You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
314 lines
13 KiB
314 lines
13 KiB
<?xml version="1.0" encoding="utf-8"?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
|
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
<head profile="http://www.w3.org/2002/12/wg">
|
|
<meta name="generator" content=
|
|
"HTML Tidy for Mac OS X (vers 31 October 2006 - Apple Inc. build 13), see www.w3.org" />
|
|
<meta http-equiv="Content-Type" content=
|
|
"text/html; charset=us-ascii" />
|
|
|
|
<title>W3C XML Security Working Group</title>
|
|
<link rel="stylesheet" type="text/css" href=
|
|
"http://www.w3.org/Signature/WG.css" />
|
|
</head>
|
|
|
|
<body>
|
|
<p><a href="../"><img src="http://www.w3.org/Icons/WWW/w3c_home"
|
|
alt="W3C" /></a> <a href="http://www.w3.org/TandS/"><img src=
|
|
"http://www.w3.org/Icons/tands.gif" alt=
|
|
"Technology and Society Domain" width="212" height=
|
|
"48" /></a></p>
|
|
|
|
<h1>XML Security Working Group</h1>
|
|
|
|
<dl>
|
|
<dt>On this page:</dt>
|
|
|
|
<dd><a href="#Mission">Mission</a> | <a href="#news">News</a> | <a href=
|
|
"#CurrentDrafts">Current Drafts</a> |
|
|
<a href="#meetings">Meetings</a> |
|
|
<a href="#Code">Code & Toolkits</a> |
|
|
<a href="#Responsibilities">The Chairs</a> |
|
|
<a href="#Background">Background Reading</a></dd>
|
|
|
|
<dt>Nearby:</dt>
|
|
|
|
<dd><a rel="charter" href=
|
|
"http://www.w3.org/2008/02/xmlsec-charter.html">Charter</a> |
|
|
<a rel="roadmap"
|
|
href="http://www.w3.org/2008/xmlsec/wiki/Roadmap">
|
|
Roadmap</a> |
|
|
<a rel="publicationstatus"
|
|
href="http://www.w3.org/2008/xmlsec/wiki/PublicationStatus">
|
|
Publication Status</a> |
|
|
<a rel="minutes"
|
|
href="minutes.html">
|
|
Approved meeting minutes</a> |
|
|
<a rel="implementations"
|
|
href="http://www.w3.org/2008/xmlsec/wiki/Implementations">
|
|
Implementations</a> |
|
|
<a rel="interop"
|
|
href="http://www.w3.org/2008/xmlsec/wiki/Interop">
|
|
Interop</a>
|
|
| <a rel="participants" href=
|
|
"http://www.w3.org/2000/09/dbwg/details?group=42458&public=1">
|
|
Participants</a> |
|
|
<!-- <a href="Contributor.html">Contributor Policies</a> |
|
|
--> <a href=
|
|
"http://www.w3.org/2004/01/pp-impl/42458/status">Patent Policy
|
|
Status</a> | <a rel="activity" href=
|
|
"http://www.w3.org/Security/Activity">Security Activity
|
|
Statement</a> | <a href=
|
|
"http://www.w3.org/2008/xmlsec/Group/Overview.html">WG Members
|
|
Page</a> |
|
|
<a href="papers/">Papers</a></dd>
|
|
|
|
<dt>Historic Working Group Pages:</dt>
|
|
|
|
<dd><a href="http://www.w3.org/Signature/">XML
|
|
Signature</a></dd>
|
|
|
|
<dd><a href="http://www.w3.org/Encryption/2001/">XML
|
|
Encryption</a></dd>
|
|
|
|
<dd><a href="http://www.w3.org/2007/xmlsec/">XML Security
|
|
Maintenance WG</a></dd>
|
|
|
|
<dt id="Responsibilities">Chair(s):</dt>
|
|
|
|
<dd>Frederick Hirsch <<a href=
|
|
"mailto:frederick.hirsch@nokia.com">frederick.hirsch@nokia.com</a>></dd>
|
|
|
|
<dt><a id="lists" name="lists">Mailing Lists</a></dt>
|
|
|
|
<dd>General, Technical and Public Discussions: <a href=
|
|
"mailto:public-xmlsec@w3.org">public-xmlsec@w3.org</a></dd>
|
|
|
|
<dd>Administrative issue Discussions: <a href=
|
|
"mailto:member-xmlsec@w3.org">member-xmlsec@w3.org</a></dd>
|
|
|
|
<dd>Public Comment List: <a href=
|
|
