W3C  XML Signature Charter

Chair(s):
Donald Eastlake 3rd < dee3@torque.pothole.com>
Joseph Reagle <reagle@w3.org>
W3C Technology&Society Domain Leader
Daniel Weitzner <djw@w3.org>
Mailing Lists:
General Discussion: w3c-ietf-xmldsig@w3.org
To Subscribe: w3c-ietf-xmldsig-request@w3.org
In Subject: (un)subscribe
Archive: http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig

Status: This document  (20020607) is the W3C XML Signature Working Group (WG) Charter and is an updated version of the (20011017) version that governed until March 2002.

The Working Group has completed advancement of the XML Signature , Canonicalization, and Exclusive Canonicalization Recommendations. There is a new version of the XPath filter being developed as a separate specification. Consequently, this update to the charter:

  1. ends the formal joint relationship and charter with the IETF since the deliverables specified under that charter have been completed. Subsequent specifications may also be published as Informational RFCs and any new IPR disclosures will continue be brought to the attention of the IETF.
  2. adds an XPath Fitler2 transform deliverable. Like the Exclusive Canonicalization specification, operational experience has demonstrated that one can improve upon the transform as specified in the XML Signature Recommendation.
  3. updates the Duration and Milestones of the Working Group and extends the charter until December 2002.
  4. decreases the W3C Team Contact commitment in recognition of other commitments and the completion of deliverables.

Introduction

Digital signatures provide integrity, signature assurance and non-repudiatability over Web data. Such features are especially important for documents that represent commitments such as contracts, price lists, and manifests. In view of recent Web technology developments, the proposed work will address the digital signing of documents (any Web resource addressable by a URI) using XML syntax. This capability is critical for a variety of electronic commerce applications, including payment tools.


Table of Contents


Mission Statement

The mission of this working group is to develop a XML compliant syntax for representing signatures over Web resources and portions of protocol messages (anything that can be referenced by a URI) and procedures for computing and verifying such signatures. Such signatures will be able to provide data integrity, authentication, and/or non-repudiatability. The meaning of the signature is very simple:  The XML signature syntax associates the cryptographic signature value with Web resources using XML markup. The meaning of the signature may be extensible by a set of semantics specified separately.

Scope

The core scope of this activity will be in specifying the necessary data model, syntax, and processing to bind a cryptographic signature to a resource in XML.

The working group will focus on:

  1. Creating a data model that permits XML-DSig to be an integral part of developing metadata and object model technologies.
  2. Creating an extensible canonicalization framework. In addition, specify application requirements over canonicalization. All XML-DSig applications must be able to sign -- at least -- the binary byte stream. The group may also require applications to support XML syntax or Unicode canonicalization if those mechanisms are widely understood and necessary. This group will coordinate its requirements with activities delivering XML, RDF, or DOM canonicalization mechanisms.
  3. Syntax and processing for XML signatures.
  4. Document the WG's position on signature semantics. At the Chair's discretion the WG may develop a (small) set of signature semantics. Such a proposal would define common semantics relevant to signed assertions about Web resources and their relationships in a schema definition ( XML/RDF) or link type definition (XLink).
  5. Defining the charter for subsequent work once (1-4) has been achieved.

Requirements

The following requirements must be met by the WG:

  1. Defines a simple signature XML syntax that is highly extensible. We wish to create a simple digital signature syntax that can be used with other application semantics (through XML-namespaces) so as to create arbitrarily sophisticated assertion capabilities.
  2. Ensuring that applications can create and process composite/compound documents consisting of XML and non-XML data as well as for processing detached or external signature blocks and assertions.
  3. XML-DSig must be coordinated with and use the work product of other mature XML technologies. (See Coordination)
  4. XML-DSig syntax expresses data model semantics; we do not require applications to make inferences on that data model.
  5. The mandatory portions of the specification must be implemented in at least two independent implementations before being advanced to Proposed Recommendation.

Constraints

The working group will not address the following issues:

  1. Trust engines
  2. Public key infrastructure.
  3. Trust management systems.
  4. XML schemas for certificates.

Demonstration Applications

The specifications have many implementations and users.


Deliverables

Please see the Working Group Overview for completed deliverables. All of the following deliverables can be published as IETF Informational RFCs at individuals' discretion.

This working group will deliver the following:


Duration and Milestones

The following dates have been updated in June 2002 and extends the life of the WG (for 8 months) until December 2002.

The Working Group can decide to parallelize more tasks by forming subgroups. The Working Group can also decide to reschedule tasks that do not have to meet deadlines imposed by other groups. However, the schedule must fit into the total timeframe given above.

Note that delay of deliverables can be a reason for the Working Group to be terminated.

Confidentiality

This charter, the WG web page, and the mailing list and archives will be publicly accessible.

Coordination with Other Groups

The Working Group should ensure its final deliverable is known to and reviewed by users of the present specifications.

Communication Mechanisms

Working group members are expected to participate in an electronic mailing list, periodic teleconferences and face-to-face meetings. The sole WG consensus venue is the mailing list.

NOTE: The proceedings of this Working Group are public.

Group Home Page

In order to maintain shared context of the group and to provide access to the proceedings of the group, the Chair maintains a web page at http://www.w3.org/Signature/.

Active participants are expected to have ready access to this page and be familiar with its contents.

Mailing List

Participants must subscribe to and participate in the w3c-ietf-xmldsig@w3.org mailing list.  The archive is  http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig .

Teleconferences

There are expected to be teleconferences held every few weeks at a time set by the Chair. The exact frequency of calls will be determined by working group consensus.

The Chair is responsible for producing an agenda at least 24 hours in advance of each call, posting it along with the call details to the mailing list, and causing minutes of the call to be posted promptly after the call.

Face to Face Meetings

No further face to face meetings are expected.

Meeting notice, advance agenda, and posting of minutes shall follow W3C timing rules.

Communication with the Public

This working group is public.

Patent Disclosures

Working group members must disclose intellectual properties "that are reasonably and personally known" to be relevant to this WG in accordance with IETF (RFC2026) and W3C procedure; including notice and disclosure of such information to the WG, <patent-issues@w3.org> and the IETF Executive Director.

Participants

Participation in the working group is open. Participation is expected to take a minimum of 15% of the participants time. The XML-DSig WG will be co-chaired by Donald Eastlake III (IBM) and Joseph Reagle (W3C). Each co-chair is expected to devote 20% of his time to this activity.

W3C Team

The XML-DSig Staff Contact will be Joseph Reagle and his staff contact duties are expected to take 15% of his time. The staff contact is partly responsible for coordinating dependencies and requirements from the W3C Director and other activities. Further details on the Staff Contact and Chair roles can be found the W3C Guidebook for Working Group Chairs.