Difference between revisions of "Roadmap"

From XML Security WG Wiki
Jump to: navigation, search
(The following steps are planned for XML Security 1.1)
Line 31: Line 31:
 
This Roadmap schedule has been revised to reflect the [http://lists.w3.org/Archives/Public/public-xmlsec/2012Oct/0005.html PAG completion] on 15 October 2012. This was later than the originally anticipated completion in August 2012 (or earlier), thus the anticipated completion date has been adjusted from December 2012 to March 2013.
 
This Roadmap schedule has been revised to reflect the [http://lists.w3.org/Archives/Public/public-xmlsec/2012Oct/0005.html PAG completion] on 15 October 2012. This was later than the originally anticipated completion in August 2012 (or earlier), thus the anticipated completion date has been adjusted from December 2012 to March 2013.
  
# XML Signature 1.1 and XML Encryption 1.1 interop completed, interop test reports updated.
+
Update XML Signature 1.1 and XML Encryption 1.1 for editorial corrections based on Last Call comments.
#* [http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core1-interop/Overview.html Draft XML Signature 1.1 interop test report]
+
 
#* [http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core1-interop/Overview.html Draft XML Encryption 1.1 interop test report]
+
Wait for 60 Day IPR exclusion period before requesting PR transition, [http://lists.w3.org/Archives/Public/public-xmlsec/2012Oct/0004.html email confirming 60 day period]  
#* ( 12 Sept 2012: X509Digest, DEREncodedKeyValue, KeyInfoReference interop testing completed )
+
* End of 60 Day period is 17 December
# Publish Last Call working draft of XML Signature 1.1 and XML Encryption 1.1 once interop and PAG is completed
+
 
#*  originally scheduled for 6 September 2012
+
Request [http://www.w3.org/2005/10/Process-20051014/tr.html#cfr transition to PR] for XML Signature 1.1, XML Encryption 1.1 and XML Signature Properties on 18 December
#* Current publication request for 18 October 2012
+
 
#* Three week Last Call ending 8 November 2012
+
PR publication, 3-10 January 2013, depending on publication availability
# Wait for 60 Day IPR exclusion period before requesting PR transition, [http://lists.w3.org/Archives/Public/public-xmlsec/2012Oct/0004.html email confirming 60 day period] - if Last Call comments received this may required an addition Last Call review and change to the following schedule.
+
* PR review period is minimum of 4 weeks, thus the earliest PR end is 1-8 February 2012
#* End of 60 Day period is 17 December
+
* Note [https://lists.w3.org/Archives/Member/chairs/2012AprJun/0093.html publishing moratorium is from 14 December 2012 - 2 January 2013], so 3 January 2013 is earliest possible PR publication, assuming approval has been obtained.
# Remove at-risk features from Signature Properties editors draft (Update 12 Sept 2012 - done)
+
 
# Request [http://www.w3.org/2005/10/Process-20051014/tr.html#cfr transition to PR] for XML Signature 1.1, XML Encryption 1.1 and XML Signature Properties on 18 December
+
  [http://www.w3.org/2005/10/Process-20051014/tr.html#rec-publication transition from PR to REC], decision via email , assuming no issues raised during AC review
# PR publication, 3-10 January 2013, depending on publication availability
+
* Anticipate publication as REC late February or early March depending on approval times and publication resource availability
#* PR review period is minimum of 4 weeks, thus the earliest PR end is 1-8 February 2012
+
#* Note [https://lists.w3.org/Archives/Member/chairs/2012AprJun/0093.html publishing moratorium is from 14 December 2012 - 2 January 2013], so 3 January 2013 is earliest possible PR publication, assuming approval has been obtained.
+
# [http://www.w3.org/2005/10/Process-20051014/tr.html#rec-publication transition from PR to REC], decision via email , assuming no issues raised during AC review
+
#* Anticipate publication as REC late February or early March depending on approval times and publication resource availability
+
  
 
Publish NOTEs in conjunction with other publications
 
Publish NOTEs in conjunction with other publications
* Publish "XML Signature 1.1 Interop Test Report" and  "XML Encryption 1.1 Interop Test Report" as W3C NOTE in advance of PR transition request.
 
