Slashdot Mirror

← Back to Stories (view on slashdot.org)

W3C Recommends XML Signature Syntax

Posted by michael on from the sealed-with-a-kiss dept.

__past__ writes: "The W3C released a recommendation on XML Signature Syntax and Processing. The interesting point is not only that this is quite an important step for secure XML processing (esp. with regarding to web services), but also because there are some possibly ugly patent issues."

9 of 110 comments (clear)

  1. scary by SirSlud · · Score: 4, Interesting

    Patents really have shifted from implementation to idea in the software world, it seems.

    And doesn't the W3C accept RAND licensed patents now a W3C endorsed standards? (I can't recall if that went through or not.)

    --
    "Old man yells at systemd"
  2. Free the ideas or drop it by Anonymous Coward · · Score: 2, Interesting

    The W3C should eather get unrestricted free rights the XML Signature or find a new way of doing it. "Most patents are just logical extensions of existing ideas wrapped in legaleze to sound different"

    Shaun

  3. Conflict of interest? by bunyip · · Score: 5, Interesting

    So, as I understand it, a working group (WG) member creates a standard and then says, "Oh, hey, great standard guys, but now you're all going to have to pay me for it".

    Is this not a conflict of interest? Should the WG member be immediately voted off? Perhaps they should be tarred and feathered, run out of town on a rail?

    I prefer the latter approach, it may reduce the number of bogus patent claims.

    Alan.

    1. Re:Conflict of interest? by dorkstar · · Score: 2, Interesting

      That's why the W3C got into such big trouble with RAND licenses. They were having situations like the one you describe. So, they tried to make an explicit policy about what their contributors were allowed to do with regards to patents. Their first effort generated quite a stir, as you might remember.

      Remember, despite the aura of benevolence surrounding the W3C, it is necessarily made up of the big players in IT--Microsoft, IBM, Adobe, etc. Those companies are big enough to have departments that want to play fair and other departments that want to make loads of cash on the patents they own. Most of those companies have done something unpopular as regards intellectual property at some point.

      It's quite a hard balance for the W3C to strike. They want to make standards that are interesting and that the big players will adopt, or they will become a useless body. On the other hand, those big companies own lots of patents and don't always want to give them up just for some lofty ideals about standards. That's why it's taking the W3C quite a while to formulate a policy that everyone is willing to work under.

  4. XML=shoehorn everything into standard syntax by brenfern · · Score: 2, Interesting
    With XML, we are losing many useful syntaxes in the quest for a one-size-fits-all syntax that is actually quite bloated and hard to parse. Plus, the temptation to put everything into the same model is overwhelming. Just look at the readability of XSL - pure madness.

    Many XML advocates try to kill 3 birds with one stone:
    • For structured data representation & code
    • For markup
    • for data storage

    Personally I wish that if there had to be one standard syntax for human-readable data representation & code it was at least something sensible like LISP - at least then I can do paren-matching in my text editor. As for markup, SGML does have many advantages (the only disadvantage from XML is its alleged complexity), and as for storage, you can use actual databases to put our data in (you can argue the toss about RDBMS vs ORDBMS/XMLDBMS, though I think traditional RDBMS are fine really).

    Really though I hope people will learn to use lex/Yacc and choose a syntax or structure most appropriate for their needs. I have seen many a programming team replace a syntax that works with XML syntax because it is seen to be more modern. To me this is throwing out the baby with the bathwater.
  5. Re:W3C / XML brain damage by innate · · Score: 2, Interesting

    There is XML digital signature support in .NET. Since it was released prior to the W3C recommendation it may not be fully compliant but it looks similar. Hopefully now they will update their implementation (what were they supposed to do, delay .NET until W3C got around to publishing the recommendation?).

    See this page for more info and sample code.

    --
    No, I don't want to explore the Recycle Bin.
  6. Digitial Signatures and XML = Good Thing... by soap.xml · · Score: 4, Interesting

    I would hope that the community and the possible "patent holders" allow for this to go forward. There really is a need for such a technology the XML/Web Services space.

    Having the ability to sign a document, or even a fragment of a document, allows for customers to "trust" that document and its contents. Sure https/ssl is a good way to "secure" the data during transit. But how can you be sure (currently) that the document I am sending you contains the proper information?

    Think of this in a b2b ecommerce setup. I can send you my pricing sheets, in xml format, you can be sure that they are really the proper pricing, and can be assured of the "current" availablity. In the same XML document, I can include reviews and any other pertanant infromation about a given product. Digitally signed and verified from a trusted third party source. My customers are now not worried that I am trying to push a product line by falsifing results, and I am providing them with content for there catalogs...

    To me, if it makes it through any "patent problems" this could be a very good thing ;)

    -ryan
  7. Re:XML is no longer simple by helix_r · · Score: 2, Interesting
    So I will need to purchase XML Spy, Microsoft .NET Framework, or learn to use Emacs in order to process information. That cuts out 99% of the population.

    You need to make a distinction between those that process information and those that create the tools that others use to process information. If you are creating tools, yes, you do need to spend a lot of time learning complicated XML details and you do need to use some annoying technology. If you are not a programmer and you just need to "process information", XML will and is already transparently making your life easier.

    Do you think more or fewer people create their own websites now that we have FrontPage?

    Yeah more, so?

  8. XMLDSIG in the .NET Framework by bal · · Score: 3, Interesting
    The XMLDSIG implementation in the .NET Framework is fully compliant with the final XMLDSIG Recommendation. (I'm a co-author of the XMLDSIG standard and my group at Microsoft owns the XMLDSIG implementation in the .NET Framework.) The .NET Framework implementation was one of the original four to participate in interop testing at the Pittsburgh IETF (July 2000) and we tracked every change in the spec since then.

    The classes implementing XMLDSIG are located in the System.Security.Cryptography.Xml namespace in the System.Security.dll assembly.

    --bal