Possible Future XML Security Specifications Work
Name of WG
XML Security Working Group
Background Material
Workshop Report W3C Workshop on Next Steps for XML Signature and XML Encryption
XML Signature Syntax and Processing: Versions, Namespaces, and Identifiers
Scope
Requirements Phase
- Review use cases and requirements for design and application of canonicalization algorithms.
- Review use cases and requirements for an updated version of XML Signature Syntax and Processing. This work should particularly consider experience gathered with the XML Signature transform and reference processing models.
- Review requirements related to updates to the XML environment, including XML 1.1 and Efficient XML Interchange.
In considering these use cases and requirements, the Working Group's attention is in particular alled to algorithmic performance and efficiency.
Canonicalization
Specify one or more canonicalization algorithms to address the requirements agreed. At least one such algorithm should be suitable to replace Canonical XML 1.1 as a mandatory to implement canonicalization method.
Further development of XML Signature
Develop an update to the XML Signature Syntax and Processing Recommendation:
- Resolve and clarify known issues and errata with the existing specification.
- Review and update the set of supported cryptographic algorithms.
- define identifiers and mark-up for keying and other parameters for additional algorithms as needed
- contribute to an update of RFC 4051, Additional XML Security Uniform Resource Identifiers (URIs)
- review and update set of mandatory to implement cryptographic algorithms, in particular to address recent advances in the cryptographic research community's understanding of hash algorithms' properties
- Satisfy the Working Group's agreed requirements.
The result of this development can take the form of profile(s) or a revised specification. The Working Group is asked to consider the benefits of compatibility with the existing specification environment.
The Working Group MUST follow the versioning policy for the namespace currently used by XML Signature Syntax and Processing.
Further development of XML Encryption
Develop an update to the XML Encryption specification to ensure consistency with possible changes to the XML Signature specification, and to accommodate additional cryptographic algorithms as determined necessary.
Maintenance Work
- Consider comments and updates on the following specifications:
- xmldsig-core 2nd Edition
- XPath Filter 2
- C14N 1.0
- C14N 1.1
- Exclusive Canonicalization
- XML Encryption
- Decryption Transform for XML Encryption
The Working Group may only make changes of classes 1, 2, and 3 as outlined in section 7.6.2 of the Process document.
Duration
Charter for 24 months.
Deliverables
The Working Group should produce:
- Requirements Note
- One or more Recommendation Track documents that specify new canonicalization algorithms
- One or more Recommendation Track documents that specify an update to the XML Signature Syntax and Processing recommendation
- Updated Recommendations for any of the documents listed under Maintenance Work
The Working Group can decide how to structure its deliverables and may consider re-organizing XML Signature from earlier versions.
Confidentiality
Information about the XML Security Specifications Maintenance Working Group is available from the Working Group Home Page. This group primarily conducts its work on the public mailing list public-xmlsec-maintwg@w3.org (archive). The group will use the Member-only mailing list member-xmlsec-maintwg@w3.org (archive) for communications with W3C Member-only groups and for administrative purposes.