W3C XML Security 1.1 Recommendations:
This document specifies XML digital signature processing rules and syntax. XML Signatures provide integrity, message authentication, and/or signer authentication services for data of any type, whether located within the XML that includes the signature or elsewhere.
This document specifies a process for encrypting data and representing the result in XML. The data may be in a variety of formats, including octet streams and other unstructured data, or structured data formats such as XML documents, an XML element, or XML element content. The result of encrypting data is an XML Encryption element that contains or references the cipher data.
This document outlines the syntax and processing rules and an associated namespace for properties to be used in XML Signatures. These can be composed with any version of XML Signature using the XML SignatureProperties element. These properties are intended to meet code signing requirements.
W3C Working Group Notes related to XML Security 1.1:
This document summarizes scenarios, design decisions, and requirements for the XML Signature and Canonical XML specifications, to guide ongoing W3C work to revise these specifications.
This document provides a summary of non-editorial changes in XML Signature 1.1 from the previous XML Signature Recommendation.
This document provides a summary of non-editorial changes in XML Encryption 1.1 from the previous XML Encryption Recommendation.
This document summarizes XML Security algorithm URI identifiers and the specifications associated with them.
This document specifies an XML syntax and processing rules for generic hybrid ciphers and key encapsulation mechanisms and reserves identifiers for algorithms.
This document provides non-normative RELAX NG schemas in the compact syntax as well as the XML syntax.
This document collects best practices for implementers and users of the XML Signature specification, some of which to improve security and mitigate attacks.
W3C Working Group Notes concluding XML Security 2.0 (non-normative):
This document outlines use cases, requirements and design choices for XML Security 2.0, specifically Canonical XML 2.0 and XML Signature 2.0. It includes a proposed simplification of the XML Signature Transform mechanism, intended to enhance security, performance, streamability and to ease adoption.
This informative W3C Working Group Note describes XML digital signature processing rules and syntax. XML Signatures provide integrity, message authentication, and/or signer authentication services for data of any type, whether located within the XML that includes the signature or elsewhere.
XML Signature 2.0 includes a new Reference processing model designed to address additional requirements including performance, simplicity and streamability. This "2.0 mode" model is significantly different than the XML Signature 1.x model in that it explicitly defines selection, canonicalization and verification steps for data processing and disallows generic transforms. XML Signature 2.0 is designed to be backward compatible through the inclusion of a "Compatibility Mode" which enables the XML Signature 1.x model to be used where necessary.
This informative W3C Working Group Note describes Canonical XML Version 2.0, a canonicalization algorithm for XML Signature 2.0. It addresses issues around performance, streaming, hardware implementation, robustness, minimizing attack surface, determining what is signed and more.
This informative W3C Working Group Note describes a streamable profile of XPath 1.0 suitable for use with XML Signature 2.0.
This informative W3C Working Group Note describes specifies how the XML Signature 2.0 transform model may be used with XML Encryption 1.1 for CipherReference processing.
This document outlines test cases for Canonical XML 2.0.
