASS PASS PASS PASS
xmlbase-prop-2 PASS PASS PASS PASS PASS
xmlbase-prop-3 PASS PASS PASS PASS PASS
xmlbase-prop-4 PASS PASS PASS PASS PASS
xmlbase-prop-5 PASS PASS PASS PASS PASS
xmlbase-prop-6 PASS PASS PASS PASS PASS
xmlbase-prop-7 PASS PASS PASS PASS PASS
xmlid-1 PASS PASS PASS PASS PASS
xmlid-2 PASS PASS PASS PASS PASS
xmllang-1 PASS PASS PASS PASS PASS
xmllang-2 PASS PASS PASS PASS PASS
xmllang-3 PASS PASS PASS PASS PASS
xmllang-4 PASS PASS PASS PASS PASS
xmlspace-1 PASS PASS PASS PASS PASS
xmlspace-2 PASS PASS PASS PASS PASS
xmlspace-3 PASS PASS PASS PASS PASS
xmlspace-4 PASS PASS PASS PASS PASS

Differences

None observed.