index.html
12.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://www.w3.org/2002/12/wg">
<meta name="generator" content=
"HTML Tidy for Mac OS X (vers 31 October 2006 - Apple Inc. build 13), see www.w3.org" />
<meta http-equiv="Content-Type" content=
"text/html; charset=us-ascii" />
<title>W3C XML Security Working Group</title>
<link rel="stylesheet" type="text/css" href=
"http://www.w3.org/Signature/WG.css" />
</head>
<body>
<p><a href="../"><img src="http://www.w3.org/Icons/WWW/w3c_home"
alt="W3C" /></a> <a href="http://www.w3.org/TandS/"><img src=
"http://www.w3.org/Icons/tands.gif" alt=
"Technology and Society Domain" width="212" height=
"48" /></a></p>
<h1>XML Security Working Group</h1>
<dl>
<dt>On this page:</dt>
<dd><a href="#Mission">Mission</a> | <a href="#news">News</a> | <a href=
"#CurrentDrafts">Current Drafts</a> |
<a href="#meetings">Meetings</a> |
<a href="#Code">Code & Toolkits</a> |
<a href="#Responsibilities">The Chairs</a> |
<a href="#Background">Background Reading</a></dd>
<dt>Nearby:</dt>
<dd><a rel="charter" href=
"http://www.w3.org/2008/02/xmlsec-charter.html">Charter</a> |
<a rel="roadmap"
href="http://www.w3.org/2008/xmlsec/wiki/Roadmap">
Roadmap</a> |
<a rel="publicationstatus"
href="http://www.w3.org/2008/xmlsec/wiki/PublicationStatus">
Publication Status</a> |
<a rel="minutes"
href="minutes.html">
Approved meeting minutes</a> |
<a rel="implementations"
href="http://www.w3.org/2008/xmlsec/wiki/Implementations">
Implementations</a> |
<a rel="interop"
href="http://www.w3.org/2008/xmlsec/wiki/Interop">
Interop</a>
| <a rel="participants" href=
"http://www.w3.org/2000/09/dbwg/details?group=42458&public=1">
Participants</a> |
<!-- <a href="Contributor.html">Contributor Policies</a> |
--> <a href=
"http://www.w3.org/2004/01/pp-impl/42458/status">Patent Policy
Status</a> | <a rel="activity" href=
"http://www.w3.org/Security/Activity">Security Activity
Statement</a> | <a href=
"http://www.w3.org/2008/xmlsec/Group/Overview.html">WG Members
Page</a> |
<a href="papers/">Papers</a></dd>
<dt>Historic Working Group Pages:</dt>
<dd><a href="http://www.w3.org/Signature/">XML
Signature</a></dd>
<dd><a href="http://www.w3.org/Encryption/2001/">XML
Encryption</a></dd>
<dd><a href="http://www.w3.org/2007/xmlsec/">XML Security
Maintenance WG</a></dd>
<dt id="Responsibilities">Chair(s):</dt>
<dd>Frederick Hirsch <<a href=
"mailto:frederick.hirsch@nokia.com">frederick.hirsch@nokia.com</a>></dd>
<dt><a id="lists" name="lists">Mailing Lists</a></dt>
<dd>General, Technical and Public Discussions: <a href=
"mailto:public-xmlsec@w3.org">public-xmlsec@w3.org</a></dd>
<dd>Administrative issue Discussions: <a href=
"mailto:member-xmlsec@w3.org">member-xmlsec@w3.org</a></dd>
<dd>Public Comment List: <a href=
"mailto:public-xmlsec-comments@w3.org">public-xmlsec-comments@w3.org</a>;
<a href=
"http://lists.w3.org/Archives/Public/public-xmlsec-comments/">Archives</a></dd>
<dd>Public General Discussion List: <a href=
"mailto:public-xmlsec-discuss@w3.org">public-xmlsec-discuss@w3.org</a>;
<a href=
"http://lists.w3.org/Archives/Public/public-xmlsec-discuss/">Archives</a></dd>
<dd>W3C IETF XML Signature Discussion List: <a href=
"mailto:w3c-ietf-xmlsig@w3.org">w3c-ietf-xmlsig@w3.org</a>;
<a href=
"http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/">Archives</a></dd>
<dd>Join the Working Group: Apply <a href=
"http://www.w3.org/2004/01/pp-impl/42458/instructions">here!</a></dd>
<dd>Public Archive: <a href=
"http://lists.w3.org/Archives/Public/public-xmlsec/">http://lists.w3.org/Archives/Public/public-xmlsec/</a></dd>
<dd>Member Archive: <a href=
"http://lists.w3.org/Archives/Member/member-xmlsec/">http://lists.w3.org/Archives/Member/member-xmlsec/</a></dd>
<dd>Historical XML Sec Maintenance WG Archive: <a href=
"http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/">http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/</a></dd>
</dl>
