IETFW3C  "XML-DSig" Charter

Chair(s):
Donald Eastlake 3rd < dee3@torque.pothole.com>
Jospeh Reagle <reagle@w3.org>
IETF Security Area Director(s):
Jeff Schiller <jis@mit.edu>
Marcus Leech <mleech@nortel.ca>
IETF Security Area Advisor:
Jeff Schiller <jis@mit.edu>
W3C Technology&Society Domain Leader
Daniel Weitzner <djw@w3.org>
Mailing Lists:
General Discussion: w3c-ietf-xmldsig@w3.org
To Subscribe: w3c-ietf-xmldsig-request@w3.org
In Subject: (un)subscribe
Archive: http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig

Status: This is the joint W3C/IETF XML-DSig Charter being submitted for W3C AC review. The authors are Joseph Reagle and Don Eastlake. This version (19990521) is based on the (990510) version that has been reviewed by the W3C management and IESG.

Introduction

Digital signatures provide integrity, signature assurance and non-repudiatability over Web data. Such features are especially important for documents that represent commitments such as contracts, price lists, and manifests. In view of recent Web technology developments, future work will address the digital signing of XML -- and any of its applications such as RDF or P3P. This capability is critical for a variety of electronic commerce applications, including payment tools.

[This W3C charter is used to create a reformatted charter used for IETF process procedures.]

[This IETF charter is a reformatted version of the W3C charter. No terms are different.]


Table of Contents


Mission Statement

The mission of this working group is to develop an XML compliant syntax used for representing the signature of Web resources and portions of protocol messages (anything referencable by a URI) and procedures for computing and verifying such signatures. Such signatures will be able to provide data integrity, authentication, and/or non-repudiatability. The meaning of the signature is very simple:  The XML signature syntax associates the cryptographic signature value with Web resources   using XML markup. The meaning of the signature may be extensible by a set of semantics specified separately.


Joint W3C IETF Coordination

This effort is equally and strongly dependent on XML expertise and coordination, which is in the W3C, and Internet cryptographic expertise and coordination, which is in the Internet Engineering Task Force (IETF). Therefore, the working group will be a joint body operating simultaneously as an IETF WG and a W3C WG. Procedures may differ from the norm for either organization (IETF RFCs 2026 / 2418 & World Wide Web Consortium Process Document). Details are give in the sections below.


Scope

The core scope of this activity will be in specifying the necessary data model, syntax, and processing to bind a cryptographic signature to a resource in XML.

The working group will focus on:

  1. Creating a data model that permits XML-DSig to be an integral part of developing metadata and object model technologies.
  2. Creating a extensible canonicalization framework. In addition, specify application requirements over canonicalization. At least all XML-DSig applications must be able to sign the binary byte stream. The group may also require applications to support XML syntax or Unicode canonicalization if those mechanisms are widely understood and necessary. This group will coordinate its requirements with activities delivering XML, RDF, or DOM canonicalization mechanisms.
  3. Syntax and processing for XML signatures.
  4. Document the WG's position on signature semantics with a non-standard-track document. At the Chair's discretion the WG may develop a (small) set of signature semantics. Such a proposal would define common semantics relevant to signed assertions about Web resources and their relationships in a schema definition ( XML/RDF) or link type definition (XLink).
  5. Defining the charter for subsequent work once (1-4) has been achieved.

Requirements

The following requirements must be met by the WG:

  1. Defines a simple signature XML syntax that is highly extensible. We wish to create a simple digital signature syntax that can be used with other application semantics (through XML-namespaces) so as to create arbitrarily sophisticated assertion capabilities.
  2. Ensuring that applications can create and process composite/compound documents consisting of XML and non-XML data as well as for processing detached or external signature blocks and assertions.
  3. XML-DSig must be coordinated with and use the work product of other mature XML technologies. (See Coordination)
  4. XML-DSig syntax expresses data model semantics; we do not require applications to make inferences on that data model.
  5. The mandatory portions of the specification must be implemented in at least two independent implementations before being advanced to Proposed Recommendation.

Constraints

The working group will not address the following issues:

  1. Trust engines
  2. Public key infrastructure.
  3. Trust management systems.
  4. XML schemas for certificates.

Demonstration Applications

It is hoped that the following applications being developed by members of the WG will provide a useful test of the completeness:

  1. Internet Open Trading Protocol v2.0
  2. [some document / web-page application TBD]
  3. Financial Services Mark Up Language v2.0


Deliverables

This working group will deliver the following:


Duration and Milestones

This Working Group is scheduled for nine months. Currently, its expected lifetime is from June 1999 through January 2000. It is hoped Last Call candidates will be available by November 1999.

Once established, the Working Group can decide to parallelize more tasks by forming subgroups. The Working Group can also decide to reschedule tasks that do not have to meet deadlines imposed by other groups. However, the schedule must fit into the total timeframe given above.

