index.html 12.8 KB
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://www.w3.org/2002/12/wg">
  <meta name="generator" content=
  "HTML Tidy for Mac OS X (vers 31 October 2006 - Apple Inc. build 13), see www.w3.org" />
  <meta http-equiv="Content-Type" content=
  "text/html; charset=us-ascii" />

  <title>W3C XML Security Working Group</title>
  <link rel="stylesheet" type="text/css" href=
  "http://www.w3.org/Signature/WG.css" />
</head>

<body>
  <p><a href="../"><img src="http://www.w3.org/Icons/WWW/w3c_home"
  alt="W3C" /></a> <a href="http://www.w3.org/TandS/"><img src=
  "http://www.w3.org/Icons/tands.gif" alt=
  "Technology and Society Domain" width="212" height=
  "48" /></a></p>

  <h1>XML Security Working Group</h1>

  <dl>
    <dt>On this page:</dt>

    <dd><a href="#Mission">Mission</a> | <a href="#news">News</a> |  <a href=
    "#CurrentDrafts">Current Drafts</a> | 
      <a href="#meetings">Meetings</a> | 
      <a href="#Code">Code &amp; Toolkits</a> |
      <a href="#Responsibilities">The Chairs</a> |
      <a href="#Background">Background Reading</a></dd>

    <dt>Nearby:</dt>

    <dd><a rel="charter" href=
    "http://www.w3.org/2008/02/xmlsec-charter.html">Charter</a> |
      <a rel="roadmap" 
         href="http://www.w3.org/2008/xmlsec/wiki/Roadmap">
        Roadmap</a> |
      <a rel="publicationstatus" 
         href="http://www.w3.org/2008/xmlsec/wiki/PublicationStatus">
        Publication Status</a> |
      <a rel="minutes" 
         href="minutes.html">
        Approved meeting minutes</a> |
      <a rel="implementations" 
         href="http://www.w3.org/2008/xmlsec/wiki/Implementations">
      Implementations</a> |
      <a rel="interop" 
         href="http://www.w3.org/2008/xmlsec/wiki/Interop">
        Interop</a>
      | <a rel="participants" href=
    "http://www.w3.org/2000/09/dbwg/details?group=42458&amp;public=1">
    Participants</a> | 
    <!-- <a href="Contributor.html">Contributor Policies</a> |
       --> <a href=
"http://www.w3.org/2004/01/pp-impl/42458/status">Patent Policy
Status</a> | <a rel="activity" href=
"http://www.w3.org/Security/Activity">Security Activity
Statement</a> | <a href=
"http://www.w3.org/2008/xmlsec/Group/Overview.html">WG Members
        Page</a> |
<a href="papers/">Papers</a></dd>

    <dt>Historic Working Group Pages:</dt>

    <dd><a href="http://www.w3.org/Signature/">XML
    Signature</a></dd>

    <dd><a href="http://www.w3.org/Encryption/2001/">XML
    Encryption</a></dd>

    <dd><a href="http://www.w3.org/2007/xmlsec/">XML Security
    Maintenance WG</a></dd>

    <dt id="Responsibilities">Chair(s):</dt>

    <dd>Frederick Hirsch &lt;<a href=
    "mailto:frederick.hirsch@nokia.com">frederick.hirsch@nokia.com</a>&gt;</dd>

    <dt><a id="lists" name="lists">Mailing Lists</a></dt>

    <dd>General, Technical and Public Discussions: <a href=
    "mailto:public-xmlsec@w3.org">public-xmlsec@w3.org</a></dd>

    <dd>Administrative issue Discussions: <a href=
    "mailto:member-xmlsec@w3.org">member-xmlsec@w3.org</a></dd>

    <dd>Public Comment List: <a href=
    "mailto:public-xmlsec-comments@w3.org">public-xmlsec-comments@w3.org</a>;
    <a href=
    "http://lists.w3.org/Archives/Public/public-xmlsec-comments/">Archives</a></dd>

    <dd>Public General Discussion List: <a href=
    "mailto:public-xmlsec-discuss@w3.org">public-xmlsec-discuss@w3.org</a>;
    <a href=
    "http://lists.w3.org/Archives/Public/public-xmlsec-discuss/">Archives</a></dd>

    <dd>W3C IETF XML Signature Discussion List: <a href=
    "mailto:w3c-ietf-xmlsig@w3.org">w3c-ietf-xmlsig@w3.org</a>;
    <a href=
    "http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/">Archives</a></dd>

    <dd>Join the Working Group: Apply <a href=
    "http://www.w3.org/2004/01/pp-impl/42458/instructions">here!</a></dd>

    <dd>Public Archive: <a href=
    "http://lists.w3.org/Archives/Public/public-xmlsec/">http://lists.w3.org/Archives/Public/public-xmlsec/</a></dd>