<h2 id="Mission">Mission</h2>
<p>The Group is part of the <a href=
"http://www.w3.org/Security/">Security Activity</a>. It takes up
prior W3C Work on <a href="http://www.w3.org/Signature/">XML
Signature</a> and <a href=
"http://www.w3.org/Encryption/2001/">XML Encryption</a>, as well
as work from the <a href="http://www.w3.org/2007/xmlsec/">XML
Security Specifications Maintenance Working
Group</a>, that produced <a href="http://www.w3.org/TR/xmldsig-core/">XML Signature, Second Edition</a>.</p>
<h2 id="news">News</h2>
<p>
<span class="date">
<a href="http://www.w3.org/News/2012#entry-9310">2012-01-05</a>:
The <a href="http://www.w3.org/2008/xmlsec/">XML Security Working Group</a> has published a new Last Call
Working Draft of "<a href="http://www.w3.org/TR/2012/WD-xmlenc-core1-20120105/">XML Encryption 1.1</a>" to
solicit review of changes since the previous CR publication. These
changes:</span></p>
<ol>
<li> make
the AES-128-GCM algorithm mandatory to implement, to address newly publicized chosen-ciphertext attacks against the CBC
class of algorithms,</li>
<li>add new security considerations related to chosen-ciphertext attacks, timing attacks,
CBC block encryption vulnerabilities, and the insecure use of error
messages,</li>
<li>add a new algorithm for the RSA-OAEP key transport
that does not require SHA-1 with the mask generation function,
enabling use of various hash MGF combinations, and</li>
<li>include various editorial corrections. </li>
</ol>
<p>
The XML Security WG is also soliciting review of the Last Call working draft of
"<a href="http://www.w3.org/TR/2012/WD-xmlenc-transform20-20120105/">XML Encryption 1.1 CipherReference Processing using 2.0 Transforms</a>".
This specification brings the simplification benefits
of the ongoing XML Security 2.0 effort to XML Encryption CipherReference transform processing.
Feedback on both of these Last Call drafts is requested by 16 February 2012.
</p><p>
An update to the Note-track "<a href="http://www.w3.org/TR/2012/WD-xmlsec-algorithms-20120105/">XML Security Algorithm Cross-Reference</a>"
Working Draft reflects new algorithm definitions in XML Encryption 1.1.
</p><p>
The XML Security working group has also published First Public Working Drafts
of "<a href="http://www.w3.org/TR/2012/WD-xmlenc-core1-testcases-20120105/">Test Cases for XML Encryption 1.1</a>" and
"<a href="http://www.w3.org/TR/2012/WD-xml-c14n2-testcases-20120105/">Test Cases for Canonical XML 2.0</a>" and encourages
community participation in developing further tests and performing testing.
</p>
<p>
<span class="date">
<a href="http://www.w3.org/News/2011#entry-9184">2011-08-30</a>:
Updated working draft of "<a
href="http://www.w3.org/TR/2011/WD-xmlsec-rngschema-20110830/">XML Security RELAX NG Schemas</a>" published.</span>
This version of this specification is significantly different from the
previous version. </p>
<ul>
<li>The prose has been completely rewritten. In particular, Taxonomy
of schemas, Schema authoring techniques, and Schema indexes have
been introduced.</li>
<li>xmldsig-filter2.rnc for XML-Signature XPath Filter 2.0 has been added.</li>
<li>xmldsig11-schema.rnc has been modified by adding X509Digest and invoking xmldsig-filter2.rnc.</li>
<li>Small bugs in xenc-schema-11.rnc and xmlsec-ghc-schema.rnc have been fixed.</li>
<li>any.rnc has been renamed as security_any.rnc</li>
<li>exclusiveC14N.rnc has been renamed as exc-c14n.rnc</li>
<li>Driver schemas have been thoroughly renamed.</li>
</ul>
<p>For earlier news, visit the <a href="news.html">Previous News</a>
page.</p>
<div class="blogitem">
<h2 id="CurrentDrafts">Current Drafts</h2>
<p>
Current drafts are available from the
<a rel="publicationstatus"
href="http://www.w3.org/2008/xmlsec/wiki/PublicationStatus">
Publication Status</a> page. Please send comments related to
these documents to
<a
href="mailto:public-xmlsec-comments@w3.org">public-xmlsec-comments@w3.org</a>.