 
* Publish "XML Security 1.1 Requirements and Design Considerations" and "XML Security Algorithm Cross-Reference" as W3C NOTE at same time.
 
* Publish "XML Security 1.1 Requirements and Design Considerations" and "XML Security Algorithm Cross-Reference" as W3C NOTE at same time.
 
* Publish "XML Security Generic Hybrid Ciphers" as a W3C NOTE (indicating no further development planned on REC track) in conjunction with PR publication (or earlier)
 
* Publish "XML Security Generic Hybrid Ciphers" as a W3C NOTE (indicating no further development planned on REC track) in conjunction with PR publication (or earlier)
Line 140: Line 135:
 
[http://www.w3.org/News/2012#entry-9497 W3C WG NOTE publication], 13 July 2012
 
[http://www.w3.org/News/2012#entry-9497 W3C WG NOTE publication], 13 July 2012
 
* XML Signature Best Practices ('''Completed, W3C WG NOTE''')
 
* XML Signature Best Practices ('''Completed, W3C WG NOTE''')
 +
 +
XML Signature 1.1 and XML Encryption 1.1 interop completed, interop test reports updated. 12 Sept 2012
 +
* [http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core1-interop/Overview.html Draft XML Signature 1.1 interop test report]
 +
* [http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core1-interop/Overview.html Draft XML Encryption 1.1 interop test report]
 +
* ( 12 Sept 2012: X509Digest, DEREncodedKeyValue, KeyInfoReference interop testing completed )
 +
 +
Removed at-risk features from Signature Properties editors draft, 12 Sept 2012
 +
 +
[http://www.w3.org/News/2012#entry-9603 Last Call publication of XML Encryption 1.1 and XML Encryption 1.1], 18 October 2012
 +
* Functional Explanation of Changes in XML Encryption 1.1 published as WG NOTE
 +
* Functional Explanation of Changes in XML Signature 1.1 published as WG NOTE
 +
 +
Three week Last Call ending 8 November 2012 Completed.
 +
 +
[http://www.w3.org/News/2012#entry-9630 "XML Signature 1.1 Interop Test Report" and  "XML Encryption 1.1 Interop Test Report" published as W3C Notes] 13 November 2012
  
 
==  XML Security 2.0 ==
 
==  XML Security 2.0 ==

Revision as of 17:53, 13 November 2012

This Roadmap reflects the WG current plans for work to meet its charter. This plan is subject to change at any time by the WG. Status of documents being produced by the WG is provided at the PublicationStatus page.

#XML Security 1.1 Roadmap

#XML Security 2.0 Roadmap

XML Security 1.1

(Note: The Working Group has incorporated the XML Security Derived Keys specification material into XML Encryption 1.1 specification, so the Derived Keys specification will not progress further).

The intent of XML Security 1.1 is to provide a non-breaking additive update to the current XML Security specification that does the following:

  • Updates list of required/recommended/optional algorithms to add new algorithms based on SHA algorithms stronger than SHA-1.
  • Clarify that SHA algorithms stronger than SHA-1 should be used, given the pace with which attacks on SHA-1 are progressing.
  • Add elliptic curve algorithms based on a limited selection of curves to meet Suite B requirements and to provide alternative to RSA family.
  • Only require DSAwithSHA1 for signature verification, but not signature generation.
  • Add explicit support for OCSP information in KeyInfo in XML SIgnature 1.1
  • Clarify various aspects of the specifications, update references,and recognize existing work developed since the original specification, including Exclusive Canonicalization and XPath Filter 2.0.
  • The Algorithms cross-references provides a summary of various algorithm URI identifiers used in XML Security and references to the various documents that define them, to avoid confusion and possible usage errors.