"Web Application Privacy Best Practices", W3C Working Group Note 03 July 2012; Frederick Hirsch, http://www.w3.org/TR/2012/NOTE-app-privacy-bp-20120703/
"Importance and Impact of Requirements on Technical Solutions for Identity". W3C Workshop on Identity in the Browser. 24/25th May 2011, Mountain View (USA). Frederick Hirsch http://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_31.html
"Web Tracking and User Privacy Workshop - Importance of User Intent". W3C Workshop on Web Tracking and User Privacy. 28/29 April 2011, Princeton, NJ, USA. 28/29 April 2011; Frederick Hirsch. http://www.w3.org/2011/track-privacy/papers/Nokia-Hirsch.html
"Device API Access Control Use Cases and Requirements", W3C Working Group Note. 17 March 2011; Laura Arribas, Frederick Hirsch, Dominique Hazaël-Massieux. http://www.w3.org/TR/2011/NOTE-dap-policy-reqs-20110317/
"Device APIs and Privacy", Future of Mobile Web Applications - W3C Device API Day 2011, Seoul, 17 March 2011; http://www.fjhirsch.com/Papers/2011-03-17-hirsch-seoul-workshop.pdf
"Internet Privacy Workshop Position Paper: Privacy and Device APIs". Internet Privacy Workshop: How can Technology help to improve Privacy on the Internet? 8-9 December 2010 at MIT CSAIL. IAB workshop on Internet Privacy, jointly organized with the W3C, ISOC, and MIT CSAIL. 5 November 2010; Frederick Hirsch. http://www.iab.org/wp-content/IAB-uploads/2011/03/frederick_hirsch-revised.pdf
"Position Paper: Privacy and Policy in the DAP WG a DAP Perspective", W3C Workshop on Privacy and data usage control 04/05 October 2010, Cambridge (MA). 2 September 2010; Frederick Hirsch, Robin Berjon. http://www.w3.org/2010/policy-ws/papers/14-Hirsch-Berjon-DAP.html
"Device API Privacy Requirements", W3C Working Group Note. 29 June 2010; Alissa Cooper, Frederick Hirsch, John Morris. http://www.w3.org/TR/2010/NOTE-dap-privacy-reqs-20100629/
"Privacy Workshop Position Paper - The DAP Perspective", W3C Workshop on Privacy for Advanced Web APIs 12/13 July 2010, London. 4 June 2010 Robin Berjon, Frederick Hirsch http://www.w3.org/2010/api-privacy-ws/papers/privacy-ws-11.html
"Critical issues in the practical use of digital signatures", OASIS Open Standards Forum 2008; 1 October 2008 Frederick Hirsch; http://events.oasis-open.org/home/sites/events.oasis-open.org.home/files/Hirsch.pdf
"XML Signature Syntax and Processing (Second Edition)", W3C Recommendation, 10 June 2008; Donald Eastlake, Joseph Reagle, David Solo, Frederick Hirsch (2nd edition), Thomas Roessler (2nd Edition); http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/
"What’s new with XML Signature", IDTRUST 2008: 7th Symposium on Identity and Trust on the Internet, Program and Proceedings - RUMP Session, IDtrust 5 March 2008. Frederick Hirsch; http://middleware.internet2.edu/idtrust/2008/slides/09-hirsch-xml-signature.pdf"
"Web Services Policy 1.5 - Guidelines for Policy Assertion Authors", W3C Working Group Note 12 November 2007; Asir Vedamuthu, David Orchard, Frederick Hirsch, Maryann Hondo, Prasad Yendluri, Toufic Boubez, Ümit Yalçinalp; http://www.w3.org/TR/2007/NOTE-ws-policy-guidelines-20071112/
"Web Services Policy 1.5 - Primer", W3C Working Group Note 12 November 2007; Asir Vedamuthu, David Orchard, Frederick Hirsch, Maryann Hondo, Prasad Yendluri, Toufic Boubez, Ümit Yalçinalp; http://www.w3.org/TR/2007/NOTE-ws-policy-primer-20071112/
"Workshop Report: W3C Workshop on Next Steps for XML Signature and XML Encryption", W3C Report, 27 September 2008; Frederick Hirsch, Thomas Roessler (and workshop participants) http://www.w3.org/2007/xmlsec/ws/report.html
"Web Services Policy 1.5 - Attachment", W3C Recommendation 04 September 2007; Asir Vedamuthu, David Orchard, Frederick Hirsch, Maryann Hondo, Prasad Yendluri, Toufic Boubez, Ümit Yalçinalp; http://www.w3.org/TR/2007/REC-ws-policy-attach-20070904/
"Web Services Policy 1.5 - Framework", W3C Recommendation 04 September 2007; Asir Vedamuthu, David Orchard, Frederick Hirsch, Maryann Hondo, Prasad Yendluri, Toufic Boubez, Ümit Yalçinalp; http://www.w3.org/TR/2007/REC-ws-policy-20070904/
"WSDL 1.1 Element Identifiers", W3C Working Group Note 20 July 2007; Asir Vedamuthu, David Orchard, Frederick Hirsch, Maryann Hondo, Prasad Yendluri, Toufic Boubez, Ümit Yalçinalp; http://www.w3.org/TR/2007/NOTE-wsdl11elementidentifiers-20070720/
"Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V2.0", OASIS Standard, 15 March 2005; Frederick Hirsch, Rob Philpott, Eve Maler; http://docs.oasis-open.org/security/saml/v2.0/saml-sec-consider-2.0-os.pdf
"OMA Web Services Enabler (OWSER): Core Specifications", Open Mobile Alliance (OMA), Approved Version 1.0 - 15 Jul 2004; Frederick Hirsch and others; http://www.openmobilealliance.org/release_program/docs/CopyrightClick.asp?pck=OWSER&file=V1_0-20040715-A/OMA-OWSER-Core-Specification-V1_0-20040715-A.pdf, Owser site http://www.openmobilealliance.org/release_program/owser_v10.html.
