W3C-XMLDSIG-CORE-2
W3C XMLDSig Core 2 effort revision abandonne.
Définition
XMLDSig 2.0 ambitions vs XML Signature 1.1 : (1) Simplification : reduction option matrix complexity, (2) Streaming Signatures : support generate/validate signatures stream-based pour processing large XML documents sans loader full DOM memory, (3) Performance optimizations : reduce canonicalization overhead, (4) Security improvements : address padding oracle vulnerabilities, mandate use AEAD ciphers, deprecate weak algorithms. Status : last Working Draft 24 janvier 2013, W3C XML Security Working Group ferme 19 decembre 2014, XMLDSig 2.0 jamais atteint Recommendation status. Resultats : industry continue XML Signature 1.1 + organisations modernes prefer JOSE JSON Object Signing and Encryption (JWS JSON Web Signature, JWE JSON Web Encryption) JSON-based alternatives + new SD-JWT, Verifiable Credentials VC W3C standards pour signatures structurees.
Origine
W3C XML Security Working Group XMLDSig 2.0 effort 2010-2014 ; last Working Draft 24 janvier 2013 ; WG ferme 19 decembre 2014 ; XMLDSig 2.0 never reached Recommendation.
Exemple en contexte
Aucune implementation production XMLDSig 2.0 connue ; organisations modernes utilisent XML Signature 1.1 (XML legacy use cases) ou migrent JWS JWE JSON-based signatures (REST APIs, JWT tokens, Verifiable Credentials).
Termes liés
- W3C XML Signature 1.1 — version actuelle.