Also, document dates may not be rescheduled without notifying the W3C Domain leaders, the W3C director, and the IETF Area Director. Note that delay of deliverables can be a reason for the Working Group to be terminated.


Confidentiality

This charter, the WG web page, and the mailing list and archives will be publicly accessible.


Coordination with Other Groups

A central characteristic of this activity is its dependencies on other XML working groups. The WG chair will likely be made a member of the W3C XML Coordination Group. During W3C Last Call, the Chair will procure reviews from the following W3C WGs before the specification will be advanced further:

  1. XML Syntax WG: Canonicalizing XML which involves finding a single or "canonical" version of every possible form of the same document (by reducing white space, mapping quote marks to a standard form, etc. etc.) with a view to using that standard form for the purpose of applying digital signature technology.
  2. XML Linking WG: The objective of the XML Linking Working Group is to design advanced, scalable, and maintainable hyperlinking and addressing functionality for XML
  3. XML Schema WG: The XML Schema Working Group is addressing means for defining the structure, content and semantics of XML documents.
  4. Metadata CG: The RDF Model and Syntax provides a uniform and interoperable means to exchange the metadata between programs and across the Web. Furthermore, RDF provides a means for publishing both a human-readable and a machine-understandable definition of the property set itself.

Since this Working Group will be public, its coordination with other W3C WGs must take this into account.


Communication Mechanisms

Working group members are expected to participate in an electronic mailing list, periodic teleconferences and face-to-face meetings. The sole WG consensus venue is the mailing list.

NOTE: The proceedings of this Working Group are public.

Group Home Page

In order to maintain shared context of the group and to provide access to the proceedings of the group, the Chair maintains a web page at http://w3.org/XML-DSig/ (tbd).

Active participants are expected to have ready access to this page and be familiar with its contents.

Mailing List

Participants must subscribe to and participate in the w3c-ietf-xmldsig@w3.org mailing list.

Teleconferences

There are expected to be teleconferences held every few weeks at a time set by the Chair. The exact frequency of calls will be determined by working group consensus.

The Chair is responsible for producing an agenda at least 24 hours in advance of each call, posting it along with the call details to the mailing list, and causing minutes of the call to be posted promptly after the call.

Face to Face Meetings

The working group will have a two day face to face meeting in September 1999 and meet at the July and November 1999 IETF meetings and may have additional physical meetings by consensus of the WG. Meeting notice, advance agenda, and posting of minutes shall follow W3C timing rules.

Communication with the Public

This working group is public.


W3C IETF Process Synchronization

WG documents will be dual published in both the W3C, via the web, and in the IETF as Internet-Drafts or RFCs. Differing delays in the processes may cause skew in the appearance of a document in the two locations.

When a document is subject to a Last Call in both organizations (W3C Team Last Call or AC Review in the W3C, Working Group or IETF Last Call in the IETF) comments received in both venues must be considered and responded to. In effect, this postpones the end of the Last Call that would have ended sooner until the end of the Last Call in the other organization.

The rough equivalence between document types in the W3C and IETF is as follows:

W3C IETF
Note Informational RFC
Working Draft Working Group Internet Draft
Working Group Informational RFC
Proposed Recommendation Proposed Standard RFC
Recommendation Draft Standard RFC
Full Standard RFC

If a document is substantively changed such that it recycles to a lower status in either venue, the corresponding document classification in the other venue should also change.

IETF Last Calls for joint working group documents which are on the IETF standards track will be 4 weeks per the Variance section of RFC 2026.


Decision Procedures and Appeals

The working group itself will operate by consensus as provided in the IETF rules.

Appeals from decisions by the working group chair may be taken using either the W3C or the IETF appeals mechanisms. It is expected that these mechanisms will coordinate and differences are not anticipated. Nevertheless, if and when the appeal mechanisms of the W3C and IETF come to irreconcilable decisions, the group will thereby cease to be a working group of either the W3C or the IETF and may not take further official action under the procedures of either organization without explicit rechartering.

Should either the W3C or the IETF unilaterally terminate the Working Group status so far as that organization is concerned, the WG will continue to be a working group of the other organization.


IPR Disclosure

Working group members must disclose intellectual properties "that are reasonably and personally known" to be relevant to this WG in accordance with IETF (RFC2028) and W3C procedure; including notice and disclosure of such information to the WG, <patent-issues@w3.org> and the IETF Executive Director.


Participants

Participation in the working group is open. Participation is expected to take a minimum of 15% of the participants time. The XML-DSig WG will be co-chaired by Donald Eastlake 3rd of W3C Member IBM and Joseph Reagle of the W3C Team. Co-chair duties are expected to take 20% of each of their time.

W3C Team

The XML-DSig Staff Contact will be Joseph Reagle and his staff contact duties are expected to take 40% of his time. The staff contact is partly responsible for coordinating dependencies and requirements from the W3C Director and other activities. Further details on the Staff Contact and Chair roles can be found the W3C Guidebook for Working Group Chairs.