[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [Fwd: New W3C XML Security Specifications]
FYI. This has a direct bearing on the Web Services Security (WSS) header that SKSML relies on in the SOAP object. It also has some bearing on the encrypted payload (symmetric key) sent by the SKS server to the requesting client (SKSML uses XML Encryption for the payload schema). The open-source implementation from StrongAuth uses XML Signature to digitally sign objects in the database (to protect their integrity from attacks in the database), but that doesn't have a direct bearing on ZKSML; this is just a vendor feature in the open-source implementation. By the time all this gets standardized in the W3C, is adopted by the WSS TC and there are implementations of SOAP using the new WSS/W3C standards, SKSML may be approaching version 3.0. Arshad -------- Original Message -------- Subject: New W3C XML Security Specifications Date: Fri, 27 Feb 2009 14:10:04 -0500 From: Sean Mullan <Sean.Mullan@Sun.COM> Reply-To: security-dev@xml.apache.org To: security-dev@xml.apache.org The W3C XML Security Working Group has just released 7 first public working drafts of new XML Signature and Encryption specifications. Please try to review them and send any comments you have to the XML Security working group. These drafts include revisions to XML Signature and Encryption to support new algorithms, a new document proposing simplifications to the XML Signature Transform model to enhance performance and security, and several other new specifications. Here is the announcement from the W3C Working Group chair: The W3C XML Security Working Group [1] has published [2] First Public Working Drafts related to XML Security and requests feedback on these documents. Comment may be sent to the list public-xmlsec-comments@w3.org . If possible please indicate the document in the subject line. (1) XML Signature Syntax and Processing Version 1.1 http://www.w3.org/TR/2009/WD-xmldsig-core1-20090226/ (2) XML Encryption Syntax and Processing Version 1.1 http://www.w3.org/TR/2009/WD-xmlenc-core1-20090226/ (3) XML Signature Transform Simplification: Requirements and Design http://www.w3.org/TR/2009/WD-xmldsig-simplify-20090226/ (4) XML Security Use Cases and Requirements http://www.w3.org/TR/2009/WD-xmlsec-reqs-20090226/ (5) XML Security Derived Keys http://www.w3.org/TR/2009/WD-xmlsec-derivedkeys-20090226/ (6) XML Signature Properties http://www.w3.org/TR/2009/WD-xmldsig-properties-20090226/ (7) XML Security Algorithm Cross-Reference http://www.w3.org/TR/2009/WD-xmlsec-algorithms-20090226/ The Working Group has also published an updated working draft of XML Signature Best Practices: (8) XML Signature Best Practices http://www.w3.org/TR/2009/WD-xmldsig-bestpractices-20090226/ The Working Group would appreciate review of these documents, with special attention to the algorithms listed in XML Signature 1.1 and XML Encryption 1.1, the proposed 2.0 changes in the Transform Simplification document and Use Cases and Requirements. Again, comment may be sent to the list public-xmlsec-comments@w3.org . Thank you regards, Frederick Frederick Hirsch, Nokia Chair XML Security WG [1] http://www.w3.org/2008/xmlsec/ [2] http://www.w3.org/News/2009#item25
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]