"mailto:public-xmlsec-comments@w3.org">public-xmlsec-comments@w3.org</a>;
|
|
<a href=
|
|
"http://lists.w3.org/Archives/Public/public-xmlsec-comments/">Archives</a></dd>
|
|
|
|
<dd>Public General Discussion List: <a href=
|
|
"mailto:public-xmlsec-discuss@w3.org">public-xmlsec-discuss@w3.org</a>;
|
|
<a href=
|
|
"http://lists.w3.org/Archives/Public/public-xmlsec-discuss/">Archives</a></dd>
|
|
|
|
<dd>W3C IETF XML Signature Discussion List: <a href=
|
|
"mailto:w3c-ietf-xmlsig@w3.org">w3c-ietf-xmlsig@w3.org</a>;
|
|
<a href=
|
|
"http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/">Archives</a></dd>
|
|
|
|
<dd>Join the Working Group: Apply <a href=
|
|
"http://www.w3.org/2004/01/pp-impl/42458/instructions">here!</a></dd>
|
|
|
|
<dd>Public Archive: <a href=
|
|
"http://lists.w3.org/Archives/Public/public-xmlsec/">http://lists.w3.org/Archives/Public/public-xmlsec/</a></dd>
|
|
|
|
<dd>Member Archive: <a href=
|
|
"http://lists.w3.org/Archives/Member/member-xmlsec/">http://lists.w3.org/Archives/Member/member-xmlsec/</a></dd>
|
|
|
|
<dd>Historical XML Sec Maintenance WG Archive: <a href=
|
|
"http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/">http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/</a></dd>
|
|
</dl>
|
|
|
|
<h2 id="Mission">Mission</h2>
|
|
|
|
<p>The Group is part of the <a href=
|
|
"http://www.w3.org/Security/">Security Activity</a>. It takes up
|
|
prior W3C Work on <a href="http://www.w3.org/Signature/">XML
|
|
Signature</a> and <a href=
|
|
"http://www.w3.org/Encryption/2001/">XML Encryption</a>, as well
|
|
as work from the <a href="http://www.w3.org/2007/xmlsec/">XML
|
|
Security Specifications Maintenance Working
|
|
Group</a>, that produced <a href="http://www.w3.org/TR/xmldsig-core/">XML Signature, Second Edition</a>.</p>
|
|
|
|
<h2 id="news">News</h2>
|
|
<p>
|
|
<span class="date">
|
|
<a href="http://www.w3.org/News/2012#entry-9310">2012-01-05</a>:
|
|
The <a href="http://www.w3.org/2008/xmlsec/">XML Security Working Group</a> has published a new Last Call
|
|
Working Draft of "<a href="http://www.w3.org/TR/2012/WD-xmlenc-core1-20120105/">XML Encryption 1.1</a>" to
|
|
solicit review of changes since the previous CR publication. These
|
|
changes:</span></p>
|
|
<ol>
|
|
<li> make
|
|
the AES-128-GCM algorithm mandatory to implement, to address newly publicized chosen-ciphertext attacks against the CBC
|
|
class of algorithms,</li>
|
|
<li>add new security considerations related to chosen-ciphertext attacks, timing attacks,
|
|
CBC block encryption vulnerabilities, and the insecure use of error
|
|
messages,</li>
|
|
<li>add a new algorithm for the RSA-OAEP key transport
|
|
that does not require SHA-1 with the mask generation function,
|
|
enabling use of various hash MGF combinations, and</li>
|
|
<li>include various editorial corrections. </li>
|
|
</ol>
|
|
<p>
|
|
The XML Security WG is also soliciting review of the Last Call working draft of
|
|
"<a href="http://www.w3.org/TR/2012/WD-xmlenc-transform20-20120105/">XML Encryption 1.1 CipherReference Processing using 2.0 Transforms</a>".
|
|
This specification brings the simplification benefits
|
|
of the ongoing XML Security 2.0 effort to XML Encryption CipherReference transform processing.
|
|
Feedback on both of these Last Call drafts is requested by 16 February 2012.
