What is canonicalization in xml signature?

Question

What is the canonicalization tag which is used in xml signatures. It is present in the <signed info> element. I have gone through various documents over the net. But all of them are too abstract for me to understand. It would be helpful if some one could explain what should be contained in the canonicalization tag and how should it be used?
I also have a doubt in the <signature value> element. What does it contain the signature of?

Answer 1

A signature in general is used (beside tracebility reasons) as a prove for the recipient, that the message was not altered during its way (by a man in the middle for instance).

->Keyword: Integrity:

Problem:

XML offers several valid ways to structure same (input-)data like:

1. <a>1</a><!--comment--> <b></b>
2. <a>1</a><b/>

This makes a creation of a determinable signature hash impossible, which is a must for a working signature-verification. For example a MD5 hash over both XML-examples above would result in complete different result-hashes, although both examples provide the same valid data in XML-form (they are semantically identical).

Solution: This is, where a XML canonicalization (c14n) comes in: The message is formatted (canonicalized) by the sending party (client) and also after reception on receiver side (server), so that the hash does not change for same data (on XML-level).

I guess you're just curious about this stuff, cause typically you should not take care about this, as the libs (XMLDSig-libs, WS-Security-libs, ..) are taking care of this behind the scenes.

Re 2nd question: The SignatureValue element contains the Base64 encoded signature result of the SignedInfo element.