Does anyone have any views on this document and thoughts about how we might use it to support EML? From: stds-1622@ieee.org [mailto:stds-1622@ieee.org] On Behalf Of Wack, John Sent: 20 July 2011 21:31 To: David RR Webber (XML) Cc: stds-1622@LISTSERV.IEEE.ORG Subject: RE: XML digital signatures et al Here is a link to an informative document about best practices for XML signatures - looks like it could be useful in formulating some guidance for OASIS:
From: David RR Webber (XML) [david@drrw.info] Sent: Friday, July 15, 2011 2:48 PM To: Wack, John Cc: stds-1622@LISTSERV.IEEE.ORG Subject: RE: XML digital signatures et al This document looks most helpful - and could be adapted to form the basis for guidelines on DSig use for CDF. The interesting thing next would be to understand impact assessment in terms of how readily these requirements could be met in fielded solutions going forward? -------- Original Message -------- Subject: XML digital signatures et al From: "Wack, John" <john.wack@NIST.GOV> Date: Fri, July 15, 2011 2:33 pm To: "stds-1622@LISTSERV.IEEE.ORG" <stds-1622@LISTSERV.IEEE.ORG> I want to call your attention to a draft document put out by a colleague in the computer security division that is very much of interest to us – it deals directly with the security of XML files. I am excerpting the announcement of the document below and attaching it to this email. We could discuss aspects of this document on the next call as desired. Have a good weekend, John Draft NIST Interagency Report (IR) 7802, Trust Model for Security Automation Data (TMSAD) Version 1.0 is available for public comment July 13, 2011 NIST announces the public comment release of draft Interagency Report (IR) 7802, Trust Model for Security Automation Data (TMSAD) Version 1.0. This report defines the initial specification for version 1.0 of the Trust Model for Security Automation Data (TMSAD), which is designed to permit organizations to establish integrity, authentication, and traceability for security automation data. The trust model focuses on using digital signatures with Extensible Markup Language (XML) based security automation source and result documents. TMSAD supports the Security Content Automation Protocol (SCAP) version 1.2. NIST requests comments on draft IR 7802 by August 1, 2011. Please submit comments to ir7802comments@nist.gov with "Comments IR 7802" in the subject line. NOTE: I use voice recognition for composing email, which sometimes produces wrong words that I don't catch.
|