Re: Towards secure XML (sXML)

At 09:06 10/28/2000 -0700, Fikkert, Dick W. wrote:
>I think it would be nice for outsiders to know that W3C is working on
>sXML (secure XML). This also implies that security is designed into
>XML and not added as an afterthought.

Hi Dick, I wanted to qualify this point given the W3C has to be careful 
about the expectations it sets. The term XML Security or Secure XML is 
useful in that it encompasses a suite of issues related to securing XML. 
However, in this domain the W3C is only working on XML Signatures. (That's 
the only chartered activity.) It's considering working on XML Encryption (as 
evidenced by the workshop) but that's all that can be said with respect to 
W3C Activities.

There are many issues like signature {profiles, semantics, trust models}, 
authentication, authorization, translating existing structures to XML, 
security protocols, etc. that are part of the bigger picture but are not 
presently addressed. (It'd be nice if they were, but trying to take all of 
that on at once decreases the likelihood of success over them individually 
and jointly.)

Joseph Reagle Jr.
W3C Policy Analyst      
IETF/W3C XML-Signature Co-Chair

Received on Monday, 30 October 2000 13:20:53 UTC