[x3d-public] x3d-public Digest, Vol 70, Issue 2

Andreas Plesch andreasplesch at gmail.com
Sat Jan 3 12:19:44 PST 2015 

If X3D security is based on XML Encryption as W3C specified it is worth
noting that the wikipedia entry at
http://en.wikipedia.org/wiki/XML_Encryption references an article about
serious concerns on the security of the specification:

http://aktuell.ruhr-uni-bochum.de/pm2011/pm00330.html.en

This is from 2011, so it may have been addressed by a revision of the
specification since then.

-Andreas


On Sat, Jan 3, 2015 at 3:00 PM, <x3d-public-request at web3d.org> wrote:

> Send x3d-public mailing list submissions to
>         x3d-public at web3d.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://web3d.org/mailman/listinfo/x3d-public_web3d.org
> or, via email, send a message with subject or body 'help' to
>         x3d-public-request at web3d.org
>
> You can reach the person managing the list at
>         x3d-public-owner at web3d.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of x3d-public digest..."
>
>
> Today's Topics:
>
>    1. Re: [X3D-Public] X3D Security capabilities and needs
>       (Don Brutzman)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 3 Jan 2015 11:11:56 -0800
> From: Don Brutzman <brutzman at nps.edu>
> To: <info at 3dnetproductions.com>, 'Christoph Valentin'
>         <christoph.valentin at gmx.at>
> Cc: 'Web3D Consortium Members' <consortium at web3d.org>,  'X3D Graphics
>         public mailing list' <x3d-public at web3d.org>
> Subject: Re: [x3d-public] [X3D-Public] X3D Security capabilities and
>         needs
> Message-ID: <54A83EFC.6020204 at nps.edu>
> Content-Type: text/plain; charset="windows-1252"; format=flowed
>
> Christoph, again thanks for your feedback a few weeks ago.
>
> I've integrated numerous points (including yours) and added them to X3D
> Resources - Security.
>
> Continued scrutiny, issues and improvements continue to be welcome in this
> important area.
>
> http://www.web3d.org/x3d/content/examples/X3dResources.html#Security
>
> ====================================================================================
> Security
>
> The .x3d encoding is XML based, which means that the full power of Web
> Security can be applied to X3D Graphics models.
>
>      X3D Security Examples demonstrate conversions for XML Encryption and
> XML Signature (digital authentication)
>      X3D Security Examples README describes technical detail about how all
> this works.
>
> X3D capabilities for model security, existing and emerging:
>
>      Multiple forms of validation are available to prevent unwanted
> insertions of malicious content in X3D models.
>      Strongly typed metadata can be inserted in any X3D model. Interchange
> conventions are expected to emerge with growing usage.
>      Security mechanisms can be applied to high levels of detail (LOD),
> allowing authors to protect intellectual property at high resolution for
> authorized users while still rendering simple unrestricted models for other
> users.
>      XML Security compatibility, specifically the XML Encryption and XML
> Digital Signature (authentication) Recommendations.
>      XML Security mechanisms can be applied to entire scenes in .x3d files
> (XML documents) or scene subgraphs within an .x3d file (XML fragments).
>      XML Security mechanisms allow declaration of relevant encryption
> algorithms in the envelope header.
>      XML Security software is broadly available and usable by
> international partners in any context, including Web commerce.
>      Data-centric security is independent of network-transport security.
>      W3C Efficient XML Interchange (EXI) Working Group is ensuring that
> XML-based data compression can be used compatibly with XML Security.
>      W3C Security Interest Group serves as a forum for discussion about
> improving standards and implementations to advance the security of the Web.
>      Most of these capabilities are demonstrated and formalized already.
> Some are working-group efforts in progress. This emerging combination of
> capabilities can thus be considered low risk, with high probability of full
> convergence eventually occurring.
>
> X3D player and tool support for security:
>
>      X3D-Edit authoring tool.
>      Advanced developers can use native XML tools. Open security by design
> provided by XML Security is the strongest approach for international use.
>      Proprietary encryption tools are occasionally available. User beware:
> security through obscurity is not strong security.
>      Required support for secure url addresses using https and ssl/tls
> protocols are likely to be included in X3D versions 3.4 and 4.0.
>      TODO: better built-in support is needed by X3D players and tools.
>
> Interested? The Web3D Consortium X3D Working Group participates in the W3C
> Security Activity to continue taking advantage of ongoing developments.
> Member participation is welcome.
>
> ====================================================================================
>
> On 12/13/2014 7:24 PM, GLG wrote:
> > If this is a new thread, I did not see original/previous message(s).
> > Replying to Christoph here:
> >
> > My opinion is that security capabilities can be extremely important to
> all
> > countries/companies. How else can intellectual property be protected if
> > anyone wishes to do so? Not every business model can abide to open
> source.
> > There is also an inherent need for security and fraud protection for many
> > types of applications. Without the ability to fulfill  either one of
> these
> > needs, X3D would simply not be an option in many scenarios. I view world
> > encryption as essential but only a part of the solution, SSL
> > support/compatibilty has to come into play for real protection. Lauren,
> >
> > -----Original Message-----
> > From: X3D-Public [mailto:x3d-public-bounces at web3d.org] On Behalf Of
> > Christoph Valentin
> > Sent: Saturday, December 13, 2014 4:41 AM
> > To: Don Brutzman
> > Cc: Web3D Consortium Members; X3D Graphics public mailing list
> > Subject: Re: [X3D-Public] X3D Security capabilities and needs
> >
> >>> Feedback welcome. How important is this to authors and applications?
> >
> > This is just my private opinion: I think it is very important to authors
> and
> > applications.
> >
> > Reason: Rich, developed countries/companies can afford to cope with open
> > source data models, because they can make "big money" with the
> surrounding
> > services (writing books, consultants, .....), but poor, developing
> > countries/companies need to make "little money" with the help of
> protected
> > models.
> >
> > Just my private opinion, as I said. I can be wrong.
> >
> > _______________________________________________
> > X3D-Public mailing list
> > X3D-Public at web3d.org
> > http://web3d.org/mailman/listinfo/x3d-public_web3d.org
> >
>
>
> all the best, Don
> --
> Don Brutzman  Naval Postgraduate School, Code USW/Br
> brutzman at nps.edu
> Watkins 270,  MOVES Institute, Monterey CA 93943-5000 USA
> +1.831.656.2149
> X3D graphics, virtual worlds, navy robotics
> http://faculty.nps.edu/brutzman
>
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> x3d-public mailing list
> x3d-public at web3d.org
> http://web3d.org/mailman/listinfo/x3d-public_web3d.org
>
>
> ------------------------------
>
> End of x3d-public Digest, Vol 70, Issue 2
> *****************************************
>



-- 
Andreas Plesch
39 Barbara Rd.
Waltham, MA 02453
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://web3d.org/pipermail/x3d-public_web3d.org/attachments/20150103/17c1181b/attachment.html>

More information about the x3d-public mailing list