W3C

XML Security Working Group Charter

The mission of the XML Security Working Group, part of the Security Activity, is to take the next step in developing the XML security specifications.

Join the XML Security Working Group.

End date 30 April 2013
Confidentiality Proceedings are public
Initial Chairs Frederick Hirsch, Nokia
Initial Team Contacts
(FTE %: 35)
Thomas Roessler, W3C
Usual Meeting Schedule Teleconferences: Weekly
Face-to-face: 3-4 per year

Background and Scope

The existing suite of XML security specifications has become a fundamental technology in the XML and Web Service worlds over the last 7 years: The joint IETF/W3C XML Signature Working Group specified mechanisms to digitally sign XML documents and other data, and to encapsulate digital signatures in XML. The W3C XML Encryption Working Group specified mechanisms to encrypt XML documents and other data, and to encapsulate the encrypted material and related meta-information in XML. In 2007, the XML Security Specifications Maintenance Working Group took up limited maintenance work of the XML Signature Specification, and the XML Core Working Group prepared the Canonical XML 1.1 Recommendation, on which XML Signature depends.

The W3C Workshop on Next Steps for XML Signature and XML Encryption identified next steps for this suite of technologies that are desirable to a broader community.

The XML Security Working Group is chartered to evaluate and act on recommendations in the Workshop report in developing the XML Security specifications on the basis of lessons learned from implementation and deployment experience to date.

Requirements Development

In a first phase of its work, the Group will review use cases and requirements for the existing set of specifications, and create an updated use case and requirements document. Specifically, the Working Group will:

In considering these use cases and requirements, the Working Group's attention is in particular called to algorithmic performance and efficiency and also to streaming considerations.

Specification Development

Based on the requirements gathered in the first phase of its work, the Working Group will develop updates to the core XML Security specifications. The Working Group is asked to consider the benefits of compatibility with the existing specification environment. If the Working Group decides to make breaking changes to one of the XML Security specifications, it will communicate such a decision broadly and early.

Canonicalization

The Working Group should specify one or more canonicalization algorithms to address requirements not met by existing canonicalization algorithms. At least one such algorithm should be suitable to replace the Canonical XML 1.0 and 1.1 recommendations as mandatory to implement canonicalization methods in an updated version of XML Signature.

XML Signature

The Working Group will develop an update to the XML Signature Syntax and Processing Recommendation. In particular, the Working Group will:

It is expected that the work on identifiers and mark-up to accommodate further crytpographic algorithms will influence the development of a successor document to RFC 4051, Additional XML Security Uniform Resource Identifiers (URIs). The Working Group will contribute to such an update.

The result of this development can take the form of one or more profiles, or of a revised specification.

The Working Group MUST follow the versioning policy for the namespace currently used by XML Signature Syntax and Processing.

XML Encryption

The Working Group may develop an update to the XML Encryption specification to ensure consistency with possible changes to the XML Signature specification, and to accommodate additional cryptographic algorithms as determined necessary during the requirements phase.

Maintenance Work

In addition to the work outlined above, the Working Group may consider comments and updates to the following set of specifications:

The scope of maintenance work on deliverables mentioned only in this section is limited to changes of classes 1, 2, and 3 as defined in the process document. Any updates to Canonical XML Version 1.1 will be published as joint deliverables with the XML Core Working Group.

Deliverables

The following table lists the recommendation track specifications that this Working Group is chartered to update and develop, and the classes of work expected for these specifications. The Working Group may only make changes of classes 1, 2 and 3 as defined in the process document to those specifications that are listed as "maintenance only".

Specification Class of changes
XML Signature Syntax and Processing Substantive and maintenance.
XML Encryption Syntax and Processing Substantive and maintenance.
Canonicalization V next Substantive.
XML-Signature XPath Filter 2.0 Maintenance only.
Canonical XML Version 1.0 Maintenance only.
Canonical XML Version 1.1 Maintenance only.
Exclusive XML Canonicalization Version 1.0 Maintenance only.
Decryption Transform for XML Signature Maintenance only.

Note that this charter does not constrain the Working Group in the precise structuring of its substantive deliverables. E.g., the Working Group may decide to reorganize the XML Signature specification by splitting it into multiple documents, or deliver functionality of an updated canonicalization specification by way of changes to the XML Signature specification.

