[106303] in cryptography@c2.net mail archive
fyi: Report on Workshop on Next Steps for XML Signature and XML
daemon@ATHENA.MIT.EDU (' =JeffH ')
Thu Oct 25 12:48:51 2007
To: cryptography@metzdowd.com
From: ' =JeffH ' <Jeff.Hodges@KingsMountain.com>
Date: Wed, 24 Oct 2007 18:38:53 -0700
of possible interest to some...
Scott Cantor and I represented the perspective of "xmldsig is
broken/mess/complex from some non-trivial number of implementors' perspective,
we spec'd 'just sign the blob' in a SAML binding spec recently because of
this, perhaps if xmldsig is rev'd these sorts of concerns/approaches should be
taken into account, to promote interoperability", and didn't get ignored,
interestingly enough. Also, a few other participants explicitly mentioned the
"streaming" use case, which is a key concern in Peter Gutmann's xmldsig
critique: <http://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt>.
As the report described below indicates, there's an effort emerging to charter
a W3C working group to rev the xmldsig spec, which might be of interest to
various folk.
=JeffH
-------- Original Message --------
Subject: Report on Workshop on Next Steps for XML Signature and XML Encryption
Date: Tue, 23 Oct 2007 19:40:41 +0200
From: Thomas Roessler <tlr@w3.org>
To: public-xmlsec-discuss@w3.org
On 25 and 26 September 2007, W3C held a Workshop on Next Steps for
XML Signature and XML Encryption [1] in Mountain View, CA, USA,
hosted by VeriSign. The group has published its summary report [2].
The Workshop report indicates strong interest in additional work on
XML security and interest in a Working Group. Attendees identified
the areas of highest interest:
- Create a basic profile of XML Signature
- Review and possibly update the referencing
model using xml:id and other mechanisms
- Update cryptographic algorithms
- Revisit XML canonicalization
- Update the transform model.
Areas of ongoing and medium interest that were identified are scalable
profiling, implementation guidance, key management issues, XKMS, XML 1.1, EXI,
and interaction with other security organizations.
The Workshop report will serve as input for the deliverable of the XML
Security Specification Maintenance Working Group to propose a draft charter
for possible follow-up work.
To enable discussion among Workshop attendees, Working Group
participants, and the broader community, this mailing list,
public-xmlsec-discuss@w3.org (public archive [3]), has been created.
Participation in the mailing list is open to all interested parties.
Current list subscribers include the members of the XML Security
Specifications Maintenance Working Group, and workshop participants.
If you want to be removed from the list, please let me know.
[1] http://www.w3.org/2007/xmlsec/ws/cfp
[2] http://www.w3.org/2007/xmlsec/ws/report
[3] http://lists.w3.org/Archives/Public/public-xmlsec-discuss/2007Oct/
--
Thomas Roessler, W3C <tlr@w3.org>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
