fyi: Report on Workshop on Next Steps for XML Signature and XML Encryption

' =JeffH ' Jeff.Hodges at KingsMountain.com
Wed Oct 24 21:38:53 EDT 2007


of possible interest to some...

Scott Cantor and I represented the perspective of "xmldsig is 
broken/mess/complex from some non-trivial number of implementors' perspective, 
we spec'd 'just sign the blob' in a SAML binding spec recently because of 
this, perhaps if xmldsig is rev'd these sorts of concerns/approaches should be 
taken into account, to promote interoperability", and didn't get ignored, 
interestingly enough. Also, a few other participants explicitly mentioned the 
"streaming" use case, which is a key concern in Peter Gutmann's xmldsig 
critique: <http://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt>.

As the report described below indicates, there's an effort emerging to charter 
a W3C working group to rev the xmldsig spec, which might be of interest to 
various folk.


=JeffH


-------- Original Message --------
Subject: Report on Workshop on Next Steps for XML Signature and XML 	Encryption
Date: Tue, 23 Oct 2007 19:40:41 +0200
From: Thomas Roessler <tlr at w3.org>
To: public-xmlsec-discuss at w3.org


On 25 and 26 September 2007, W3C held a Workshop on Next Steps for
XML Signature and XML Encryption [1] in Mountain View, CA, USA,
hosted by VeriSign. The group has published its summary report [2].

The Workshop report indicates strong interest in additional work on
XML security and interest in a Working Group. Attendees identified
the areas of highest interest:

   - Create a basic profile of XML Signature
   - Review and possibly update the referencing
     model using xml:id and other mechanisms
   - Update cryptographic algorithms
   - Revisit XML canonicalization
   - Update the transform model.

Areas of ongoing and medium interest that were identified are scalable
profiling, implementation guidance, key management issues, XKMS, XML 1.1, EXI,
and interaction with other security organizations.

The Workshop report will serve as input for the deliverable of the XML
Security Specification Maintenance Working Group to propose a draft charter
for possible follow-up work.


To enable discussion among Workshop attendees, Working Group
participants, and the broader community, this mailing list,
public-xmlsec-discuss at w3.org (public archive [3]), has been created.

Participation in the mailing list is open to all interested parties.

Current list subscribers include the members of the XML Security
Specifications Maintenance Working Group, and workshop participants.
If you want to be removed from the list, please let me know.

[1] http://www.w3.org/2007/xmlsec/ws/cfp
[2] http://www.w3.org/2007/xmlsec/ws/report
[3] http://lists.w3.org/Archives/Public/public-xmlsec-discuss/2007Oct/

-- 
Thomas Roessler, W3C  <tlr at w3.org>


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list