The Working Group may also produce additional deliverables as Notes. In particular, the Working Group is expected to publish its requirements as a W3C WG Note.

Milestones

Milestones are listed only for the substantive specification development that is planned for this Working Group. It is expected that maintenance only deliverables will be prepared on an ongoing basis, as needed. The milestones given in this charter are an initial estimate, and will be renegotiated if the need arises.

For the group's current schedule, please refer to the Roadmap and Publication Status pages maintained by the Working Group.

Month Milestone
3 First Public Working Draft for updated XML Signature and Canonicalization Requirements
6 Stable draft of Requirements
10 First Public Working Drafts for XML Signature updates, Canonicalization V next, and updates to XML Encryption as needed
18 Last Call Drafts for XML Signature updates and Canonicalization V next, and updates to XML Encryption as needed

Dependencies and Liaisons

W3C Groups

XML Core Working Group

The XML Core Working Group is chartered to maintain and develop core XML specifications. The XML Security Working Group and the XML Core Working Group will publish any updates to the Canonical XML 1.1 specification as joint deliverables.

XML Coordination Group

The chair of this Working Group will be a member of the XML Coordination Group and will look for opportunities to liaise with other XML Working Groups in the development of the draft charter for future work.

Web Application Formats Working Group

The Web Application Formats Working Group (or its successor) is likely to use the XML Security specifications in its work on Widget packaging formats, and is expected to be a possible source of use cases and requirements for this work. It is also expected that this Working Group will review relevant deliverables of the Web Application Formats Working Group (or its successor).

External Groups

Internet Engineering Task Force

The XML Signature specification was produced in a joint effort between W3C and the IETF. It is expected that the XML Security Working Group will liaise closely with the IETF Security and Application Areas in developing its deliverables.

OASIS

A number of OASIS Technical Committees in the security area are direct users of the core XML security specifications, and are possible sources of use cases and requirements for this work. The Working Group should solicit these Technical Committees to review its deliverables. Such Technical Committees include:

Other OASIS Technical Committees that make use of the XML security specifications include the Web Services Transaction (WS-TX) TC, the Election and Voter Services TC, the Universal Business Language (UBL) TC, and the LegalXML Electronic Court Filing TC.

ETSI Electronic Signatures and Infrastructures (ESI) Technical Committee

The ETSI Electronic Signatures and Infrastructures (ESI) Technical Committee is the lead body within ETSI in relation to the standardization activities dealing with Electronic Signatures and related Infrastructures within ETSI.

Web Services Interoperability Organization

The Web Services Interoperability Organization (WS-I) Basic Security Profile (BSP) work group is chartered to profile Web Services Security (WSS) for interoperability. Web Services Security is a user of XML Signature and XML Encryption. The Working Group is expected to inform WS-I BSP on proposals for future work.

Liberty Alliance

The Liberty Alliance has developed an identity web services framework (ID-WSF). This community is familiar with and uses XML Security and should be consulted in developing proposals for further work.

Participation

Participants are reminded of the Good Standing requirements of the W3C Process.

The Working Group is expected to hold 3-4 face-to-face meetings each year (including one at each W3C Technical Plenary), and to hold weekly telephone conferences.

Communication

This group primarily conducts its work on the public mailing list public-xmlsec@w3.org. The group will use the Member-only mailing list member-xmlsec@w3.org for communications with W3C member only Working Groups, for administrative purposes, and for other discussions that are exceptionally held in Member-only space.

Information about the group (deliverables, participants, face-to-face meetings, teleconferences, etc.) is available from the XML Security Working Group home page.

Patent Policy

This Working Group operates under the W3C Patent Policy (5 February 2004 Version). To promote the widest adoption of Web standards, W3C seeks to issue Recommendations that can be implemented, according to this policy, on a Royalty-Free basis.

For more information about disclosure obligations for this group, please see the W3C Patent Policy Implementation.

About this Charter

This charter for the XML Security Working Group has been created according to section 6.2 of the Process Document. In the event of a conflict between this document or the provisions of any charter and the W3C Process, the W3C Process shall take precedence.

This charter has been extended:


Frederick Hirsch, Nokia
Thomas Roessler, W3C Security Activity Lead

$Date: 2013/01/30 11:43:52 $