Update: Security Work at W3C Thomas Roessler, W3C (channelled by:

Slides:



Advertisements
Similar presentations
Confluence Wiki Implementation? 14 June Agenda What? Why? Wow! How? When? 2.
Advertisements

XML Key Management Requirements W3C XML Key Management Working Group Meeting – Dec 9 th, 2001 Frederick Hirsch (Zolera Systems) Mike Just (Entrust)
OASIS OData Technical Committee. AGENDA Introduction OASIS OData Technical Committee OData Overview Work of the Technical Committee Q&A.
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
W3C XML Schema: what you might not know (and might or might not like!) Noah Mendelsohn Distinguished Engineer IBM Corp. October 10, 2002.
Jabber and Extensible Messaging and Presence Protocol (XMPP) Presenter: Michael Smith Cisc 856 Dec. 6, 2005.
SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.
Copyright © 2003 Colin Perkins SDP Specification Update Colin Perkins
W3C XML Query Language Working Group Mark Needleman Data Research Associates ZIG Current Awareness Session July 13, 2000.
OAuth 2.0 Security IETF OAuth WG Conference Call, 14th December 2012.
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET.
Internet Research Task Force Crypto Forum Research Group IETF 89 March 3, 2014 London List: Chairs:
SIP working group status Keith Drage, Dean Willis.
XML Signature Prabath Siriwardena Director, Security Architecture.
SAML Right Here, Right Now Hal Lockhart September 25, 2012.
Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.
MASS / DKIM BOF IETF – Paris 4 Août 2005 dkim.org  mipassoc.org/mass IETF – Paris 4 Août 2005 dkim.org  mipassoc.org/mass MIPA.
SAML 2.1 Building on Success. Outline n Summary of SAML 2.0 n Work done since 2.0 n Objectives of SAML 2.1 n Proposed Task List n Undecided Issues n Invitation.
68th IETF – OPS area – XML MIB Modules XML MIB Modules draft-stephan-ops-xml-mib-module-template-00 draft-stephan-ops-xml-mib-module-template-00.
July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 Co-chairs: Steve Hanna
IAB Report Technical Plenary IETF 81 July 25, 2011.
IETF #82 DRINKS WG Meeting Taipei, Taiwan Fri, Nov 18 th
Routing Area Open Meeting Hiroshima, November 2009 Area Directors Ross Callon Adrian Farrel.
1 Possible Principles and Requirements Frederick Hirsch, Nokia 12 July 2008.
1 IETF Status at IETF 79 Russ Housley IETF Chair.
Lemonade IETF 64.5 Eric Burger Glenn Parsons
PAWS Protocol to Access White Space DB IETF 81 Gabor Bajko, Brian Rosen.
PG 1 Netconf Data Model Netmod BOF – IETF 60 Sharon Chisholm – Randy Presuhn -
ECRIT Virtual Interim Meeting 3rd June 2009, 1PM EDT (New York) Marc Linsner Hannes Tschofenig.
WG Document Status 192nd IETF TEAS Working Group.
CTI Technical Committee Convener Call 11 May
Audio/Video Transport Core Maintenance Working Group Magnus Westerlund Roni Even Jabber room:
DICOM to ISO-DICOM Report to joint ISO TC215/WG2 – DICOM WG10 meeting January 24, 2004, San Diego.
1 Yet Another Mail Working Group IETF 78 July 29, 2010.
IAB Chair Report IETF 88 – Vancouver, BC, CA 6 November 2013.
IETF DRINKS Interim Meeting (#82.5) Virtual Interim Meeting Wed, Feb 1 st p-6p UTC/9a-1p Eastern.
Open issues from SIP list Jonathan Rosenberg dynamicsoft.
Diameter Maintenance and Extensions (dime) IETF 68, March 2007, Prague David Frascone, Hannes Tschofenig.
Secure Multipart Internet Mail (S/MIME) Working Group Tuesday, July 24, 2007 Afternoon Session III
OData Technical Committee Convener Call June 5, 2012.
IETF 851 Chairs: Flemming Andreasen Miguel A. Garcia [Paul Kyzivat substitute for this meeting]
1 CCSDS Security Working Group Spring 2011 Meeting May 2011 Deutsches Institut für Normung (DIN) Berlin, Germany Howard Weiss NASA/JPL.
Data Archive Ingest WG Report to MOIMS Plenary May 14, 2004.
July 2007 CAPWAP Protocol Specification Editors' Report July 2007
Agenda Marc Blanchet and Chris Weber July 2011 IRI WG IETF 81 1.
Public Key Infrastructure Using X.509 (PKIX) Working Group March 20,
Mylar Release Review | © 2006 by UBC, made available under the EPL v1.0 1 Mylar 1.0 Release Review Mik Kersten Rob Elves November 22, 2006.
SIP Working Group IETF 74 chaired by Keith Drage, Dean Willis.
HTTPbis BOF IETF 69, Chicago BOF Chairs: Mark Nottingham Alexey Melnikov Mailing List: Jabber:
Interface to the Routing System (IRS) BOF IETF 85, Atlanta November 2012.
RADEXT WG Virtual Interim Agenda Monday, October 11, :00 AM – 10:00 AM PDT Please join the Jabber room:
Agenda Tobias Gondrom March 2011 Websec WG IETF 80 1.
Traceroute Storage Format and Metrics draft-niccolini-ippm-storetraceroutes-03 Saverio Niccolini, Sandra Tartarelli, Juergen Quittek Network Laboratories,
Long-term Archive and Notary Services (LTANS) Working Group.
Guide to Scientific Editor (SE) Journal of Mountain Science (JMS)
WREC Working Group IETF 49, San Diego Co-Chairs: Mark Nottingham Ian Cooper WREC Working Group.
Text2PTO: Modernizing Patent Application Filing A Proposal for Submitting Text Applications to the USPTO.
OASIS Digital Signature Services and ETSI standards Juan Carlos Cruellas – UPC Stefan Drees - DSS-X co-chair Nick Pope – Thales.
Other DKIM-Related Drafts
August 1, 2005 Carl Wallace & Tobias Gondrom
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
Migration-Issues-xx Where it’s been and might be going
draft-ipdvb-sec-01.txt ULE Security Requirements
STIR WG IETF-100 PASSPorT Extension for Resource-Priority Authorization (draft-ietf-stir-rph-01) November, 2017 Ray P. Singh, Martin Dolly, Subir Das,
Jonathan Rosenberg dynamicsoft
STIR WG IETF-99 PASSPorT Extension for Resource-Priority Authorization (draft-ietf-stir-rph-00) July, 2017 Ray P. Singh, Martin Dolly, Subir Das, and An.
Web-based Imaging Management System Including CIM Realignment
Access Node Control Protocol (ANCP)
Presentation transcript:

