XML Security Specifications Maintenance
Working Group Charter

The mission of this working group is to perform limited maintenance work on the basic XML Security specifications, and suggest a charter for further work.

Join the XML Security Specifications Maintenance Working Group!

End date	31 December 2007
Confidentiality	See Confidentiality and Communication
Initial Chair	Frederick Hirsch, Nokia
Initial Team Contact (FTE %: 25)	Thomas Roessler
Usual Meeting Schedule	Face-to-face meetings: between 1 and 3 Teleconferences: weekly

Background and Scope

Past W3C security work was focused on foundation technologies: The joint IETF-W3C XML Signature Working Group specified mechanisms to digitally sign XML documents and other data, and to encapsulate digital signatures in XML. The W3C XML Encryption Working Group specified mechanisms to encrypt XML documents and other data, and to encapsulate the encrypted material and related meta-information in XML.

Canonical XML 1.0 is required for implementations of the XML Signature Syntax and Processing Recommendation. The XML Core Working Group is chartered to revise Canonical XML, and is publishing the result as Canonical XML 1.1. This version of Canonical XML will address incompatibilities between that specification and the xml:id and xml:base Recommendations, and possible future attributes in the xml namespace. It is also known that the Decryption Transform for XML Signature Recommendation includes processing of xml namespace attributes that is analogous to that in Canonical XML 1.0, and leads to similar issues.

This Working Group is chartered to update the XML Signature Syntax and Processing Recommendation and the Decryption Transform for XML Signature Recommendation to be compatible with the evolving XML environment. The update will also take known errata into account. These include the XML Signature Errata and the Decryption Transform Errata.

The Working Group is also chartered to collect and study additional issues with the XML Encryption and XML Signature suite of specifications, and to propose a draft charter for work to address these issues.

Milestones and Deliverables

Recommendation Track Deliverables

The group should publish a Proposed Edited Recommendation (PER) for XML Signature Syntax and Processing, and advance this document to Recommendation.
The group should return the Decryption Transform for XML Signature Recommendation to Working Draft state, and advance the document to Recommendation. The group MAY decide to issue a Last Call for its First Public Working Draft of the revised Decryption Transform.

For both of these documents, the Working Group MUST demonstrate that any changes that affect conformance of implementations are necessary to accommodate either Canonical XML 1.1, or otherwise address incompatibilities with the evolving XML environment.

Other Deliverables

The group should develop a draft charter for further work on the XML Signature and Encryption suites of specifications. In developing this deliverable, the Working Group should consult with and engage relevant communities both internal and external to W3C. The list of relevant organizations given in the "Dependencies" section of this charter is an initial list of such communities, and not expected to be exhaustive.
The group may develop a Working Group Note that documents Best Practices in the deployment and implementation of the XML Security specifications.

Schedule and Meetings

This group is chartered until 31 December 2007. The group will hold weekly telephone conferences of one hour. The group will hold at least one face-to-face meeting, and at most three face-to-face meetings. The group may hold one of these meetings as a workshop open to the public to gather community input on directions for further work on the XML security specifications.

The Working Group is expected to do early interoperability testing, and will require participation by implementers.

Dependencies

Inside W3C

XML Core Working Group: The XML Core Working Group is chartered to maintain and develop core XML specifications, and is currently working on a revision of Canonical XML to resolve inconsistencies with the xml:id specification. This revision is in Last Call as of December 2006, and the XML Core Working Group has agreed to extend this Last Call until such time that this Working Group has reviewed the Last Call draft. It is expected that the XML Core Working Group and this Working Group cooperate on interoperability testing.
XML Coordination Group: The chair of this Working Group will be a member of the XML Coordination Group and will look for opportunities to liaise with other XML Working Groups in the development of the draft charter for future work.
Ubiquitous Web Applications Activity: The Ubiquitous Web Applications Activity (UWA) is currently is under AC review at the time of this charter, and is expected to be a source of requirements relevant to this Working Group's work item of developing a draft charter for further work on the basic XML Security specifications.

External Groups

The following is a tentative list of external bodies that the Working Group should collaborate with:

Internet Engineering Task Force: The XML Signature specification was produced in a joint effort between W3C and the IETF. It is expected that the Proposed Edited Recommendation will be submitted for review by the Internet Engineering Steering Group (IESG) to enable publication of the Recommendation as an RFC. The Working Group will also closely coordinate with the IETF community on its proposals for further work.
OASIS: The OASIS Web Services Secure Exchange (WS-SX) Technical Committee is chartered to define extensions to the OASIS Web Services Security (WSS) standards to enable trusted SOAP message exchanges involving multiple message exchanges and is a user of XML Security specifications. The OASIS Security Services Technical Committee (SSTC) uses XML Security in its work related to the creation and exchange of authentication and authorization information. Members of these committees are well informed regarding XML Security. The Working Group is expected to closely coordinate with these and other relevant OASIS TCs on its proposals for further work.
Web Services Interoperability Organization: The Web Services Interoperability Organization (WS-I) Basic Security Profile (BSP) work group is chartered to profile Web Services Security (WSS) for interoperability. Web Services Security is a user of XML Signature and XML Encryption. The Working Group is expected to inform WS-I BSP on proposals for future work.
Liberty Alliance: The Liberty Alliance has developed an identity web services framework (ID-WSF). This community is familiar with and uses XML Security and should be consulted in developing proposals for further work.

Confidentiality and Communication

Information about the XML Security Specifications Maintenance Working Group is available from the Working Group Home Page. This group primarily conducts its work on the public mailing list public-xmlsec-maintwg@w3.org (archive). The group will use the Member-only mailing list member-xmlsec-maintwg@w3.org (archive) for communications with W3C Member-only groups and for administrative purposes.

Patent Policy

This Working Group operates under the W3C Patent Policy (5 February 2004 Version). To promote the widest adoption of Web standards, W3C seeks to issue Recommendations that can be implemented, according to this policy, on a Royalty-Free basis.

For more information about disclosure obligations for this group, please see the W3C Patent Policy Implementation.

About this Charter

This charter has been created according to section 6.2 of the Process Document. In the event of a conflict between this document or the provisions of any charter and the W3C Process, the W3C Process shall take precedence.

$Id: xmlsig-charter.html,v 1.28 2007/03/02 14:41:42 roessler Exp $

XML Security Specifications Maintenance Working Group Charter