XML Signature and Canonical XML 2.0 drafts available

The W3C has published two first drafts XML Signature Syntax and Processing and Canonical XML of the upcoming version 2.0.

The new XML Signature version promises more simplicity and more performance. Chapter 10 lists the differences to the current version. In short: New namespace dsig2, Canonical XML 2.0 and a completely changed transformation model which isn't that general any more (which is good, since the completely open one we are using now may lead to a lot of security problems). The new one now separates between selection and canonicalization, which includes the new Selection element. In short this element chooses the data object that is to be signed.

Canonical XML 2.0 brings in more performance and more security. It is still designed for XML 1.0, not XML 1.1 (so still no canonicalization for XML 1.1 out there). And as written above it is required for XML Signature 2.0.

Since these are the first public drafts some things will change until the final recommendations will be available.

Published by Dominik

Java architect, developer, author, trainer, speaker, JCrypTool project lead and secure programming enthusiast.