|
XML is a markup language for data; it describes data. If you care about data and not the way it is marked up then you need canonical XML because there are multiple ways to mark up the same data.
When you say "verified bit-by-bit", do you mean you want to verify the data in two documents are identical? Then you need to put them in canonical form because two documents with the exact same data can have different bits.
If, on the other hand, you want to verify the data in two documents has been marked up identically then you *must not* put them in canonical format, because that strips away differences in markup.
"Security" is a separate issue; but you would want to canonicalize a document if you want to verify the *data* in the document, and not the way that data was marked up. If you don't do that two documents with absolutely identical data but different markup would not verify because their bits are different.
|
Previous Message
Up
