[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: The XML Security Gap (was Re: XML Encryption Working Draft)
>>>>> "HL" == Hal Lockhart <hal.lockhart@entegrity.com> writes: HL> Considering that the current proposals do not even cover HL> signatures, which we surely want, [...] This brings up a good point: the current core architecture proposals have little or no mention of digital signatures. I've always thought of this as part of the definition of assertions and messages, but Phil remarked during the F2F that he considered it a bindings issue. It appears that XML signatures are falling into the gap between assertions and messages on one side, and bindings on the other. We can probably debate until the cows come home whether use of XML Security* is a "binding", part of "core", or something else entirely. How can we address this? I suggest that maybe we should commission YASC (Yet Another Sub-Committee) to defray the effort of doing this work. I think there -is- some work that needs to be done. ~ESP * I realize that this is a confusing term, but it seems to be the one used by the W3C for the aggregate of XML Signature and XML Encryption, so I'm borrowing it here. If it helps, I can send out a sed script that subs the string "XML Signature and XML Encryption" for "XML Security" to interested parties. -- Evan Prodromou, Senior Architect eprodromou@securant.com Securant Technologies, Inc. 415-856-9551
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC