1.4 Work in Progress

Work has been done and continues to progress on higher-level structures built on XML Security. The following efforts are covered in this book:

• The XML Key Management Specification [XKMS] is the focus of a W3C working group [XKMS WG]. An overview of version 1.0 appears in Chapter 14.

• "Advanced" XML Signatures [XAdES], which meet certain government directives for trust, are under development in [ETSI]. An overview of a draft appears in Chapter 12.

• The Decryption Transform for XML Signature [Decrypt] is currently a W3C Working Draft in the XML Encryption Working Group [XMLENC WG]; it is covered in Chapter 16. (It is designed to help a signature verifier figure out which parts of the signed data were encrypted before and after signature creation.)

• Although not directly related to XML Security, work continues in the W3C on the refinement of SOAP. See Chapter 8.

In addition, some higher-level trust work is not covered in this book:

• XACML, eXtensible Access Control Markup Language, under development by the Organization for the Advancement of Structured Information Standards (OASIS) consortium [OASIS]

• SAML, Security Assertion Markup Language, under development by the OASIS consortium [OASIS, Vtrust], which combines previous S2ML and AuthXML efforts

• XTASS, XML Trust Assertion Service Specification, which was merged in S2ML

Some of the earlier higher-level trust-related XML proposals were released early to block "boxing" patents. Because it is so simple to obtain patents on obvious and trivial extensions to published ideas, it is frequently a good idea to put out documentation on extensions to such ideas. Otherwise, you can find yourself boxed in by some company with more legal clout than technical expertise.