Roadmap

From XML Security WG Wiki
Jump to: navigation, search

This Roadmap reflects the WG current plans for work to meet its charter. This plan is subject to change at any time by the WG. Status of documents being produced by the WG is provided at the PublicationStatus page.

#XML Security 1.1 Roadmap

#XML Security 2.0 Roadmap

XML Security 1.1

Next steps for XML Security 1.1

Previously completed steps

11 April 2013 Progress 1.1 Specifications to Recommendation ; W3C News item

  1. XML Encryption 1.1
  2. XML Signature 1.1, references RFC4051 6x
  3. XML Signature Properties

11 April 2013 Publish updated 1.1 WG Notes to update REC references and status ; W3C News item

  1. XML Security 1.1 Requirements and Design Considerations - XMLDSIG-PROPERTIES (local fix)
  2. Functional Explanation of Changes in XML Signature 1.1 - XMLDSIG-CORE1, (removed OCSPResponse)
  3. Functional Explanation of Changes in XML Encryption 1.1 - XMLENC-CORE1
  4. XML Security Algorithm Cross-Reference XML-C14N20, XMLDSIG-CORE1, XMLENC-CORE1, XMLSEC-GHCIPHERS ; RFC4051
  5. XML Security Generic Hybrid Ciphers - XMLDSIG-CORE1, XMLENC-CORE1, XMLSEC-RELAXNG
  6. XML Security RELAX NG Schemas XMLDSIG-CORE1, XMLDSIG-PROPERTIES (local fix), XMLENC-CORE1, XMLSEC-GHCIPHERS
  7. XML Signature Best Practices - XMLDSIG-CORE1, XMLDSIG-XPATH

Publications that are final and were not updated:

  1. XML Signature 1.1 Interop Test Report - XMLDSIG-CORE1, XMLDSIG-CORE1-CHGS
  2. XML Encryption 1.1 Interop Test Report - XMLDSIG-CORE1-INTEROP, XMLENC-CORE1, XMLENC-CORE1-CHGS


24 January 2013 PR publication

24 January 2013 WG Note publication of

Wait for 60 Day IPR exclusion period before requesting PR transition, email confirming 60 day period

  • End of 60 Day period is 17 December 2012

This Roadmap schedule has been revised to reflect the PAG completion on 15 October 2012. This was later than the originally anticipated completion in August 2012 (or earlier), thus the anticipated completion date has been adjusted from December 2012 to March 2013.

Update XML Signature 1.1 and XML Encryption 1.1 for editorial corrections based on Last Call comments.

"XML Signature 1.1 Interop Test Report" and "XML Encryption 1.1 Interop Test Report" published as W3C Notes 13 November 2012

Three week Last Call ending 8 November 2012 Completed.

Last Call publication of XML Encryption 1.1 and XML Encryption 1.1, 18 October 2012

  • Functional Explanation of Changes in XML Encryption 1.1 published as WG NOTE
  • Functional Explanation of Changes in XML Signature 1.1 published as WG NOTE

XML Signature 1.1 and XML Encryption 1.1 interop completed, interop test reports updated. 12 Sept 2012

Removed at-risk features from Signature Properties editors draft, 12 Sept 2012

W3C WG NOTE publication, 13 July 2012

  • XML Signature Best Practices (Completed, W3C WG NOTE)

CR Publication, 13 March 2012

  • XML Encryption 1.1 (Second CR)

W3C WG NOTE publication, 24 January 2012

  • XML Security RELAX NG Schemas (Completed, W3C WG NOTE)

Updated Last Call drafts, 5 January 2012; Last Call ended 16 February 2012

  • XML Encryption 1.1 (Third Last Call, address newly publicized chosen-ciphertext attacks against CBC algorithms, make AES-128-GCM mandatory, update security considerations)

Published updated Working Drafts of Note track documents, 30 August 2011:

  • XML Security RELAX NG Schemas.

Published updated Working Drafts of Note track documents, 9 August 2011:

  • XML Signature Best Practices

CR Fall 2010 (updated - plan for 1Q 2011) Published, 4 March 2011, "Candidate Recommendation";

  • XML Signature 1.1 (CR)
  • XML Encryption 1.1 (CR)
  • XML Security Generic Hybrid Ciphers (CR)
  • XML Signature Properties (CR)

Published updated Working Drafts of Note track documents, 4 March 2011:

  • XML Security 1.1 Requirements and Design Considerations
  • XML Security RELAX NG Schemas.

Last Call in November 2010 (addition to roadmap to reflect needed changes): Published, 30 November 2010 ; Last Call Ended 22 December 2010, no comments received.

  • XML Signature 1.1 (Third Last Call, Added X509Digest element and deprecated the X509IssuerSerial element, Changed ECKeyValue attribute from URN to URI, Replaced normative SEC1 reference with ECC-ALGS; see document for details)
  • XML Encryption 1.1 (Second Last Call, PBKDF2 schema update, recommend HMAC-SHA256 with PBKDF2 instead of HMAC-SHA1, EXI clarifications, corrections based on other previous last call comments, reference update; see document for details )

Updated Note Publications, Fall 2010: Published, 31 August 2010

  • XML Security RELAX NG Schemas (per Roadmap)
  • XML Signature Best Practices (update also published)

Last Call in May 2010: Published, 13 May 2010 ; Last Call Ended, 10 June 2010, Comments on XML Encryption 1.1 as noted:

  • XML Signature 1.1 (Second Last Call, added KeyInfoReference, replaced "Agreement" with "DerivedKey", updated references; see document for details)
  • XML Encryption 1.1 (Last Call) disposition of comments
  • XML Security Generic Hybrid Ciphers (Last Call)

Updated Publication in March 2010 : Published, 16 March 2010

  • XML Encryption 1.1
  • XML Security RELAX NG Schemas
  • XML Security Generic Hybrid Ciphers
  • XML Security Algorithm Cross-Reference

Updated Publication in February 2010 : Published, 4 February 2010

  • XML Security 1.1 Requirements and Design Considerations
  • XML Security RELAX NG Schemas
  • XML Signature Best Practices.

