XML Digital Signature Terminology
Before you actually start looking at the XML signature elements, you need to understand some basic concepts and terminology that are quite specific to the XML digital signature realm. Let's take a brief look at them, one by one.
Apart from signing specific XML data documents, XML DSig can also be used to sign other forms of data:
Character-encoded data (an individual's account balance html file)
Binary-encoded data (a company's profit/loss chart as a .jpg file)
It is thus appropriate to use the term resource to represent the entity that is signed by XML DSig. Thus, the resources signed using XML DSig can be called signed resources.
To create a digital signature for a resource, a small, unique thumb impression of the document (called the hash or digest) is transformed using the private key of the sender. This transformed digest (called the digest value), as well as the algorithm used for transformation (called the digest method), become integral parts of the XML digital signature generated for the document.
The digest of a resource is very sensitive to any changes made in the resource. Thus, it becomes vital for ensuring that the document has not been modified in transit.
Each signed resource attested by the signature must have its own corresponding digest.
It is highly possible that two similar XML documents that contain identical data may differ in terms of their textual representations because of white spaces, line breaks, element representations, and so on. Canonicalization is the process of negating the effect of these minor differences, so that the digest created is not affected by textual variations.
Many standard algorithms are currently available for canonicalizing XML. The XML signature syntax includes a <CanonicalizationMethod> element to specify the specific algorithm used for canonicalizing the current document.