The following steps are planned for XML Security 1.1

This Roadmap schedule has been revised to reflect the PAG completion on 15 October 2012. This was later than the originally anticipated completion in August 2012 (or earlier), thus the anticipated completion date has been adjusted from December 2012 to March 2013.

Update XML Signature 1.1 and XML Encryption 1.1 for editorial corrections based on Last Call comments.

Wait for 60 Day IPR exclusion period before requesting PR transition, email confirming 60 day period

  • End of 60 Day period is 17 December

Request transition to PR for XML Signature 1.1, XML Encryption 1.1 and XML Signature Properties on 18 December

PR publication, 3-10 January 2013, depending on publication availability

transition from PR to REC, decision via email , assuming no issues raised during AC review
  • Anticipate publication as REC late February or early March depending on approval times and publication resource availability

Publish NOTEs in conjunction with other publications

  • Publish "XML Security 1.1 Requirements and Design Considerations" and "XML Security Algorithm Cross-Reference" as W3C NOTE at same time.
  • Publish "XML Security Generic Hybrid Ciphers" as a W3C NOTE (indicating no further development planned on REC track) in conjunction with PR publication (or earlier)

Previously completed steps

FPWD publication: FPWD Published, 26 February 2009:

  • XML Signature 1.1 FPWD
  • XML Encryption 1.1 FPWD
  • XML Security Use Cases and Requirements FPWD
  • XML Security Derived Keys FPWD
  • XML Signature Properties FPWD
  • XML Security Algorithm Cross-Reference FPWD
  • XML Signature Best Practices (updated WD)

Updated publication: Published, 30 April 2009:

  • XML Signature Properties

FPWD and Updated Publications in July 2009: Published 31 July 2009:

  • XML Signature Best Practices.
  • XML Signature 1.1.
  • XML Encryption 1.1.
  • XML Security Generic Hybrid Ciphers FPWD.
  • XML Security Algorithm Cross-Reference.

Last Call in February 2010: Published, 4 February 2010; Last Call Ended, 18 March 2010, Comments as noted:

Updated Publication in February 2010 : Published, 4 February 2010

  • XML Security 1.1 Requirements and Design Considerations
  • XML Security RELAX NG Schemas
  • XML Signature Best Practices.

Updated Publication in March 2010 : Published, 16 March 2010

  • XML Encryption 1.1
  • XML Security RELAX NG Schemas
  • XML Security Generic Hybrid Ciphers
  • XML Security Algorithm Cross-Reference

Last Call in May 2010: Published, 13 May 2010 ; Last Call Ended, 10 June 2010, Comments on XML Encryption 1.1 as noted:

  • XML Signature 1.1 (Second Last Call, added KeyInfoReference, replaced "Agreement" with "DerivedKey", updated references; see document for details)
  • XML Encryption 1.1 (Last Call) disposition of comments
  • XML Security Generic Hybrid Ciphers (Last Call)

Updated Note Publications, Fall 2010: Published, 31 August 2010

  • XML Security RELAX NG Schemas (per Roadmap)
  • XML Signature Best Practices (update also published)

Last Call in November 2010 (addition to roadmap to reflect needed changes): Published, 30 November 2010 ; Last Call Ended 22 December 2010, no comments received.

  • XML Signature 1.1 (Third Last Call, Added X509Digest element and deprecated the X509IssuerSerial element, Changed ECKeyValue attribute from URN to URI, Replaced normative SEC1 reference with ECC-ALGS; see document for details)
  • XML Encryption 1.1 (Second Last Call, PBKDF2 schema update, recommend HMAC-SHA256 with PBKDF2 instead of HMAC-SHA1, EXI clarifications, corrections based on other previous last call comments, reference update; see document for details )

CR Fall 2010 (updated - plan for 1Q 2011) Published, 4 March 2011, "Candidate Recommendation";

  • XML Signature 1.1 (CR)
  • XML Encryption 1.1 (CR)
  • XML Security Generic Hybrid Ciphers (CR)
  • XML Signature Properties (CR)

Published updated Working Drafts of Note track documents, 4 March 2011:

  • XML Security 1.1 Requirements and Design Considerations
  • XML Security RELAX NG Schemas.

