The W3C XML Security working group has published Proposed Recommendation (PR) drafts of XML Encryption 1.1, XML Signature 1.1 and XML Signature Properties as well as new and updated W3C Working Group Notes.
[[ >From the W3C News, http://www.w3.org/News/2013#entry-9692 : [A] Call for Review: XML Signature 1.1, XML Encryption 1.1, XML Signature Properties Proposed Recommendations Published (1) XML Signature Syntax and Processing Version 1.1 ; http://www.w3.org/TR/2013/PR-xmldsig-core1-20130124/ This document specifies XML digital signature processing rules and syntax. XML Signatures provide integrity, message authentication, and/or signer authentication services for data of any type, whether located within the XML that includes the signature or elsewhere. Comments are welcome through 25 February. (2) XML Encryption Syntax and Processing Version 1.1 ; http://www.w3.org/TR/2013/PR-xmlenc-core1-20130124/ This document specifies a process for encrypting data and representing the result in XML. The data may be in a variety of formats, including octet streams and other unstructured data, or structured data formats such as XML documents, an XML element, or XML element content. The result of encrypting data is an XML Encryption element that contains or references the cipher data. Comments are welcome through 25 February. (3) XML Signature Properties ; http://www.w3.org/TR/2013/PR-xmldsig-properties-20130124/ This document outlines proposed standard XML Signature Properties syntax and processing rules and an associated namespace for these properties. The intent is these can be composed with any version of XML Signature using the XML SignatureProperties element. These properties are intended to meet code signing requirements. Comments are welcome through 25 February. [B] The group also published six Working Group Notes: (1) Functional Explanation of Changes in XML Encryption 1.1 ; http://www.w3.org/TR/2013/NOTE-xmlenc-core1-explain-20130124/ provides a summary of non-editorial changes in XML Encryption 1.1 from the XML Encryption Recommendation. (2) XML Security 1.1 Requirements and Design Considerations ; http://www.w3.org/TR/2013/NOTE-xmlsec-reqs-20130124/ summarizes scenarios, design decisions, and requirements for the XML Signature and Canonical XML specifications, to guide ongoing W3C work to revise these specifications. (3) XML Security Algorithm Cross-Reference ; http://www.w3.org/TR/2013/NOTE-xmlsec-algorithms-20130124/ summarizes XML Security algorithm URI identifiers and the specifications associated with them (4) XML Security Generic Hybrid Ciphers ; http://www.w3.org/TR/2013/NOTE-xmlsec-generic-hybrid-20130124/ specifies an XML syntax and processing rules for generic hybrid ciphers and key encapsulation mechanisms and reserves identifiers for algorithms. (5) XML Security RELAX NG Schemas ; http://www.w3.org/TR/2013/NOTE-xmlsec-rngschema-20130124/ provides non-normative RELAX NG schemas in the compact syntax as well as the XML syntax. (6) XML Signature Best Practices ; http://www.w3.org/TR/2013/NOTE-xmldsig-bestpractices-20130124/ collects best practices for implementers and users of the XML Signature specification, some of which to improve security and mitigate attacks. ]] regards, Frederick Frederick Hirsch, Nokia Chair XML Security WG _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