|
|
</p><p>
|
|
An update to the Note-track "<a href="http://www.w3.org/TR/2012/WD-xmlsec-algorithms-20120105/">XML Security Algorithm Cross-Reference</a>"
|
|
Working Draft reflects new algorithm definitions in XML Encryption 1.1.
|
|
</p><p>
|
|
The XML Security working group has also published First Public Working Drafts
|
|
of "<a href="http://www.w3.org/TR/2012/WD-xmlenc-core1-testcases-20120105/">Test Cases for XML Encryption 1.1</a>" and
|
|
"<a href="http://www.w3.org/TR/2012/WD-xml-c14n2-testcases-20120105/">Test Cases for Canonical XML 2.0</a>" and encourages
|
|
community participation in developing further tests and performing testing.
|
|
</p>
|
|
<p>
|
|
<span class="date">
|
|
<a href="http://www.w3.org/News/2011#entry-9184">2011-08-30</a>:
|
|
Updated working draft of "<a
|
|
href="http://www.w3.org/TR/2011/WD-xmlsec-rngschema-20110830/">XML Security RELAX NG Schemas</a>" published.</span>
|
|
This version of this specification is significantly different from the
|
|
previous version. </p>
|
|
<ul>
|
|
<li>The prose has been completely rewritten. In particular, Taxonomy
|
|
of schemas, Schema authoring techniques, and Schema indexes have
|
|
been introduced.</li>
|
|
<li>xmldsig-filter2.rnc for XML-Signature XPath Filter 2.0 has been added.</li>
|
|
<li>xmldsig11-schema.rnc has been modified by adding X509Digest and invoking xmldsig-filter2.rnc.</li>
|
|
<li>Small bugs in xenc-schema-11.rnc and xmlsec-ghc-schema.rnc have been fixed.</li>
|
|
<li>any.rnc has been renamed as security_any.rnc</li>
|
|
<li>exclusiveC14N.rnc has been renamed as exc-c14n.rnc</li>
|
|
<li>Driver schemas have been thoroughly renamed.</li>
|
|
</ul>
|
|
|
|
<p>For earlier news, visit the <a href="news.html">Previous News</a>
|
|
page.</p>
|
|
|
|
<div class="blogitem">
|
|
<h2 id="CurrentDrafts">Current Drafts</h2>
|
|
<p>
|
|
Current drafts are available from the
|
|
<a rel="publicationstatus"
|
|
href="http://www.w3.org/2008/xmlsec/wiki/PublicationStatus">
|
|
Publication Status</a> page. Please send comments related to
|
|
these documents to
|
|
<a
|
|
href="mailto:public-xmlsec-comments@w3.org">public-xmlsec-comments@w3.org</a>.
|
|
There is a <a
|
|
href="http://lists.w3.org/Archives/Public/public-xmlsec-comments/">public
|
|
archive</a> of comments received.
|
|
</p>
|
|
<p>
|
|
See also the <a
|
|
href="http://www.w3.org/TR/tr-groups-all#tr_XML_Security_Working_Group">
|
|
list of the XML Security published Technical Reports.
|
|
</a>
|
|
</p>
|
|
<h2 id="meetings">Meetings</h2>
|
|
|
|
<p>Optional teleconferences happen as required. See the WG
|
|
<a href=
|
|
"http://www.w3.org/2008/xmlsec/Group/Overview.html">Members Page</a>
|
|
for upcoming meeting information.
