I expect Web services will require security fundamentals such as signature 
and encryption mechanisms. I also expect they will develop or use higher 
level security applications such as authentication, authorization, and trust 
services predicated on the fundamentals.

I have been actively involved (in a Chairing and Authorship capacity) in the 
XML Signature [1] and XML Encryption [2] activities. I would be happy to 
report on or discuss these technologies in the context of Web services; and 
I would like to understand the security requirements of Web services on the 
encryption and signature specifications, as well as early work on 
authentication, authorization, and trust services.

[1] http://www.w3.org/Signature/Overview.html
The mission of this working group is to develop an XML compliant syntax used 
for representing the signature of Web resources and portions of protocol 
messages (anything referencable by a URI) and procedures for computing and 
verifying such signatures.

[2] http://www.w3.org/Encryption/2001/Overview.html
The mission of this Working Group (WG) is to develop a process for 
encrypting/decrypting digital content (including XML documents and portions 
thereof) and an XML syntax used to represent the (1) encrypted content and 
(2) information that enables an intended recipient to decrypt it.. Please 
see the Charter for further information on the constitution of this WG. This 
WG does not address broader XML security issues including XML Signature, 
authentication, and authorization.


__
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Work:   + 1.617.258.7621
Fax:    + 1.617.258.5999 (W3C)
E-Mail: mailto:reagle@w3.org

Massachusetts Institute of Technology
Laboratory for Computer Science
W3C, NE43-350
200 Technology Square
Cambridge, MA 02139