W3C XML Encryption Charter

Chair(s):
Joseph Reagle <[email protected]>
W3C Technology and Society Domain Leader
Daniel Weitzner <[email protected]>

Status: This document  (200206) is the W3C XML Encryption Charter and is an updated version of (200110) that governed until July 2002. This version extends the charter of the Working Group (WG) until December 2002 (5 months) for active work necessary for completing the advancement of the WG's deliverables. The changes in this charter are adjustments to the Duration and Milestones of the Working Group, addition of a XML Encryption media-type registration deliverable, and a reference to the W3C Current Patent Practice.

Introduction

XML Encryption is a method whereby XML content can be transformed such that it is discernable only to the intended recipients, and opaque to all others. There are many applications for such a specification given the increasing importance of XML on the Internet and Web including the protection of payment and transaction information. The proposed work will obviously address how to encrypt an XML documents including elements.


Table of Contents


Mission Statement

The mission of this working group is to develop a process for encrypting/decyrpting digital content (including XML documents and portions thereof) and an XML syntax used to represent the (1) encrypted content and (2) information that enables an intendent recipient to decrypt it.


Scope

The core scope of this activity will be in specifying the necessary data model, syntax, and processing to encrypt XML content.

The Working Group (WG) will:

  1. Specify a requirements document that further defines the scope and requirements of the WG's deliverables.
  2. Specify the syntax and processing necessary for creating XML Encryption content. The WG should decide what level of granularity is appropriate with the meta-requirement that the design be simple to implement and quickly deployable.
  3. Choose a data model (and representation via XML element types or URIs) for describing any necessary public characteristics of the encrypted content (e.g., the data encrypted is an "http://someURI#elementNode"). The WG must use pre-existing models such as Information Set, XPath, SetX, or DOM.
  4. Choose a method (that can be optional) to canonicalize XML prior to encryption such that it can be decrypted consistently. The WG must use a pre-existing canonicalization method such as Canonical XML.
  5. Specify a minimal set of encryption and key information for interoperability purposes. This may be a separate document or part of the specification.
  6. Address security concerns arising from the design and its implementation. This may be a separate document or part of the specification.
  7. Optionally, develop a document of scenarios and recommendations regarding the affects and requirements of XML Encryption processing on XML parsing and validation. This must be a separate document.
  8. Redefining the charter for subsequent work once (1-7) has been achieved.

The requirement document must specify and describe the WG's choice with respect to the granularity of encryption, the data model and representation resulting from that choice, and the necessity and choice of canonicalization algorithms. The WG must rely upon existing W3C specifications as building blocks to its own design, unless the WG can demonstrate these specifications fail to meet the requirements of XML Encryption applications. In which case the WG must give a strong rationale and obtain Director approval.

Requirements

The following additional requirements must be met by the WG; these requirements must be augmented and extended by the Requirements Document deliverable: 

  1. The mechanisms of encryption must be simple: describe how to encrypt/decrypt digital content, XML documents, and portions thereof.
    1. Only enough information necessary for decryption need be provided.
    2. The specification must not address authorization, authentication, nor the confidence or trust applications place in the provision of a key though it should enable (or at least not hinder) such XML based technologies.
  2. XML-Encryption must be coordinated with and use the work product of other mature XML technologies including XML Schema and XML Signature. (See Coordination)
  3. All required, recommended and optional features of the specification must be implemented in at least two independent implementations before being advanced to Proposed Recommendation.

Constraints

The working group will not address the following issues:

  1. Public key infrastructure.
  2. Authentication and authorization.
  3. Trust management systems.
  4. XML schemas for certificates.

Demonstration Applications

It is hoped that the following applications being developed by members of the WG will provide a useful test of the completeness:

  1. XML Protocol

Deliverables

This working group will deliver the following:

  1. W3C Working Draft that captures the requirements on the encryption syntax, mechanism, data model, and algorithms.
  2. W3C Recommendation that defines the XML Encryption syntax and mechanism. Specification of (1) Minimal KeyInfo algorithms and structures and (2) security concerns can be part of this document or a separate document.
  3. An optional W3C Note exploring scenarios and recommendations regarding the affects and requirements of XML Encryption processing on XML parsing and validation.
  4. W3C Recommendation that defines a XML Signature Transform that can decrypt portions of XML prior to validation.
  5. An XML Encryption media type registration.
  6. If appropriate, charters for further work.

Duration and Milestones

This Working Group is scheduled for 21 months. Currently, its expected lifetime is from January 2001 through December 2002. Proposed Recommendations should be available by August 2002.

