Canonicalization

XML Canonicalization is the use of an algorithm to generate the canonical form of an XML document to ensure security in cases where XML is subject to surface representation changes or to processing that discards some information not essential to the data represented in the XML. Canonicalization addresses the fact that when XML is read and processed using standard XML parsing and processing techniques, some surface representation information may be lost or modified.

The document that results from XML Canonicalization ensures that all internal entities and XML namespaces are expanded: entities are replaced with their definitions and the canonical form explicitly represents the namespace that an element would otherwise inherit. The steps that take place during the creation of a core canonical form include

• Encoding the document in the Universal Character Set UTF-8

• Normalizing line breaks before parsing

• Normalizing attribute values as if by a validating processor

• Replacing character and parsed entity references

• Replacing CDATA sections with their character content

• Removing the XML declaration and document type declaration (DTD)

• Converting empty elements to start-end tag pairs

• Normalizing white space outside of the document element and within start and end tags

• Retaining all white space in character content (excluding characters removed during line-feed normalization)

• Setting attribute value delimiters to quotation marks

• Replacing special characters in attribute values and character content by character references

• Removing superfluous namespace declarations from each element

• Adding default attributes to each element

Once an XML canonical form is obtained, confidentiality, authentication, and data integrity are handled by the XML Security Framework.