There is a <a
href="http://lists.w3.org/Archives/Public/public-xmlsec-comments/">public
archive</a> of comments received.
</p>
<p>
See also the <a
href="http://www.w3.org/TR/tr-groups-all#tr_XML_Security_Working_Group">
list of the XML Security published Technical Reports.
</a>
</p>
<h2 id="meetings">Meetings</h2>
<p>Optional teleconferences happen as required. See the WG
<a href=
"http://www.w3.org/2008/xmlsec/Group/Overview.html">Members Page</a>
for upcoming meeting information.
Minutes are posted
to the list; WG members are obligated to review, correct, or
counter any proposals or consensus achieved on the call on the
list. Minutes approved by the WG are <a href="minutes.html">publicly archived</a>.</p>
<h2 id="Code">Test Suites, Public Code and Toolkits</h2>
<p><em>If you would like to appear in this list, send an
announcement to the <a href="mailto:public-xmlsec@w3.org">XML
Security public mailing list</a>.</em></p>
<ul>
<!-- <li><a href="http://www.movesinstitute.org/exi/">EXI test
corpus</a> hosted by Naval Postgraduate school, Monterey,
CA</li> -->
<li><a href="http://www.w3.org/TR/2008/NOTE-xmldsig2ed-tests-20080610/">Test Cases for C14N
1.1 and XMLDSig Interoperability</a>, W3C Working Group Note, 2008-06-10</li>
<li><a href="http://www.w3.org/Signature/2001/04/05-xmldsig-interop.html">XML-Signature
Interoperability</a>, 2003-07-10</li>
</ul>
<h2 id="Background">Background Reading</h2>
<ul>
<li><a href=
"http://www.w3.org/2008/02/xmlsec-charter.html">Working Group
Charter</a></li>
<li><a href=
"http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/">XML
Signature Syntax and Processing, Second Edition</a>, W3C
Recommendation, (<a href=
"http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/explain.html">Explanation
of changes</a>, <a href=
"http://www.w3.org/2008/xmlsec/xmlsec-redline.html">redline</a>)</li>
<li><a href=
"http://www.w3.org/2007/xmlsec/ws/report.html">Workshop
Report</a> from <a href=
"http://www.w3.org/2007/xmlsec/ws/agenda.html">W3C Workshop
on Next Steps for XML Signature and XML Encryption</a>.</li>
<li><a href="http://www.w3.org/TR/DSig-usage/">Using XML
Digital Signatures in the 2006 XML Environment</a>, W3C
Working Group Note</li>
<li><a href="http://www.w3.org/TR/xml-c14n11/">Canonical XML
1.1</a>, W3C Recommendation</li>
<li><a href="http://www.w3.org/TR/xmldsig-filter2/">XML-Signature
XPath Filter 2.0</a>, W3C Recommendation</li>
<li><a href="http://www.w3.org/TR/xmlenc-core/">XML
Encryption</a>, W3C Recommendation.</li>
<li><a href="http://www.w3.org/TR/xmlenc-decrypt">Decryption
Transform for XML Signature</a> and
<a href=
"http://www.w3.org/Encryption/2002/12-xmlenc-decrypt-errata">Decryption
Transform Errata</a></li>
</ul>
</div>
<hr />
<address id="contact">
Chair: <a href="mailto:frederick.hirsch@nokia.com">Frederick
Hirsch</a><br />
Team Contact and Security Activity Lead: <a href=
"mailto:tlr@w3.org">Thomas Roessler</a><br />
$Id: Overview.html,v 1.114 2012/01/06 14:44:10 fhirsch3 Exp $
</address>
<p class="copyright"><a rel="Copyright" href=
"http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a>
2007-2008 <a href="http://www.w3.org/"><acronym title=
"World Wide Web Consortium">W3C</acronym></a> (<a href=
"http://www.lcs.mit.edu/"><acronym title=
"Massachusetts Institute of Technology">MIT</acronym></a>,
<a href="http://www.ercim.org/"><acronym title=
"European Research Consortium for Informatics and Mathematics">ERCIM</acronym></a>,
<a href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved.
W3C <a href=
"http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>,
<a href=
"http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a>,
<a rel="Copyright" href=
"http://www.w3.org/Consortium/Legal/copyright-documents">document
use</a> and <a rel="Copyright" href=
"http://www.w3.org/Consortium/Legal/copyright-software">software
licensing</a> rules apply. Your interactions with this site are
in accordance with our <a href=
"http://www.w3.org/Consortium/Legal/privacy-statement#Public">public</a>
and <a href=
"http://www.w3.org/Consortium/Legal/privacy-statement#Members">Member</a>
privacy statements.</p>
</body>
</html>