Updated publication: Published, 30 April 2009:

  • XML Signature Properties

FPWD and Updated Publications in July 2009: Published 31 July 2009:

  • XML Signature Best Practices.
  • XML Signature 1.1.
  • XML Encryption 1.1.
  • XML Security Generic Hybrid Ciphers FPWD.
  • XML Security Algorithm Cross-Reference.

Last Call in February 2010: Published, 4 February 2010; Last Call Ended, 18 March 2010, Comments as noted:

FPWD publication: FPWD Published, 26 February 2009:

  • XML Signature 1.1 FPWD
  • XML Encryption 1.1 FPWD
  • XML Security Use Cases and Requirements FPWD
  • XML Security Derived Keys FPWD
  • XML Signature Properties FPWD
  • XML Security Algorithm Cross-Reference FPWD
  • XML Signature Best Practices (updated WD)

Overview

(Note: The Working Group has incorporated the XML Security Derived Keys specification material into XML Encryption 1.1 specification, so the Derived Keys specification will not progress further).

The intent of XML Security 1.1 is to provide a non-breaking additive update to the current XML Security specification that does the following:

  • Updates list of required/recommended/optional algorithms to add new algorithms based on SHA algorithms stronger than SHA-1.
  • Clarify that SHA algorithms stronger than SHA-1 should be used, given the pace with which attacks on SHA-1 are progressing.
  • Add elliptic curve algorithms based on a limited selection of curves to meet Suite B requirements and to provide alternative to RSA family.
  • Only require DSAwithSHA1 for signature verification, but not signature generation.
  • Add explicit support for OCSP information in KeyInfo in XML SIgnature 1.1
  • Clarify various aspects of the specifications, update references,and recognize existing work developed since the original specification, including Exclusive Canonicalization and XPath Filter 2.0.
  • The Algorithms cross-references provides a summary of various algorithm URI identifiers used in XML Security and references to the various documents that define them, to avoid confusion and possible usage errors.

XML Security 2.0

Next steps for XML Security 2.0

TBD C14N1.2

  • Create Draft based on C14N11 and material from C14N2
  • Agree to publish as Recommendation or Note, if Recommendation then decide if LC/CR stages needed

Previously completed steps

11 April 2013 Publish as 6 WG Notes to complete those drafts ; W3C News item

  1. XML Security 2.0 Requirements and Design Considerations
  2. C14N20
  3. XML Signature 2.0 - sync'd cwith 1.1 updates;
  4. Streaming Profile of XPath 1.0
  5. XML Encryption 1.1 CipherReference processing using 2.0 Transforms
  6. Test Cases for C14N20

CR 13 March 2012

  • XML Encryption 1.1 CipherReference Processing using 2.0 Transforms Specification

CR, 4Q 2010/1Q 2011 (updated - plan for 1H 2011), Published, 24 January 2012

  • Canonical XML 2.0
  • XML Signature 2.0
  • XML Signature Streaming Profile of XPath 1.0

Last Call 5 January 2012, Last Call ended 16 February 2012

  • XML Encryption 1.1 CipherReference Processing using 2.0 Transforms Specification

FPWD published 7 July 2011

  • XML Encryption 1.1 CipherReference Processing using 2.0 Transforms Specification

Last Call, Fall 2010 (updated - plan for 1Q2011) Published 26 April 2011, Last Call ended 26 May 2011.

  • Canonical XML 2.0
  • XML Signature 2.0
  • XML Signature Streaming Profile of XPath 1.0

FPWD Summer 2010 : Published 31 August 2010

  • XML Signature Streaming Profile of XPath 1.0 (FPWD, per roadmap)
  • Canonical XML 2.0 (updated WD published in conjunction with FPWD of XML Signature Streaming Profile of XPath 1.0)
  • XML Signature 2.0 (updated WD published in conjunction with FPWD of XML Signature Streaming Profile of XPath 1.0)

Updated Publication in March 2010 : Published

  • Canonical XML 2.0
  • XML Signature 2.0

Updated Publication in February 2010 : Published

  • XML Security Requirements 2.0
  • XML Signature Transform Simplification: Requirements and Design (to note that obsoleted by 2.0 Requirements and XML Signature 2.0)

FPWD in October 2009  : Published

  • Canonical XML 2.0
  • XML Signature 2.0

31 July 2009 : Published

  • XML Signature Transform Simplification: Requirements and Design.

FPWD publication: FPWD Published, 26 February 2009:

  • XML Signature Transform Simplification: Requirements and Design FPWD

Overview

The focus of the XML Security 2.0 is to achieve performance improvements,,enable streaming processing, reduce the attack surface, and incorporate improvements from the 1.1 release.

The WG is attempting to do this with minimal impact on backward compatibility but may find it necessary to make breaking changes.

Changes may include changes to the transform and reference processing model, canonicalization and other aspects.

Additional XML Security Deliverables

Please see the publications page for details on errata and other deliverables.