XML Security Working Group

On this page:

Mission | News | Current Drafts | Meetings | Code & Toolkits | The Chairs | Background Reading

Nearby:

Charter | Roadmap | Publication Status | Approved meeting minutes | Implementations | Interop | Participants | Patent Policy Status | Security Activity Statement | WG Members Page | Papers

Historic Working Group Pages:

XML Signature

XML Encryption

XML Security Maintenance WG

Chair(s):

Frederick Hirsch <frederick.hirsch@nokia.com>

Mailing Lists

General, Technical and Public Discussions: public-xmlsec@w3.org

Administrative issue Discussions: member-xmlsec@w3.org

Public Comment List: public-xmlsec-comments@w3.org; Archives

Public General Discussion List: public-xmlsec-discuss@w3.org; Archives

W3C IETF XML Signature Discussion List: w3c-ietf-xmlsig@w3.org; Archives

Join the Working Group: Apply here!

Public Archive: http://lists.w3.org/Archives/Public/public-xmlsec/

Member Archive: http://lists.w3.org/Archives/Member/member-xmlsec/

Historical XML Sec Maintenance WG Archive: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/

Mission

The Group is part of the Security Activity. It takes up prior W3C Work on XML Signature and XML Encryption, as well as work from the XML Security Specifications Maintenance Working Group, that produced XML Signature, Second Edition.

News

2012-01-05: The XML Security Working Group has published a new Last Call Working Draft of "XML Encryption 1.1" to solicit review of changes since the previous CR publication. These changes:

1. make the AES-128-GCM algorithm mandatory to implement, to address newly publicized chosen-ciphertext attacks against the CBC class of algorithms,
2. add new security considerations related to chosen-ciphertext attacks, timing attacks, CBC block encryption vulnerabilities, and the insecure use of error messages,
3. add a new algorithm for the RSA-OAEP key transport that does not require SHA-1 with the mask generation function, enabling use of various hash MGF combinations, and
4. include various editorial corrections.

The XML Security WG is also soliciting review of the Last Call working draft of "XML Encryption 1.1 CipherReference Processing using 2.0 Transforms". This specification brings the simplification benefits of the ongoing XML Security 2.0 effort to XML Encryption CipherReference transform processing. Feedback on both of these Last Call drafts is requested by 16 February 2012.

An update to the Note-track "XML Security Algorithm Cross-Reference" Working Draft reflects new algorithm definitions in XML Encryption 1.1.

The XML Security working group has also published First Public Working Drafts of "Test Cases for XML Encryption 1.1" and "Test Cases for Canonical XML 2.0" and encourages community participation in developing further tests and performing testing.

2011-08-30: Updated working draft of "XML Security RELAX NG Schemas" published. This version of this specification is significantly different from the previous version.

• The prose has been completely rewritten. In particular, Taxonomy of schemas, Schema authoring techniques, and Schema indexes have been introduced.
• xmldsig-filter2.rnc for XML-Signature XPath Filter 2.0 has been added.
• xmldsig11-schema.rnc has been modified by adding X509Digest and invoking xmldsig-filter2.rnc.
• Small bugs in xenc-schema-11.rnc and xmlsec-ghc-schema.rnc have been fixed.
• any.rnc has been renamed as security_any.rnc
• exclusiveC14N.rnc has been renamed as exc-c14n.rnc
• Driver schemas have been thoroughly renamed.

For earlier news, visit the Previous News page.

Copyright 2007-2008 W3C (MIT, ERCIM, Keio), All Rights Reserved. W3C liability, trademark, document use and software licensing rules apply. Your interactions with this site are in accordance with our public and Member privacy statements.