|
|
Minutes are posted
|
|
to the list; WG members are obligated to review, correct, or
|
|
counter any proposals or consensus achieved on the call on the
|
|
list. Minutes approved by the WG are <a href="minutes.html">publicly archived</a>.</p>
|
|
|
|
|
|
|
|
<h2 id="Code">Test Suites, Public Code and Toolkits</h2>
|
|
|
|
<p><em>If you would like to appear in this list, send an
|
|
announcement to the <a href="mailto:public-xmlsec@w3.org">XML
|
|
Security public mailing list</a>.</em></p>
|
|
|
|
<ul>
|
|
<!-- <li><a href="http://www.movesinstitute.org/exi/">EXI test
|
|
corpus</a> hosted by Naval Postgraduate school, Monterey,
|
|
CA</li> -->
|
|
|
|
<li><a href="http://www.w3.org/TR/2008/NOTE-xmldsig2ed-tests-20080610/">Test Cases for C14N
|
|
1.1 and XMLDSig Interoperability</a>, W3C Working Group Note, 2008-06-10</li>
|
|
<li><a href="http://www.w3.org/Signature/2001/04/05-xmldsig-interop.html">XML-Signature
|
|
Interoperability</a>, 2003-07-10</li>
|
|
</ul>
|
|
|
|
<h2 id="Background">Background Reading</h2>
|
|
|
|
<ul>
|
|
<li><a href=
|
|
"http://www.w3.org/2008/02/xmlsec-charter.html">Working Group
|
|
Charter</a></li>
|
|
|
|
<li><a href=
|
|
"http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/">XML
|
|
Signature Syntax and Processing, Second Edition</a>, W3C
|
|
Recommendation, (<a href=
|
|
"http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/explain.html">Explanation
|
|
of changes</a>, <a href=
|
|
"http://www.w3.org/2008/xmlsec/xmlsec-redline.html">redline</a>)</li>
|
|
|
|
<li><a href=
|
|
"http://www.w3.org/2007/xmlsec/ws/report.html">Workshop
|
|
Report</a> from <a href=
|
|
"http://www.w3.org/2007/xmlsec/ws/agenda.html">W3C Workshop
|
|
on Next Steps for XML Signature and XML Encryption</a>.</li>
|
|
|
|
<li><a href="http://www.w3.org/TR/DSig-usage/">Using XML
|
|
Digital Signatures in the 2006 XML Environment</a>, W3C
|
|
Working Group Note</li>
|
|
|
|
<li><a href="http://www.w3.org/TR/xml-c14n11/">Canonical XML
|
|
1.1</a>, W3C Recommendation</li>
|
|
|
|
<li><a href="http://www.w3.org/TR/xmldsig-filter2/">XML-Signature
|
|
XPath Filter 2.0</a>, W3C Recommendation</li>
|
|
|
|
<li><a href="http://www.w3.org/TR/xmlenc-core/">XML
|
|
Encryption</a>, W3C Recommendation.</li>
|
|
|
|
<li><a href="http://www.w3.org/TR/xmlenc-decrypt">Decryption
|
|
Transform for XML Signature</a> and
|
|
|
|
<a href=
|
|
"http://www.w3.org/Encryption/2002/12-xmlenc-decrypt-errata">Decryption
|
|
Transform Errata</a></li>
|
|
</ul>
|
|
</div>
|
|
<hr />
|
|
|
|
<address id="contact">
|
|
Chair: <a href="mailto:frederick.hirsch@nokia.com">Frederick
|
|
Hirsch</a><br />
|
|
Team Contact and Security Activity Lead: <a href=
|
|
"mailto:tlr@w3.org">Thomas Roessler</a><br />
|
|
$Id: Overview.html,v 1.114 2012/01/06 14:44:10 fhirsch3 Exp $
|
|
</address>
|
|
|
|
<p class="copyright"><a rel="Copyright" href=
|
|
"http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a>
|
|
2007-2008 <a href="http://www.w3.org/"><acronym title=
|
|
"World Wide Web Consortium">W3C</acronym></a> (<a href=
|
|
"http://www.lcs.mit.edu/"><acronym title=
|
|
"Massachusetts Institute of Technology">MIT</acronym></a>,
|
|
<a href="http://www.ercim.org/"><acronym title=
|
|
"European Research Consortium for Informatics and Mathematics">ERCIM</acronym></a>,
|
|
<a href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved.
|
|
W3C <a href=
|
|
"http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>,
|
|
<a href=
|
|
"http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a>,
|
|
<a rel="Copyright" href=
|
|
"http://www.w3.org/Consortium/Legal/copyright-documents">document
|
|
use</a> and <a rel="Copyright" href=
|
|
"http://www.w3.org/Consortium/Legal/copyright-software">software
|
|
licensing</a> rules apply. Your interactions with this site are
|
|
in accordance with our <a href=
|
|
"http://www.w3.org/Consortium/Legal/privacy-statement#Public">public</a>
|
|
and <a href=
|
|
"http://www.w3.org/Consortium/Legal/privacy-statement#Members">Member</a>
|
|
privacy statements.</p>
|
|
</body>
|
|
</html>
|