[x3d-public] [X3D-Public] X3D Security capabilities and needs
Don Brutzman
brutzman at nps.edu
Sat Jan 3 11:11:56 PST 2015
Christoph, again thanks for your feedback a few weeks ago.
I've integrated numerous points (including yours) and added them to X3D Resources - Security.
Continued scrutiny, issues and improvements continue to be welcome in this important area.
http://www.web3d.org/x3d/content/examples/X3dResources.html#Security
====================================================================================
Security
The .x3d encoding is XML based, which means that the full power of Web Security can be applied to X3D Graphics models.
X3D Security Examples demonstrate conversions for XML Encryption and XML Signature (digital authentication)
X3D Security Examples README describes technical detail about how all this works.
X3D capabilities for model security, existing and emerging:
Multiple forms of validation are available to prevent unwanted insertions of malicious content in X3D models.
Strongly typed metadata can be inserted in any X3D model. Interchange conventions are expected to emerge with growing usage.
Security mechanisms can be applied to high levels of detail (LOD), allowing authors to protect intellectual property at high resolution for authorized users while still rendering simple unrestricted models for other users.
XML Security compatibility, specifically the XML Encryption and XML Digital Signature (authentication) Recommendations.
XML Security mechanisms can be applied to entire scenes in .x3d files (XML documents) or scene subgraphs within an .x3d file (XML fragments).
XML Security mechanisms allow declaration of relevant encryption algorithms in the envelope header.
XML Security software is broadly available and usable by international partners in any context, including Web commerce.
Data-centric security is independent of network-transport security.
W3C Efficient XML Interchange (EXI) Working Group is ensuring that XML-based data compression can be used compatibly with XML Security.
W3C Security Interest Group serves as a forum for discussion about improving standards and implementations to advance the security of the Web.
Most of these capabilities are demonstrated and formalized already. Some are working-group efforts in progress. This emerging combination of capabilities can thus be considered low risk, with high probability of full convergence eventually occurring.
X3D player and tool support for security:
X3D-Edit authoring tool.
Advanced developers can use native XML tools. Open security by design provided by XML Security is the strongest approach for international use.
Proprietary encryption tools are occasionally available. User beware: security through obscurity is not strong security.
Required support for secure url addresses using https and ssl/tls protocols are likely to be included in X3D versions 3.4 and 4.0.
TODO: better built-in support is needed by X3D players and tools.
Interested? The Web3D Consortium X3D Working Group participates in the W3C Security Activity to continue taking advantage of ongoing developments. Member participation is welcome.
====================================================================================
On 12/13/2014 7:24 PM, GLG wrote:
> If this is a new thread, I did not see original/previous message(s).
> Replying to Christoph here:
>
> My opinion is that security capabilities can be extremely important to all
> countries/companies. How else can intellectual property be protected if
> anyone wishes to do so? Not every business model can abide to open source.
> There is also an inherent need for security and fraud protection for many
> types of applications. Without the ability to fulfill either one of these
> needs, X3D would simply not be an option in many scenarios. I view world
> encryption as essential but only a part of the solution, SSL
> support/compatibilty has to come into play for real protection. Lauren,
>
> -----Original Message-----
> From: X3D-Public [mailto:x3d-public-bounces at web3d.org] On Behalf Of
> Christoph Valentin
> Sent: Saturday, December 13, 2014 4:41 AM
> To: Don Brutzman
> Cc: Web3D Consortium Members; X3D Graphics public mailing list
> Subject: Re: [X3D-Public] X3D Security capabilities and needs
>
>>> Feedback welcome. How important is this to authors and applications?
>
> This is just my private opinion: I think it is very important to authors and
> applications.
>
> Reason: Rich, developed countries/companies can afford to cope with open
> source data models, because they can make "big money" with the surrounding
> services (writing books, consultants, .....), but poor, developing
> countries/companies need to make "little money" with the help of protected
> models.
>
> Just my private opinion, as I said. I can be wrong.
>
> _______________________________________________
> X3D-Public mailing list
> X3D-Public at web3d.org
> http://web3d.org/mailman/listinfo/x3d-public_web3d.org
>
all the best, Don
--
Don Brutzman Naval Postgraduate School, Code USW/Br brutzman at nps.edu
Watkins 270, MOVES Institute, Monterey CA 93943-5000 USA +1.831.656.2149
X3D graphics, virtual worlds, navy robotics http://faculty.nps.edu/brutzman
More information about the x3d-public
mailing list