- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Mon, 30 Oct 2000 13:20:46 -0500
- To: "Fikkert, Dick W." <Fikkert@fel.tno.nl>
- Cc: "Public XML Encryption List" <xml-encryption@w3.org>
At 09:06 10/28/2000 -0700, Fikkert, Dick W. wrote:
>I think it would be nice for outsiders to know that W3C is working on
>sXML (secure XML). This also implies that security is designed into
>XML and not added as an afterthought.
Hi Dick, I wanted to qualify this point given the W3C has to be careful
about the expectations it sets. The term XML Security or Secure XML is
useful in that it encompasses a suite of issues related to securing XML.
However, in this domain the W3C is only working on XML Signatures. (That's
the only chartered activity.) It's considering working on XML Encryption (as
evidenced by the workshop) but that's all that can be said with respect to
W3C Activities.
There are many issues like signature {profiles, semantics, trust models},
authentication, authorization, translating existing structures to XML,
security protocols, etc. that are part of the bigger picture but are not
presently addressed. (It'd be nice if they were, but trying to take all of
that on at once decreases the likelihood of success over them individually
and jointly.)
__
Joseph Reagle Jr.
W3C Policy Analyst mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair http://www.w3.org/People/Reagle/
Received on Monday, 30 October 2000 13:20:53 UTC