News Release: World Wide Web Consortium Publishes Exclusive XML Canonicalization as a W3C Recommendation from Janet Daly on 2002-07-18 (w3c-news@w3.org from July to September 2002)

From: Janet Daly <janet@w3.org>
Date: Thu, 18 Jul 2002 11:12:38 -0400
To: w3c-news@w3.org
Message-ID: <3D36DAE6.1070609@w3.org>
W3C today issues Exclusive XML Canonicalization as a Recommendation, 
providing even more flexibility and reliability in XML Signatures.
For more information, please contact Janet Daly, W3C, at +1.617.253.5884.

Web resources:

This press release (in English)
http://www.w3.org/2002/07/c14n-pressrelease.html.en

This press release (in France)
http://www.w3.org/2002/07/c14n-pressrelease.html.fr

Exclusive XML Canonicalization
http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/



World Wide Web Consortium Issues Exclusive Canonical XML as a W3C
Recommendation

New XML specification furthers portable digital signatures

Contact America --
Janet Daly, <janet@w3.org>, +1.617.253.5884 or +1.617.253.2613Contact
Europe --
Marie-Claire Forgue, <mcf@w3.org>, +33.492.38.75.94
Contact Asia --
Saeko Takeuchi <saeko@w3.org>, +81.466.49.1170

http://www.w3.org/ -- 18 July 2001 -- The World Wide Web Consortium
(W3C) today announced the release of Exclusive XML Canonicalization as a
W3C Recommendation. This specification augments the previous Canonical
XML Recommendation to better enable a portion of an XML document (i.e.,
a fragment) to be as portable as possible while preserving the digital
signature. It works in combination with XML Signatures, the W3C
Recommendation produced jointly by W3C and the IETF in February,
representing cross-industry agreement on an XML-based language for
digital signatures.

A W3C Recommendation indicates that a specification is stable,
contributes to Web interoperability, and has been reviewed by the W3C
Membership, who are in favor of supporting its adoption by academic,
industry, and research communities.

Exclusive XML Canonicalization Makes XML Signatures Work with Complex
Applications, Web Services

Digital signatures provide integrity, signature assurance and
non-repudiatability over Web data. Such features are especially
important for documents that represent commitments such as contracts,
price lists, and manifests.

XML Signatures have the potential to provide reliable XML-based
signature technology, and are considered a mandatory component of many
models for Web Services. However, various processors may introduce
incidental changes into a document over the course of its processing.
The process of canonicalization removes these incidental changes.
Additionally, in some cases, particularly for signed XML in protocol
applications (that is, ones that use SOAP 1.2, HTTP/1.1, or others)
there is a need to canonicalize a subdocument in such a way that it is
substantially independent of its XML context.

This is because, in  protocol applications, it is common to envelope XML
in various layers of  message or transport elements, to strip off such
enveloping, and to construct new protocol messages, parts of which were
extracted from different messages previously received. If the pieces of
XML in question are signed, they need to be canonicalized in a way such
that these operations do not break the signature but the signature still
provides as much security as possible.

Exclusive XML Canonicalization meets this need by providing a method of
serializing an XML fragment into a portable and canonical form. This
functionality, when combined with XML Signature, is critical for
electronic commerce because it ensures the integrity of documents and
protocol messages that travel between multiple XML processors.

Exclusive XML Canonicalization Strengthens the XML Family of Technologies

Exclusive XML Canonicalization adds another critical piece to the
Extensible Markup Language (XML) family of technologies under
development at W3C, which began with the XML 1.0 Recommendation, and
includes Namespaces in XML, Extensible Stylesheet Language
Transformations (XSLT) 1.0, XML Path Language (XPath) 1.0, and XML
Signature, all of which are W3C Recommendations, and hosts of other
essential components as well as applications of XML (such as XHTML 1.1).

Working Group Participants Bring Diverse Perspectives, Implementations

The IETF/W3C XML Signatures Working Group brings together a diverse and
influential group from industry, academia, as well as independent
developers. It includes representatives from: Baltimore Technologies;
IAIK TU Graz; IBM; Microsoft; Motorola; PureEdge; University Siegen; Sun
Microsystems; and VeriSign Inc.

About the World Wide Web Consortium [W3C]

The W3C was created to lead the Web to its full potential by developing
common protocols that promote its evolution and ensure its
interoperability. It is an international industry consortium jointly run
by the MIT Laboratory for Computer Science (MIT LCS) in the USA, the
National Institute for Research in Computer Science and Control (INRIA)
in France and Keio University in Japan. Services provided by the
Consortium include: a repository of information about the World Wide Web
for developers and users, and various prototype and sample applications
to demonstrate use of new technology. To date, nearly 500 organizations
are Members of the Consortium. For more information see http://www.w3.org/
Received on Thursday, 18 July 2002 11:12:41 UTC