XML News from Thursday, April 8, 2004

The Organization for the Advancement of Structured Information Standards (OASIS) has voted to approve several Web Services Security specifications as official standards. Of course, they won't actually tell anybody what those specifications are, and their web site seems to be down about one out of every two conenction attempts; and from what one can find, it seems there was at least one major flaw in the specification as written which will have to be addressed later in an erratum; but hey, they've got some specs out, somewhere!

In my experience, OASIS is the place companies go when they want to be able to brand something as a standard without doing the hard work of verifying that it actually makes sense. OASIS does have the benefit of being much more open to individual participation than most other standards bodies, which has led a couple of smart developers to move their projects there. (RELAX NG and DocBook come to mind.) However, the company led projects at OASIS seem to be uniformally disastrous: big, clunky, and irrelevant.


The W3C XKMS Working Group Working Group has posted candidate recommendations of XML Key Management Specification (XKMS) and XML Key Management Specification (XKMS) Bindings. XKMS is a set of "protocols for distributing and registering public keys, suitable for use in conjunction with the standard for XML Signatures [XML-SIG] defined by the World Wide Web Consortium (W3C) and the Internet Engineering Task Force (IETF) and companion standard for XML encryption [XML-ENC]. The XML Key Management Specification (XKMS) comprises two parts -- the XML Key Information Service Specification (X-KISS) and the XML Key Registration Service Specification (X-KRSS). These protocols do not require any particular underlying public key infrastructure (such as X.509) but are designed to be compatible with such infrastructures." Comments are due by October 1.