Beginning January 2001
Activity Start
Late February 2001
First WG Meeting (possilbe this could happen at the W3C Technical Plenary meeting on March 1)
Converge on XML Encryption Specification and Requirements Proposals
April 2001
First WG Requirements Working Draft
June 2001
First WG XML Encryption Working Draft
October 2001
XML Encryption Requirements Last Call
XML Encryption Syntax and Processing Last Call
Decryption Transform for XML Signature Last Call
March 2002
XML Encryption Syntax and Processing Candidate Recommendation
Decryption Transform for XML Signature Candidate Recommendation
August 2002
Second version of Candidate Recommendations
October 2002
XML Encryption Syntax and Processing Proposed Recommendation

Decryption Transform for XML Signature Proposed Recommendation

XML Encryption media type registration Informational RFC

Once established, the Working Group can decide to parallelize tasks by forming subgroups. These dates are subject to revision due to editorial needs and external scheduling issues; updates will be negotiated with the affected working groups and participants and recorded on the XML Encryption WG home page. Any change in a deliverable date must be brought to the attention of the W3C Domain leader and Director.


Confidentiality

This charter, the WG web page, and the mailing list and archives will be publicly accessible.


Coordination with Other Groups

During W3C Last Call, the Chair will procure reviews from the following W3C WGs before the specification will be advanced further:

  1. XML Signature WG
  2. XML Protocol
  3. XML Schema WG
  4. XML Core WG
  5. Internationalization IG

Since this Working Group will be public, its coordination with other W3C WGs must take this into account.


Communication Mechanisms

Working group members are expected to participate in an electronic mailing list, periodic teleconferences and face-to-face meetings. The WG consensus venue is the mailing list. Note, straw polls and assessments of consensus may be taken on teleconferences and face-to-face meetings which will then be sent to the list via minutes. If those decision are not opposed or questioned on the list, they naturally stand as the WG's consensus.

(See Participants for information on the roles and commitments of working group members.)

NOTE: The proceedings of this Working Group are public.

Group Home Page

In order to maintain shared context of the group and to provide access to the proceedings of the group, the Chair maintains a web page at http://www.w3.org/Encryption/2001/ .

Active participants are expected to have ready access to this page and be familiar with its contents.

Mailing List

Participants must subscribe to and participate in the public mailing list: <[email protected]>.

Teleconferences

As necessary, the Chair may convene teleconferences periodically for the purpose of quickly addressing and resolving open issues and tracking action items and deliverables.

The Chair is responsible for producing an agenda at least 24 hours in advance of each call, posting it along with the call details to the mailing list, and causing minutes of the call to be posted promptly after the call.

A public IRC channel should be available to complement/coordinate teleconference discussion. However, the IRC conversation is not necessarily part of the record: it must be stated on the teleconference as an IRC message is not necessarily a sufficient communication to the others on the teleconference.

Face to Face Meetings

The working group will have a day face to face meeting in February 2001. Meeting notice, advance agenda, and posting of minutes shall follow W3C timing rules.

Communication with the Public

This working group is public.


Patent Disclosures

W3C promotes an open working environment. Whenever possible, technical decisions should be made unencumbered by intellectual property right (IPR) claims.

This is a Royalty Free Working Group as described in the 24 January 2002 version of W3C's Current Patent Practice. The Current Patent Practice defines and formalizes the policy this Working Group has followed since its inception: to produce deliverables that may be implemented on a royalty-free basis. The Current Patent Practice Note also introduces some processes (e.g., related to the formation of PAGs) that were not previously explicit.

Working Group participants disclose patent claims by sending email to <[email protected]>. Because this is a public Working Group the disclosure must also be sent to the publicly archived <[email protected]> list. Please see Current Patent Practice for more information about disclosures.


Participants

This section describes the expectations and requirements of Staff, Member, and Public commitment necessary for this Working Group to be started -- and eventually succeed. The actual roles (chair, author, editor, contributor, implementor) and definitions are be defined by W3C Process and derivation of the XML Signature Working Group Contributor Policies.

Contributors to this working group are expected to commit to 15% (6 hours a week).  Commitments for Author and Editor positions are 25% and 35%  respectively -- with occasional crunch periods of %50.

4.4.1 W3C Team commitment

The working group has a W3C staff contact (who might also serve as (co)chair and requirements editor). It is expected the staff contact commitment (including requirements management and participation in any WGs that must be coordinated with) will take 30% of staff time. Chairing takes an additional 40%.

4.4.2 W3C Member commitment

This is a public working group and anyone may contribute to the Working Group. However, at the outset of the Activity, the interested W3C member organizations are expected to identify one or more individual contributors to the Working Group and the level of contribution at which they are willing to participate.

4.4.3 Public/Individual commitment

Public contributors are welcome to commit to the completion of any action item or to the fulfillment of the roles described in the Contributor Policies. Note, materials sent to the public list are part of the W3C site and subject to W3C policies and licenses. The W3C holds the copyright of all Working Group deliverables (e.g., specifications).


Joseph Reagle
$Id: xmlenc-charter.html,v 1.10 2002/10/25 18:22:15 reagle Exp $Date: 2001/10/17 21:23:35 $