Presentation is loading. Please wait.

Presentation is loading. Please wait.

Update: Security Work at W3C Thomas Roessler, W3C (channelled by:

Published byMonica Jones Modified over 8 years ago

Similar presentations

Presentation on theme: "Update: Security Work at W3C Thomas Roessler, W3C (channelled by:"— Presentation transcript:

1 Update: Security Work at W3C Thomas Roessler, W3C tlr@w3.org (channelled by: stephen.farrell@cs.tcd.ie)stephen.farrell@cs.tcd.ie

2 Three + 1 things ● Web security context ● Forms ● XML signature and encryption maintenance ++ ● Hopefully Thomas is listening and on jabber…

3 Web Security Context ● Current state: – TLS is undermined by web user interfaces – Few consistent security indicators – Indicators easily spoofable ● What information should be presented to users? ● How to do this robustly? ● How to do this usably?

4 Web Security Context ● Current state of the work: Use Case Document published as First Public Working Draft – http://www.w3.org/TR/wsc-usecases/ – Comments welcome! ● Next Step: What information, and how? ● Schedule: Anticipate first public working drafts of RECs in June – http://www.w3.org/2006/WSC/ http://www.w3.org/2006/WSC/ ● W3C members + invited experts + public mail archive – Comments: public-usable-authentication@w3.org

5 HTML Form Annotations ● What if an HTML form field could say “I am a user name field”? – Currently, we only have obfuscation of information entered into password fields. – Think of coupling forms and HTTP authentication. Think of cryptographic algorithms. Think of clever user interactions. ● Form WG charter includes task to look at this space of requirements – Work to be done in joint task force with HTML WG. Join through either HTML or Forms side. ● Places to go: – http://www.w3.org/MarkUp/Forms/ http://www.w3.org/MarkUp/Forms/ – http://www.w3.org/html/wg/ (easier entrance point) http://www.w3.org/html/wg/

6 The Plan for XML Signature and Friends ● Fix the known minor problems quickly (next slide) ● Document what other issues and desires are known, but don't resolve them – Then, follow-up work. ● XML Security Specifications Maintenance WG – Chartered through 31 December 2007 – Workshop some time in late summer? ● Lots of external input/review wanted ● TLR will be @ IETF-69 (Chicago) – http://www.w3.org/2007/xmlsec/ http://www.w3.org/2007/xmlsec/ ● W3C members + invited experts (maybe IETF-liberal)

7 XML Signature ● http://www.w3.org/TR/xmldsig-core ●... same as RFC 3275 ● (Inclusive) Canonical XML 1.0 is a MUST but has issues with namespaces (xml:id) – Transforms allow XPath deletion of elements; grandparent inheritance of namespaces – XML Core WG working on C14N 1.1 – Exclusive C14N untouched, but MUST will still be C14N 1.1 (inclusive) – Decryption transform for XML Signature has similar issues ● We'd like to sort this out without reopening the whole thing immediately

8 IETF Interaction ● Publication of minor changes to dsig-core as RFC seems warranted. ● Therefore, plan to submit updated version of the xmlsig spec (PER) as Internet-Draft for IETF review – I-D maybe in summer (IETF-69?) – PER = Proposed edit REC = REC + diffs => REC – Interop is planned before PER/I-D done ● We might tell you that proposed changes are out of scope for this round – Algorithm-agility (sha-256) fits here most likely – Speak to us about future work!

9 Contacts ● Security Activity Lead: Thomas Roessler – Planning to attend IETF in Chicago. ● WSC WG Chair: Mary Ellen Zurko ● XML Sec WG Chair: Frederick Hirsch

Download ppt "Update: Security Work at W3C Thomas Roessler, W3C (channelled by:"

Similar presentations

Confluence Wiki Implementation? 14 June 2010. Agenda What? Why? Wow! How? When? 2.

Confluence Wiki Implementation? 14 June Agenda What? Why? Wow! How? When? 2.
XML Key Management Requirements W3C XML Key Management Working Group Meeting – Dec 9 th, 2001 Frederick Hirsch (Zolera Systems) Mike Just (Entrust)

XML Key Management Requirements W3C XML Key Management Working Group Meeting – Dec 9 th, 2001 Frederick Hirsch (Zolera Systems) Mike Just (Entrust)
OASIS OData Technical Committee. AGENDA Introduction OASIS OData Technical Committee OData Overview Work of the Technical Committee Q&A.

OASIS OData Technical Committee. AGENDA Introduction OASIS OData Technical Committee OData Overview Work of the Technical Committee Q&A.
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.

Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
W3C XML Schema: what you might not know (and might or might not like!) Noah Mendelsohn Distinguished Engineer IBM Corp. October 10, 2002.

W3C XML Schema: what you might not know (and might or might not like!) Noah Mendelsohn Distinguished Engineer IBM Corp. October 10, 2002.
Jabber and Extensible Messaging and Presence Protocol (XMPP) Presenter: Michael Smith Cisc 856 Dec. 6, 2005.

Jabber and Extensible Messaging and Presence Protocol (XMPP) Presenter: Michael Smith Cisc 856 Dec. 6, 2005.
SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.

SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.
Copyright © 2003 Colin Perkins SDP Specification Update Colin Perkins

Copyright © 2003 Colin Perkins SDP Specification Update Colin Perkins
W3C XML Query Language Working Group Mark Needleman Data Research Associates ZIG Current Awareness Session July 13, 2000.

W3C XML Query Language Working Group Mark Needleman Data Research Associates ZIG Current Awareness Session July 13, 2000.
OAuth 2.0 Security IETF OAuth WG Conference Call, 14th December 2012.

OAuth 2.0 Security IETF OAuth WG Conference Call, 14th December 2012.
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.

Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET.

Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET.
Internet Research Task Force Crypto Forum Research Group IETF 89 March 3, 2014 London List: Chairs:

Internet Research Task Force Crypto Forum Research Group IETF 89 March 3, 2014 London List: Chairs:
SIP working group status Keith Drage, Dean Willis.

SIP working group status Keith Drage, Dean Willis.
XML Signature Prabath Siriwardena Director, Security Architecture.

XML Signature Prabath Siriwardena Director, Security Architecture.
SAML Right Here, Right Now Hal Lockhart September 25, 2012.

SAML Right Here, Right Now Hal Lockhart September 25, 2012.
Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.

Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.
MASS / DKIM BOF IETF – Paris 4 Août 2005 dkim.org  mipassoc.org/mass IETF – Paris 4 Août 2005 dkim.org  mipassoc.org/mass MIPA.

MASS / DKIM BOF IETF – Paris 4 Août 2005 dkim.org  mipassoc.org/mass IETF – Paris 4 Août 2005 dkim.org  mipassoc.org/mass MIPA.
SAML 2.1 Building on Success. Outline n Summary of SAML 2.0 n Work done since 2.0 n Objectives of SAML 2.1 n Proposed Task List n Undecided Issues n Invitation.

SAML 2.1 Building on Success. Outline n Summary of SAML 2.0 n Work done since 2.0 n Objectives of SAML 2.1 n Proposed Task List n Undecided Issues n Invitation.

Similar presentations

Ads by Google