Update: Security Work at W3C Thomas Roessler, W3C (channelled by:

Three + 1 things ● Web security context ● Forms ● XML signature and encryption maintenance ++ ● Hopefully Thomas is listening and on jabber…

Web Security Context ● Current state: – TLS is undermined by web user interfaces – Few consistent security indicators – Indicators easily spoofable ● What information should be presented to users? ● How to do this robustly? ● How to do this usably?

Web Security Context ● Current state of the work: Use Case Document published as First Public Working Draft – – Comments welcome! ● Next Step: What information, and how? ● Schedule: Anticipate first public working drafts of RECs in June – ● W3C members + invited experts + public mail archive – Comments:

HTML Form Annotations ● What if an HTML form field could say “I am a user name field”? – Currently, we only have obfuscation of information entered into password fields. – Think of coupling forms and HTTP authentication. Think of cryptographic algorithms. Think of clever user interactions. ● Form WG charter includes task to look at this space of requirements – Work to be done in joint task force with HTML WG. Join through either HTML or Forms side. ● Places to go: – – (easier entrance point)

The Plan for XML Signature and Friends ● Fix the known minor problems quickly (next slide) ● Document what other issues and desires are known, but don't resolve them – Then, follow-up work. ● XML Security Specifications Maintenance WG – Chartered through 31 December 2007 – Workshop some time in late summer? ● Lots of external input/review wanted ● TLR will IETF-69 (Chicago) – ● W3C members + invited experts (maybe IETF-liberal)

XML Signature ● ●... same as RFC 3275 ● (Inclusive) Canonical XML 1.0 is a MUST but has issues with namespaces (xml:id) – Transforms allow XPath deletion of elements; grandparent inheritance of namespaces – XML Core WG working on C14N 1.1 – Exclusive C14N untouched, but MUST will still be C14N 1.1 (inclusive) – Decryption transform for XML Signature has similar issues ● We'd like to sort this out without reopening the whole thing immediately

IETF Interaction ● Publication of minor changes to dsig-core as RFC seems warranted. ● Therefore, plan to submit updated version of the xmlsig spec (PER) as Internet-Draft for IETF review – I-D maybe in summer (IETF-69?) – PER = Proposed edit REC = REC + diffs => REC – Interop is planned before PER/I-D done ● We might tell you that proposed changes are out of scope for this round – Algorithm-agility (sha-256) fits here most likely – Speak to us about future work!

Contacts ● Security Activity Lead: Thomas Roessler – Planning to attend IETF in Chicago. ● WSC WG Chair: Mary Ellen Zurko ● XML Sec WG Chair: Frederick Hirsch

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.