Published updated Working Drafts of Note track documents, 9 August 2011:

  • XML Signature Best Practices

Published updated Working Drafts of Note track documents, 30 August 2011:

  • XML Security RELAX NG Schemas.

Updated Last Call drafts, 5 January 2012; Last Call ended 16 February 2012

  • XML Encryption 1.1 (Third Last Call, address newly publicized chosen-ciphertext attacks against CBC algorithms, make AES-128-GCM mandatory, update security considerations)

W3C WG NOTE publication, 24 January 2012

  • XML Security RELAX NG Schemas (Completed, W3C WG NOTE)

CR Publication, 13 March 2012

  • XML Encryption 1.1 (Second CR)

W3C WG NOTE publication, 13 July 2012

  • XML Signature Best Practices (Completed, W3C WG NOTE)

XML Signature 1.1 and XML Encryption 1.1 interop completed, interop test reports updated. 12 Sept 2012

Removed at-risk features from Signature Properties editors draft, 12 Sept 2012

Last Call publication of XML Encryption 1.1 and XML Encryption 1.1, 18 October 2012

  • Functional Explanation of Changes in XML Encryption 1.1 published as WG NOTE
  • Functional Explanation of Changes in XML Signature 1.1 published as WG NOTE

Three week Last Call ending 8 November 2012 Completed.

"XML Signature 1.1 Interop Test Report" and "XML Encryption 1.1 Interop Test Report" published as W3C Notes 13 November 2012

XML Security 2.0

The focus of the XML Security 2.0 is to achieve performance improvements,,enable streaming processing, reduce the attack surface, and incorporate improvements from the 1.1 release.

The WG is attempting to do this with minimal impact on backward compatibility but may find it necessary to make breaking changes.

Changes may include changes to the transform and reference processing model, canonicalization and other aspects.

The following steps are planned for XML Security 2.0

The next steps for XML Security 2.0 are interop in order to exit CR.

Previously completed steps

FPWD publication: FPWD Published, 26 February 2009:

  • XML Signature Transform Simplification: Requirements and Design FPWD

31 July 2009 : Published

  • XML Signature Transform Simplification: Requirements and Design.

FPWD in October 2009  : Published

  • Canonical XML 2.0
  • XML Signature 2.0

Updated Publication in February 2010 : Published

  • XML Security Requirements 2.0
  • XML Signature Transform Simplification: Requirements and Design (to note that obsoleted by 2.0 Requirements and XML Signature 2.0)

Updated Publication in March 2010 : Published

  • Canonical XML 2.0
  • XML Signature 2.0

FPWD Summer 2010 : Published 31 August 2010

  • XML Signature Streaming Profile of XPath 1.0 (FPWD, per roadmap)
  • Canonical XML 2.0 (updated WD published in conjunction with FPWD of XML Signature Streaming Profile of XPath 1.0)
  • XML Signature 2.0 (updated WD published in conjunction with FPWD of XML Signature Streaming Profile of XPath 1.0)

Last Call, Fall 2010 (updated - plan for 1Q2011) Published 26 April 2011, Last Call ended 26 May 2011.

  • Canonical XML 2.0
  • XML Signature 2.0
  • XML Signature Streaming Profile of XPath 1.0

FPWD published 7 July 2011

  • XML Encryption 1.1 CipherReference Processing using 2.0 Transforms Specification

Last Call 5 January 2012, Last Call ended 16 February 2012

  • XML Encryption 1.1 CipherReference Processing using 2.0 Transforms Specification

CR, 4Q 2010/1Q 2011 (updated - plan for 1H 2011), Published, 24 January 2012

  • Canonical XML 2.0
  • XML Signature 2.0
  • XML Signature Streaming Profile of XPath 1.0

CR 13 March 2012

  • XML Encryption 1.1 CipherReference Processing using 2.0 Transforms Specification

Additional XML Security Deliverables

Please see the publications page for details on errata and other deliverables.