XML Security Working Group
- On this page:
- Mission | News | Current Drafts |
Meetings |
Code & Toolkits |
The Chairs |
Background Reading
- Nearby:
- Charter |
Roadmap |
Publication Status |
Approved meeting minutes |
Implementations |
Interop
|
Participants |
Patent Policy
Status | Security Activity
Statement | WG Members
Page |
Papers
- Historic Working Group Pages:
- XML
Signature
- XML
Encryption
- XML Security
Maintenance WG
- Chair(s):
- Frederick Hirsch <frederick.hirsch@nokia.com>
- Mailing Lists
- General, Technical and Public Discussions: public-xmlsec@w3.org
- Administrative issue Discussions: member-xmlsec@w3.org
- Public Comment List: public-xmlsec-comments@w3.org;
Archives
- Public General Discussion List: public-xmlsec-discuss@w3.org;
Archives
- W3C IETF XML Signature Discussion List: w3c-ietf-xmlsig@w3.org;
Archives
- Join the Working Group: Apply here!
- Public Archive: http://lists.w3.org/Archives/Public/public-xmlsec/
- Member Archive: http://lists.w3.org/Archives/Member/member-xmlsec/
- Historical XML Sec Maintenance WG Archive: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/
Mission
The Group is part of the Security Activity. It takes up
prior W3C Work on XML
Signature and XML Encryption, as well
as work from the XML
Security Specifications Maintenance Working
Group, that produced XML Signature, Second Edition.
News
2012-01-05:
The XML Security Working Group has published a new Last Call
Working Draft of "XML Encryption 1.1" to
solicit review of changes since the previous CR publication. These
changes:
- make
the AES-128-GCM algorithm mandatory to implement, to address newly publicized chosen-ciphertext attacks against the CBC
class of algorithms,
- add new security considerations related to chosen-ciphertext attacks, timing attacks,
CBC block encryption vulnerabilities, and the insecure use of error
messages,
- add a new algorithm for the RSA-OAEP key transport
that does not require SHA-1 with the mask generation function,
enabling use of various hash MGF combinations, and
- include various editorial corrections.
The XML Security WG is also soliciting review of the Last Call working draft of
"XML Encryption 1.1 CipherReference Processing using 2.0 Transforms".
This specification brings the simplification benefits
of the ongoing XML Security 2.0 effort to XML Encryption CipherReference transform processing.
Feedback on both of these Last Call drafts is requested by 16 February 2012.
An update to the Note-track "XML Security Algorithm Cross-Reference"
Working Draft reflects new algorithm definitions in XML Encryption 1.1.
The XML Security working group has also published First Public Working Drafts
of "Test Cases for XML Encryption 1.1" and
"Test Cases for Canonical XML 2.0" and encourages
community participation in developing further tests and performing testing.
2011-08-30:
Updated working draft of "XML Security RELAX NG Schemas" published.
This version of this specification is significantly different from the
previous version.
- The prose has been completely rewritten. In particular, Taxonomy
of schemas, Schema authoring techniques, and Schema indexes have
been introduced.
- xmldsig-filter2.rnc for XML-Signature XPath Filter 2.0 has been added.
- xmldsig11-schema.rnc has been modified by adding X509Digest and invoking xmldsig-filter2.rnc.
- Small bugs in xenc-schema-11.rnc and xmlsec-ghc-schema.rnc have been fixed.
- any.rnc has been renamed as security_any.rnc
- exclusiveC14N.rnc has been renamed as exc-c14n.rnc
- Driver schemas have been thoroughly renamed.
For earlier news, visit the Previous News
page.
Current Drafts
Current drafts are available from the
Publication Status page. Please send comments related to
these documents to
public-xmlsec-comments@w3.org.
There is a public
archive of comments received.
See also the
list of the XML Security published Technical Reports.
Meetings
Optional teleconferences happen as required. See the WG
Members Page
for upcoming meeting information.
Minutes are posted
to the list; WG members are obligated to review, correct, or
counter any proposals or consensus achieved on the call on the
list. Minutes approved by the WG are publicly archived.
Test Suites, Public Code and Toolkits
If you would like to appear in this list, send an
announcement to the XML
Security public mailing list.
Background Reading
Chair: Frederick
Hirsch
Team Contact and Security Activity Lead: Thomas Roessler
$Id: Overview.html,v 1.114 2012/01/06 14:44:10 fhirsch3 Exp $
Copyright
2007-2008 W3C (MIT,
ERCIM,
Keio), All Rights Reserved.
W3C liability,
trademark,
document
use and software
licensing rules apply. Your interactions with this site are
in accordance with our public
and Member
privacy statements.