[widgets] XML Digital Signatures for Widgets REC Delayed until at least January 2013 from Arthur Barstow on 2012-10-20 (public-webapps@w3.org from October to December 2012)

From: Arthur Barstow <art.barstow@nokia.com>
Date: Sat, 20 Oct 2012 07:41:24 -0400
To: public-webapps <public-webapps@w3.org>
Message-ID: <50828DE4.6030504@nokia.com>
Hi All- a couple of FYIs re the "XML Digital Signatures for Widgets" 
Proposed Recommendation [widgets-digsig]...

* You may recall widgets-digsig has a normative dependency on "XML 
Signature Syntax and Processing Version 1.1" [xmldigsig-core1] andthe 
"Elliptic Curve PAG" was created because of RIM's patent disclosure 
against xmldigsig-core1. This PAG is now closed and its report is 
availableat [Report].

* For various reason (see below for details), xmldigsig-core1has moved 
from CR back to LCWD. Consequently, the earliest a widgets-digsig REC 
can be published is January 2013(the delay caused by both the LC's new 
Call for Exclusions period plus the end of the year publishing blackout).

-AB

[widgets-digsig] <http://www.w3.org/TR/2011/PR-widgets-digsig-20110811/>
[xmldigsig-core1] <http://www.w3.org/TR/xmldsig-core1/>
[Report] <http://www.w3.org/2011/xmlsec-pag/pagreport.html>

-------- Original Message --------
Subject: 	Last Call working drafts of XML Signature 1.1 and XML 
Encryption 1.1 published
Date: 	Fri, 19 Oct 2012 17:13:54 -0400
From: 	Hirsch Frederick (Nokia-CIC/Boston) <Frederick.Hirsch@nokia.com>
To: 	W3C XML Coordination <w3c-xml-cg@w3.org>
CC: 	Hirsch Frederick (Nokia-CIC/Boston) <Frederick.Hirsch@nokia.com>, 
Barstow Art (Nokia-CIC/Boston) <Art.Barstow@nokia.com>



The XML Security WG has published Last Call working drafts of XML Signature 1.1 and XML Encryption 1.1:

XML Signature Syntax and Processing Version 1.1 - http://www.w3.org/TR/2012/WD-xmldsig-core1-20121018/

XML Encryption Syntax and Processing Version 1.1 - http://www.w3.org/TR/2012/WD-xmlenc-core1-20121018/

Please share the drafts for review of the latest changes (outlined in the status sections of the documents) and please let the XML Security WG know of any concerns (to the address listed in the documents).

These documents were previously published as CR drafts.  The reason for the return to Last Call is outlined in the following message to the chairs list [1]:

[[

XML Signature 1.1 was previously published as a Candidate Recommendation and then returned to Last Call since an item not marked as "at risk" was removed from the specification due to lack of interoperability testing (OCSPResponse), changes were made to references and language related to Elliptic Curve algorithms at the recommendation of the XML Security PAG [2], missing algorithm identifiers noted during interoperability testing were added for the SHA224 family of algorithms, the Exclusive C14N omits comments algorithm was added as required to implement, reflecting existing practice, and a correction was made by changing the KeyInfoReference implementation requirement to should instead of RetrievalMethod. There were also updates to references and some editorial improvements. Given the normative changes as a result of interoperability testing and review the working group agreed to another Last Call progressing then to PR.

XML Encryption 1.1 was previously published as a Candidate Recommendation and then returned to Last Call since some normative material that had not been marked as "at-risk" was moved to an informative appendix (AES-128/192/256-pad symmetric key wrap algorithm), AES192-GCM was added as an optional to implement block encryption algorithm after noted as missing during interoperability, and the requirement for the RSA 1.5 key transport algorithm was changed from required to optional to address security concerns recently noted in the research literature. The working group agreed to another Last Call progressing then to PR.

...

[2] https://lists.w3.org/Archives/Member/w3c-ac-members/2012OctDec/0020.html

]]

The intent of the XML Security WG is to go to PR as soon as possible for these documents (and XML Signature Properties draft) after LC completes. Interop has already been completed. The documents include links to documents summarizing changes since the previous Recommendation - these explanation documents were published as W3C Notes in conjunction with the Last Call publication.

Thanks

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG

[1] https://lists.w3.org/Archives/Member/chairs/2012OctDec/0030.html

Begin forwarded message:

> From: "Hirsch Frederick (Nokia-CIC/Boston)" <Frederick.Hirsch@nokia.com>
> Date: October 19, 2012 3:34:05 PM EDT
> To: XMLSec WG Public List <public-xmlsec@w3.org>
> Cc: "Hirsch Frederick (Nokia-CIC/Boston)" <Frederick.Hirsch@nokia.com>
> Subject: Last Call working drafts of XML Signature 1.1 and XML Encryption 1.1 published
>
> Last Call working drafts of XML Signature 1.1 and XML Encryption 1.1 have been published:
>
> XML Signature 1.1:  http://www.w3.org/TR/2012/WD-xmldsig-core1-20121018/
>
> XML Encryption 1.1:  http://www.w3.org/TR/2012/WD-xmlenc-core1-20121018/
>
> The Last Call ends 8 November 2012.
>
> The corresponding "Functional Explanation of Changes" documents were published as W3C Notes:
>
> Functional Explanation of Changes in XML Signature 1.1: http://www.w3.org/TR/2012/NOTE-xmldsig-core1-explain-20121018/
>
> Functional Explanation of Changes in XML Encryption 1.1: http://www.w3.org/TR/2012/NOTE-xmlenc-core1-explain-20121018/
>
> Thanks to everyone in the working group for progressing this work.
>
> regards, Frederick
>
> Frederick Hirsch, Nokia
> Chair XML Security WG
Received on Saturday, 20 October 2012 11:41:53 UTC