[Standards] [Fwd: fyi: Report on Workshop on Next Steps for XML Signature and XML Encryption]

Peter Saint-Andre stpeter at stpeter.im
Thu Nov 1 22:52:49 UTC 2007


-------- Original Message --------
Subject: fyi: Report on Workshop on Next Steps for XML Signature and
XML 	 Encryption
To: cryptography at metzdowd.com
From: ' =JeffH ' <Jeff.Hodges>

of possible interest to some...

Scott Cantor and I represented the perspective of "xmldsig is
broken/mess/complex from some non-trivial number of implementors'
we spec'd 'just sign the blob' in a SAML binding spec recently because of
this, perhaps if xmldsig is rev'd these sorts of concerns/approaches
should be
taken into account, to promote interoperability", and didn't get ignored,
interestingly enough. Also, a few other participants explicitly
mentioned the
"streaming" use case, which is a key concern in Peter Gutmann's xmldsig
critique: <http://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt>.

As the report described below indicates, there's an effort emerging to
a W3C working group to rev the xmldsig spec, which might be of interest to
various folk.


-------- Original Message --------
Subject: Report on Workshop on Next Steps for XML Signature and XML
Date: Tue, 23 Oct 2007 19:40:41 +0200
From: Thomas Roessler <tlr at w3.org>
To: public-xmlsec-discuss at w3.org

On 25 and 26 September 2007, W3C held a Workshop on Next Steps for
XML Signature and XML Encryption [1] in Mountain View, CA, USA,
hosted by VeriSign. The group has published its summary report [2].

The Workshop report indicates strong interest in additional work on
XML security and interest in a Working Group. Attendees identified
the areas of highest interest:

   - Create a basic profile of XML Signature
   - Review and possibly update the referencing
     model using xml:id and other mechanisms
   - Update cryptographic algorithms
   - Revisit XML canonicalization
   - Update the transform model.

Areas of ongoing and medium interest that were identified are scalable
profiling, implementation guidance, key management issues, XKMS, XML
1.1, EXI,
and interaction with other security organizations.

The Workshop report will serve as input for the deliverable of the XML
Security Specification Maintenance Working Group to propose a draft charter
for possible follow-up work.

To enable discussion among Workshop attendees, Working Group
participants, and the broader community, this mailing list,
public-xmlsec-discuss at w3.org (public archive [3]), has been created.

Participation in the mailing list is open to all interested parties.

Current list subscribers include the members of the XML Security
Specifications Maintenance Working Group, and workshop participants.
If you want to be removed from the list, please let me know.

[1] http://www.w3.org/2007/xmlsec/ws/cfp
[2] http://www.w3.org/2007/xmlsec/ws/report
[3] http://lists.w3.org/Archives/Public/public-xmlsec-discuss/2007Oct/

Thomas Roessler, W3C  <tlr at w3.org>

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20071101/a5bf9bc3/attachment.bin>

More information about the Standards mailing list