"OMA Web Services Enabler (OWSER): Overview", Open Mobile Alliance (OMA), Approved Version 1.0 - 15 Jul 2004; Frederick Hirsch and others; http://www.openmobilealliance.org/release_program/docs/CopyrightClick.asp?pck=OWSER&file=V1_0-20040715-A/OMA-OWSER-Overview-V1_0-20040715-A.pdf, Owser site http://www.openmobilealliance.org/release_program/owser_v10.html.
"XML Key Management (XKMS 2.0) Requirements", W3C Note 05 May 2003; Frederick Hirsch, Mike Just; http://www.w3.org/TR/2003/NOTE-xkms2-req-20030505
"Getting Started With XML Security", 2002 (updated 28 February 2005); Frederick Hirsch; http://www.fjhirsch.com/xml/xmlsec/starting-xml-security.html
"TurboJ, a Java Bytecode-to-Native Compiler", Springer-Verlag, Lecture Notes In Computer Science; Vol. 1474, Proceedings of the ACM SIGPLAN Workshop on Languages, Compilers, and Tools for Embedded Systems, Pages: 119 - 130,ISBN:3-540-65075-X, 1998; Michael Weiss, François de Ferrière, Bertrand Delsart, Christian Fabre, Frederick Hirsch, E. Andrew Johnson, Vania Joloboff, Fred Roy, Fridtjof Siebert, Xavier Spengler; http://portal.acm.org/citation.cfm?id=710493&jmp=cit&coll=GUIDE&dl=GUIDE,ACM
"Teams, Tasks, and Notices: Managing Collaboration via the World Wide Web", WebNet97 Conference. 1997; Charles L. Brooks, Frederick J. Hirsch, W. Scott Meeks; The paper is available at http://www.fjhirsch.com/Papers/webnet/paper.html. Conference and bibliographic information at http://www.informatik.uni-trier.de/~ley/db/conf/webnet/webnet1997.html.
"Staying in the Loop: Multicast Asynchronous Notification for Intranet Webs", Australia WWW Technical Conference, May 7-9, 1997; W. Scott Meeks, Charles L. Brooks, Frederick J. Hirsch; A copy is available at http://www.fjhirsch.com/Papers/aw3tc/notif.html.
"Creating Custom Graphical Web Views Based on User Browsing History" Sixth International World Wide Web Conference, poster presentation, 7 May 1997; Frederick J. Hirsch, W. Scott Meeks, Charles L. Brooks; A copy is available on the conference CD-ROM, and also at http://www.fjhirsch.com/Papers/www6/poster/paper/hg.html
"Building a Graphical Web History Using Tcl/Tk", Fifth Annual Tcl/Tk Workshop poster presentation, July 14-17, 1997.; Frederick J. Hirsch; Tied for Second best poster. Information on the workshop is available at http://www.usenix.org/publications/library/proceedings/tcl97/technical.html , and a copy of the poster abstract is available at http://www.fjhirsch.com/Papers/tcl97/webhist.html
"Introduction to SSL and Certificates using SSLeay",World Wide Web Journal, Summer 1997; Frederick Hirsch; See http://oreilly.com/catalog/9781565923294/ for information on the printed version, and http://www.fjhirsch.com/Papers/wwwj/index.html for an online version.