In mid-1999, the Institute for Data Communications Systems at the University of Siegen in Germany looked for partners to participate in a European project for implementing the upcoming XML Signature standard. We found our partners in the companies Expertnet S.A. and PROODOS S.A., both from Athens, who were willing to use our XML Signature library in a first commercial project.
The project started in January 2000 and ended up in September 2001. 50% of the costs have been funded by the European Commission in the ISIS programme. Goal was to develop a Java library for creating and validating XML Signatures and to make the binaries of this software freely available.
In September 2001, Christian Geuer-Pollmann and the Institute for Data Communications Systems decided to make the sources freely available, too, to promote the use of digital signatures and to give XML Signature a spin. The decision was made to give the complete library (including an implementation of "Canonical XML" and "XML Signature") under the hood of the Apache Software Foundation to ensure availability of the source and to enable other people to use it under the Apache License.
A beta implementation of XML Encryption was first included in version 1.1 of the XML Security for Java library.
The XML Security C++ library was a much more recent addition to the XML-Security project. It started out on Sourceforge and was migrated into XML Security in early 2003.
In 2006, the XML-Security project was voted as an Apache TLP and was rebranded as Apache Santuario. The Apache Santuario project at present includes the Apache XML Security for Java and the Apache XML Security for C++ library projects.