XML Security Working Group Charter

The mission of the XML Security Working Group, part of the Security Activity, is to consider comments on and perform necessary updates of the XML Security specifications.

Join the XML Security Working Group.

End date 31 December 2016
Confidentiality Proceedings are public
Initial Chairs Frederick Hirsch, Nokia
Initial Team Contacts
(FTE %: 1)
Wendy Seltzer
Usual Meeting Schedule Teleconferences: quarterly
Face-to-face: upon demand, typically at TPAC

Background and Scope

The existing suite of XML security specifications has become a fundamental technology in the XML and Web Service worlds. Under its previous charter, the XML Security Working Group made a number of adjustments to these specifications to accommodate additional cryptographic algorithms, and to address relevant security considerations.

Under this charter, the XML Security Working Group is tasked to do maintenance work on the existing suite of XML Security specifications.

The scope of maintenance work under this charter is limited to changes of classes 1, 2, and 3 as defined in the process document.

Any updates to Canonical XML Version 1.1 will be published as joint deliverables with the XML Core Working Group.

The Working Group MAY use the Proposed Edited Recommendation process to publish updated specifications, or MAY go through Working Draft stage if so desired.


The following table lists the recommendation track specifications that this Working Group is chartered to update and develop, and the classes of work expected for these specifications. The Working Group may only make changes of classes 1, 2 and 3 as defined in the process document.

The group needs to request a rechartering if it wishes to add new features to the specifications in question.

The Working Group may also produce additional deliverables as Notes.


This charter does not identify specific milestones, as work is expected to be done on an as-needed basis.

Dependencies and Liaisons

W3C Groups

XML Core Working Group

The XML Core Working Group is chartered to maintain and develop core XML specifications. The XML Security Working Group and the XML Core Working Group will publish any updates to the Canonical XML 1.1 specification as joint deliverables.

XML Coordination Group

The chair of this Working Group will be a member of the XML Coordination Group and will look for opportunities to liaise with other XML Working Groups in the development of the draft charter for future work.

Web Applications Working Group

The Web Applications Working Group used the XML Security specifications in its work on "Digital Signatures for Widgets". Coordination may be required for any maintenance updates if needed.

External Groups

Internet Engineering Task Force

The XML Signature 1.0 specification was produced in a joint effort between W3C and the IETF. It is expected that the XML Security Working Group will liaise closely with the IETF Security and Application Areas in developing its deliverables.


A number of OASIS Technical Committees in the security area are direct users of the core XML security specifications, and are possible sources of use cases and requirements for this work. The Working Group should solicit these Technical Committees to review its deliverables. Such Technical Committees include:

Other OASIS Technical Committees that make use of the XML security specifications include the Web Services Transaction (WS-TX) TC, the Election and Voter Services TC, the Universal Business Language (UBL) TC, and the LegalXML Electronic Court Filing TC.

ETSI Electronic Signatures and Infrastructures (ESI) Technical Committee

The ETSI Electronic Signatures and Infrastructures (ESI) Technical Committee is the lead body within ETSI in relation to the standardization activities dealing with Electronic Signatures and related Infrastructures within ETSI.


The IDPF ePub specifications make optional use of XML Signature.


This group primarily conducts its work on the public mailing list public-xmlsec@w3.org. The group will use the Member-only mailing list member-xmlsec@w3.org for communications with W3C member only Working Groups, for administrative purposes, and for other discussions that are exceptionally held in Member-only space.

Information about the group (deliverables, participants, face-to-face meetings, teleconferences, etc.) is available from the XML Security Working Group home page.

Patent Policy

This Working Group operates under the W3C Patent Policy (5 February 2004 Version). To promote the widest adoption of Web standards, W3C seeks to issue Recommendations that can be implemented, according to this policy, on a Royalty-Free basis.

For more information about disclosure obligations for this group, please see the W3C Patent Policy Implementation.

About this Charter

This charter for the XML Security Working Group has been created according to section 6.2 of the Process Document. In the event of a conflict between this document or the provisions of any charter and the W3C Process, the W3C Process shall take precedence.

Frederick Hirsch, Nokia
Thomas Roessler, W3C Security Activity Lead