of possible interest to some... Scott Cantor and I represented the perspective of "xmldsig is broken/mess/complex from some non-trivial number of implementors' perspective, we spec'd 'just sign the blob' in a SAML binding spec recently because of this, perhaps if xmldsig is rev'd these sorts of concerns/approaches should be taken into account, to promote interoperability", and didn't get ignored, interestingly enough. Also, a few other participants explicitly mentioned the "streaming" use case, which is a key concern in Peter Gutmann's xmldsig critique: <http://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt>.
As the report described below indicates, there's an effort emerging to charter a W3C working group to rev the xmldsig spec, which might be of interest to various folk. =JeffH -------- Original Message -------- Subject: Report on Workshop on Next Steps for XML Signature and XML Encryption Date: Tue, 23 Oct 2007 19:40:41 +0200 From: Thomas Roessler <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] On 25 and 26 September 2007, W3C held a Workshop on Next Steps for XML Signature and XML Encryption [1] in Mountain View, CA, USA, hosted by VeriSign. The group has published its summary report [2]. The Workshop report indicates strong interest in additional work on XML security and interest in a Working Group. Attendees identified the areas of highest interest: - Create a basic profile of XML Signature - Review and possibly update the referencing model using xml:id and other mechanisms - Update cryptographic algorithms - Revisit XML canonicalization - Update the transform model. Areas of ongoing and medium interest that were identified are scalable profiling, implementation guidance, key management issues, XKMS, XML 1.1, EXI, and interaction with other security organizations. The Workshop report will serve as input for the deliverable of the XML Security Specification Maintenance Working Group to propose a draft charter for possible follow-up work. To enable discussion among Workshop attendees, Working Group participants, and the broader community, this mailing list, [EMAIL PROTECTED] (public archive [3]), has been created. Participation in the mailing list is open to all interested parties. Current list subscribers include the members of the XML Security Specifications Maintenance Working Group, and workshop participants. If you want to be removed from the list, please let me know. [1] http://www.w3.org/2007/xmlsec/ws/cfp [2] http://www.w3.org/2007/xmlsec/ws/report [3] http://lists.w3.org/Archives/Public/public-xmlsec-discuss/2007Oct/ -- Thomas Roessler, W3C <[EMAIL PROTECTED]> --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]