W3C home > Mailing lists > Public > xml-encryption@w3.org > October 2000

Re: Towards secure XML (sXML)

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Mon, 30 Oct 2000 13:20:46 -0500
Message-Id: <>
To: "Fikkert, Dick W." <Fikkert@fel.tno.nl>
Cc: "Public XML Encryption List" <xml-encryption@w3.org>
At 09:06 10/28/2000 -0700, Fikkert, Dick W. wrote:
>I think it would be nice for outsiders to know that W3C is working on
>sXML (secure XML). This also implies that security is designed into
>XML and not added as an afterthought.

Hi Dick, I wanted to qualify this point given the W3C has to be careful 
about the expectations it sets. The term XML Security or Secure XML is 
useful in that it encompasses a suite of issues related to securing XML. 
However, in this domain the W3C is only working on XML Signatures. (That's 
the only chartered activity.) It's considering working on XML Encryption (as 
evidenced by the workshop) but that's all that can be said with respect to 
W3C Activities.

There are many issues like signature {profiles, semantics, trust models}, 
authentication, authorization, translating existing structures to XML, 
security protocols, etc. that are part of the bigger picture but are not 
presently addressed. (It'd be nice if they were, but trying to take all of 
that on at once decreases the likelihood of success over them individually 
and jointly.)

Joseph Reagle Jr.
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
Received on Monday, 30 October 2000 13:20:53 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:13:00 UTC