    <dd>Member Archive: <a href=
    "http://lists.w3.org/Archives/Member/member-xmlsec/">http://lists.w3.org/Archives/Member/member-xmlsec/</a></dd>

    <dd>Historical XML Sec Maintenance WG Archive: <a href=
    "http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/">http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/</a></dd>
  </dl>

  <h2 id="Mission">Mission</h2>

  <p>The Group is part of the <a href=
  "http://www.w3.org/Security/">Security Activity</a>. It takes up
  prior W3C Work on <a href="http://www.w3.org/Signature/">XML
  Signature</a> and <a href=
  "http://www.w3.org/Encryption/2001/">XML Encryption</a>, as well
  as work from the <a href="http://www.w3.org/2007/xmlsec/">XML
  Security Specifications Maintenance Working 
  Group</a>, that produced <a href="http://www.w3.org/TR/xmldsig-core/">XML Signature, Second Edition</a>.</p>

  <h2 id="news">News</h2>
<p>
<span class="date">
  <a href="http://www.w3.org/News/2012#entry-9310">2012-01-05</a>:
The <a href="http://www.w3.org/2008/xmlsec/">XML Security Working Group</a> has published a new Last Call 
Working Draft of "<a href="http://www.w3.org/TR/2012/WD-xmlenc-core1-20120105/">XML Encryption 1.1</a>" to 
solicit review of changes since the previous CR publication. These
  changes:</span></p>
<ol>
<li> make 
 the AES-128-GCM algorithm mandatory to implement, to address newly publicized chosen-ciphertext attacks against the CBC
 class of algorithms,</li>
<li>add new security considerations related to chosen-ciphertext attacks, timing attacks, 
 CBC block encryption vulnerabilities, and the insecure use of error
 messages,</li>
<li>add a new algorithm for the RSA-OAEP key transport  
 that does not require SHA-1 with the mask generation function,
 enabling use of various hash MGF combinations, and</li>
<li>include various editorial corrections. </li>
</ol>
<p>
 The XML Security WG is also soliciting review of the Last Call working draft of
"<a href="http://www.w3.org/TR/2012/WD-xmlenc-transform20-20120105/">XML Encryption 1.1 CipherReference Processing using 2.0 Transforms</a>". 
This specification brings the simplification benefits 
of the ongoing  XML Security 2.0 effort to XML Encryption CipherReference transform processing. 
Feedback on both of these Last Call drafts is requested by 16 February 2012.
</p><p>
An update to the Note-track "<a href="http://www.w3.org/TR/2012/WD-xmlsec-algorithms-20120105/">XML Security Algorithm Cross-Reference</a>" 
Working Draft reflects new algorithm definitions in XML Encryption 1.1. 
</p><p>
The XML Security working group has also published First Public Working Drafts 
of "<a href="http://www.w3.org/TR/2012/WD-xmlenc-core1-testcases-20120105/">Test Cases for XML Encryption 1.1</a>" and 
"<a href="http://www.w3.org/TR/2012/WD-xml-c14n2-testcases-20120105/">Test Cases for Canonical XML 2.0</a>" and encourages 
community participation in developing further tests and performing testing.
</p>
<p>
<span class="date">
<a href="http://www.w3.org/News/2011#entry-9184">2011-08-30</a>:
  Updated working draft of "<a
  href="http://www.w3.org/TR/2011/WD-xmlsec-rngschema-20110830/">XML Security RELAX NG Schemas</a>" published.</span> 
This version of this specification is significantly different from the
  previous version. </p> 
<ul>
<li>The prose has been completely rewritten. In particular, Taxonomy
  of schemas, Schema authoring techniques, and Schema indexes have
  been introduced.</li>
<li>xmldsig-filter2.rnc for XML-Signature XPath Filter 2.0 has been added.</li>
<li>xmldsig11-schema.rnc has been modified by adding X509Digest and invoking xmldsig-filter2.rnc.</li>
<li>Small bugs in xenc-schema-11.rnc and xmlsec-ghc-schema.rnc have been fixed.</li>
<li>any.rnc has been renamed as security_any.rnc</li>
<li>exclusiveC14N.rnc has been renamed as exc-c14n.rnc</li>
<li>Driver schemas have been thoroughly renamed.</li>
</ul>

<p>For earlier news, visit the <a href="news.html">Previous News</a>
page.</p>

  <div class="blogitem">
    <h2 id="CurrentDrafts">Current Drafts</h2>
<p>
Current drafts are available from the 
      <a rel="publicationstatus" 
         href="http://www.w3.org/2008/xmlsec/wiki/PublicationStatus">
        Publication Status</a> page. Please send comments related to
        these documents to   
<a
    href="mailto:public-xmlsec-comments@w3.org">public-xmlsec-comments@w3.org</a>. 
There is a <a
href="http://lists.w3.org/Archives/Public/public-xmlsec-comments/">public
archive</a> of comments received. 
</p>
<p>
See also the <a
    href="http://www.w3.org/TR/tr-groups-all#tr_XML_Security_Working_Group">
list of the XML Security published Technical Reports.
</a>
</p>
    <h2 id="meetings">Meetings</h2>

