Safer XML (1/2) - exploring XML | WebReference

Safer XML (1/2) - exploring XML

Safer XML

Security is a popular subject in these times, both in the personal and global context. While computer security concepts in general are old hats since the 80's, it seems that everything needs to be reinvented for XML, or at least with XML, including security. XML security standards include XML Encryption, XML Signatures, Security Assertion Markup Language (SAML), and Extensible Access Control Language (XACL).

Computer security presumes the following features:

FeatureDescriptionRelevant Technology
PrivacyOnly invited parties can join a conversationEncryption
Non-repudiationthe author of a message cannot deny having authored itSignatures
IntegrityThe content of a conversation has not been tampered with on its wayDigests
Access controlParties are authenticated and authorized before engaging in conversationUser IDs, Access Control Lists

All of these aspects have been thoroughly researched long before XML was invented, and the relevant technologies have existed for a long time. Security for a single computer was pretty much established alongside the invention of computers. The second software component after the operating system for IBM mainframes was the Resource Access Control Facility (RACF), which controls system access to these machines to date. With the advent of distributed computing in the 80's most of the remaining problems coming with untrusted third parties in a computer network were solved. Most of Distributed Computing Environment (DCE) technology dealt with this, particularly the Kerberos authentication and credentials system.

Encryption and Signatures

Since XML is in fact plain text, all algorithms devised for encrypting and signing text documents can be used for XML straight away. Alas, the structure inherent to XML documents creates new challenges:

  1. Different textual representations of the same XML document can exist due to different use of spacing, line breaks, and entities.
  2. Only parts of an XML document might be encrypted or signed, and different parts of the same document should be selectively accessible or inaccessible to various parties.
  3. An XML document can be the result of an arbitrary number of encryption and signature steps.

We will now discuss the solutions to these problems individually.

Canonical XML

The issue of different textual representations of logically equivalent XML documents has been solved with the definition of a canonical form for XML documents. This definition sets rules for spacing, line breaks, and the use of entities. The calculation of message digests has to be effected and verified on the canonical form of the XML document and not any variants thereof. Thereby identical hash values indicate that the canonical form of the XML document is unchanged, even if the textual form differs.

Partial encryption and signing

Both XML Encryption and XML Signing introduce their own namespace with a set of tags that can appear anywhere in an XML document. Thereby <signature> and <encrypteddata> can be present as the root element of a document, or somewhere in its body. Encrypted data cannot be nested, but it can be applied numerous times on already encrypted data. Signatures can be wrapped as an envelope around the data to be signed within the same document, as well as being detached by referencing outside content.


After various steps of encrypting and signing an XML document it becomes impossible for the receiver to deduce the appropriate transformations to be applied in order to restore the original content and verify the signatures. Therefore transform elements have been added to signatures for indicating the steps required to recreate the initial content.

We are concluding with some examples...

Produced by Michael Claßen

Created: Jan 06, 2003
Revised: Jan 06, 2003