    <p>Optional teleconferences happen as required. See the WG 
<a href=
"http://www.w3.org/2008/xmlsec/Group/Overview.html">Members Page</a>
for upcoming meeting information.
Minutes are posted
    to the list; WG members are obligated to review, correct, or
    counter any proposals or consensus achieved on the call on the
    list. Minutes approved by the WG are <a href="minutes.html">publicly archived</a>.</p>



    <h2 id="Code">Test Suites, Public Code and Toolkits</h2>

    <p><em>If you would like to appear in this list, send an
    announcement to the <a href="mailto:public-xmlsec@w3.org">XML
    Security public mailing list</a>.</em></p>

    <ul>
      <!--      <li><a href="http://www.movesinstitute.org/exi/">EXI test
	   corpus</a> hosted by Naval Postgraduate school, Monterey,
	   CA</li> -->
      
      <li><a href="http://www.w3.org/TR/2008/NOTE-xmldsig2ed-tests-20080610/">Test Cases for C14N
      1.1 and XMLDSig Interoperability</a>, W3C Working Group Note, 2008-06-10</li>
      <li><a href="http://www.w3.org/Signature/2001/04/05-xmldsig-interop.html">XML-Signature
      Interoperability</a>, 2003-07-10</li>
    </ul>

    <h2 id="Background">Background Reading</h2>

    <ul>
      <li><a href=
      "http://www.w3.org/2008/02/xmlsec-charter.html">Working Group
      Charter</a></li>

      <li><a href=
      "http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/">XML
      Signature Syntax and Processing, Second Edition</a>, W3C
      Recommendation, (<a href=
      "http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/explain.html">Explanation
      of changes</a>, <a href=
      "http://www.w3.org/2008/xmlsec/xmlsec-redline.html">redline</a>)</li>

      <li><a href=
      "http://www.w3.org/2007/xmlsec/ws/report.html">Workshop
      Report</a> from <a href=
      "http://www.w3.org/2007/xmlsec/ws/agenda.html">W3C Workshop
      on Next Steps for XML Signature and XML Encryption</a>.</li>

      <li><a href="http://www.w3.org/TR/DSig-usage/">Using XML
      Digital Signatures in the 2006 XML Environment</a>, W3C
      Working Group Note</li>

      <li><a href="http://www.w3.org/TR/xml-c14n11/">Canonical XML
      1.1</a>, W3C Recommendation</li>

      <li><a href="http://www.w3.org/TR/xmldsig-filter2/">XML-Signature
          XPath Filter 2.0</a>,  W3C Recommendation</li>

      <li><a href="http://www.w3.org/TR/xmlenc-core/">XML
      Encryption</a>, W3C Recommendation.</li>

      <li><a href="http://www.w3.org/TR/xmlenc-decrypt">Decryption
      Transform for XML Signature</a> and 

<a href=
      "http://www.w3.org/Encryption/2002/12-xmlenc-decrypt-errata">Decryption
      Transform Errata</a></li>
    </ul>
  </div>
  <hr />

  <address id="contact">
    Chair: <a href="mailto:frederick.hirsch@nokia.com">Frederick
    Hirsch</a><br />
    Team Contact and Security Activity Lead: <a href=
    "mailto:tlr@w3.org">Thomas Roessler</a><br />
    $Id: Overview.html,v 1.114 2012/01/06 14:44:10 fhirsch3 Exp $
  </address>

  <p class="copyright"><a rel="Copyright" href=
  "http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a>
  2007-2008 <a href="http://www.w3.org/"><acronym title=
  "World Wide Web Consortium">W3C</acronym></a> (<a href=
  "http://www.lcs.mit.edu/"><acronym title=
  "Massachusetts Institute of Technology">MIT</acronym></a>,
  <a href="http://www.ercim.org/"><acronym title=
  "European Research Consortium for Informatics and Mathematics">ERCIM</acronym></a>,
  <a href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved.
  W3C <a href=
  "http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>,
  <a href=
  "http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a>,
  <a rel="Copyright" href=
  "http://www.w3.org/Consortium/Legal/copyright-documents">document
  use</a> and <a rel="Copyright" href=
  "http://www.w3.org/Consortium/Legal/copyright-software">software
  licensing</a> rules apply. Your interactions with this site are
  in accordance with our <a href=
  "http://www.w3.org/Consortium/Legal/privacy-statement#Public">public</a>
  and <a href=
  "http://www.w3.org/Consortium/Legal/privacy-statement#Members">Member</a>
  privacy statements.</p>
</body>
</html>