W3C home > Mailing lists > Public > public-xmlsec-maintwg@w3.org > April 2007

Draft Minutes: XML Sec Maint WG weekly 2007-04-17

From: Thomas Roessler <tlr@w3.org>
Date: Tue, 17 Apr 2007 17:09:37 +0200
To: public-xmlsec-maintwg@w3.org
Message-ID: <20070417150937.GA19093@raktajino.does-not-exist.org>

Draft minutes from today's meeting are available here:
 
  http://www.w3.org/2007/04/17-xmlsec-minutes

A text version is included below the .signature.
-- 
Thomas Roessler, W3C  <tlr@w3.org>





   [1]W3C 

                                   - DRAFT -

                                XML Sec Weekly

17 Apr 2007

   [2]Agenda

   See also: [3]IRC log

Attendees

   Present
          Frederick Hirsch
          Thomas Roessler
          Giles Hogben
          Rob Miller
          Shawn Mullen
          Hal Lockhart
          Ed Simon
          Greg Whitehead
          Juan Carlos Cruellas
          Anthony Nadalin
          Konrad Lanz
          Rich Salz

   Regrets
   Chair
          fjh

   Scribe
          tlr

Contents

     * [4]Topics
         1. [5]Welcome
         2. [6]charter review
         3. [7]face-to-face agenda
     * [8]Summary of Action Items
     _________________________________________________________________

Welcome

   <klanz2> dialing in

   <jcc> can you read me?

   <cgi-irc> test

   <hal> for some reason initially this channel was not listed

   <cgi-irc> test

   fjh: thanks for joinig, I'm Frederick, ...
   ... thomas will scribe today, thanks ...
   ... maybe do a quick round of introductions here ...

   rdm: Rob Miller, Security Engineer, MITRE, XML wrt architectural issues
   ... having fun with NSA and cross-domain solutions ...
   ... would be happy to talk about that at f2f ...

   shawn: Shawn Mullen, Sun Microsystems, working on XML Sig for past few
   years, implementor
   ... have implementation shipping as part of JDK, committer for Apache ...

   EdSimon: Ed Simon, working with xmlsec which is private consulting firm ...
   ... co-author of xml signature and xml encryption specs ...
   ... keen to hear how people use it, what the issues are ...
   ... Invited Expert ...

   grw: Greg Whitehead, HP, architect in IDM software group, one of original
   specs' authors ...
   ... shed light on carzy things that were thought back then ...

   hal: standards full-time for BEA, mostly security standards ...
   ... involved with a bunch of standards that use XML Sig and Enc ...
   ... you name it ...
   ... main interest in follow-on work ...
   ... spurious validation errors associated with DSig ...
   ... maybe also tweak encryption ..

   JuanCarlosCruellas: Polytech Univ Catalunia ...
   ... standardization involvement for a while ...
   ... worked on XADES development around ETSI ...
   ... editor during two last years (?) ...
   ... involved with DSS TC @ OASIS ...
   ... main interest is to cooperate in followup ...
   ... on stdzation of XML security ...
   ... implementation experience ...

   Nadalin: Tony Nadalin, IBM, worked with Shawn on Java implementation of XML
   Sig and Enc ...
   ... WS-Security, -Trust, other specs ...
   ... most interested in follow-on work ...
   ... severe performance problems with Sig and Enc ...
   ... large footprints, figure out what to do wrt moving forward with this
   tech ...

   klanz2: Konrad Lanz, Stiftung Secure Information Communication Technology
   (?) @ Graz University ...
   ... involved in maintaining implementations ...
   ... including Sig, Enc, OASIS DSS, some other Java toolkits ...
   ... involved in standardization work in OASIS, DSS TC there ...
   ... main interest in robustness of XML Signatures, false negatives are
   rather bad ...

   fjh: Working in security standards for some time, including original specs,
   will chair this working group ...
   ... interest in having stuff converge, not have multiple versions of things
   ...

   giles: Giles Hogben, ENISA, European Network & Info Sec Agency ...
   ... identity management lead there ...
   ... main interest is to see work on European qualified signatures, XADES
   within roadmap ...
   ... worked in the P3P working group where chaired a task force that dealt
   with XML Dsig ...

   tlr: W3C Team, main interest is to get the different communities that have
   stakes in XML Signature & friends together at one table

   fjh: agenda bashing ...
   ... will talk briefly about scribing, schedule, charter, and look at agenda
   for face-to-face ...
   ... do people feel anything needs to be added?

   - silence -

   fjh: scribe role will rotate, chair excused from scribing ...
   ... haven't got exact mechanism down ...
   ... for 2/3 May face-to-face, will need scribes for mornings and afternoons
   ...
   ... if want to volunteer now, that would be helpful ...
   ... if you want to select a spot now, speak up ...

   Note you can also type it into the record through IRC

   fjh: or send e-mail ...

   <rdm> I can scribe on the afternoon of May 2.

   scheduling the weekly call, first choice is 9am Eastern slot on Tuesdays,
   10am second

   fjh:  tentatively  plan  on that time. We won't have a call before the
   face-to-face ...

   hal: if the West Coasters are happy about it, who are we East Coasters to
   complain?

   fjh: next meeting is 8:30-5pm in Cambridge, 2/3 May
   ... registration form and logistics; please fill in registration ...
   ... any concerns or questions re face-to-face? ...

   - silence -

charter review

   [9]http://www.w3.org/2005/Security/xmlsig-charter

   <fjh> link for weekly scheduling results
   [10]http://www.w3.org/2002/09/wbs/40279/xmlsecweekly/results

   <fjh> f2f registration results page
   [11]http://www.w3.org/2002/09/wbs/40279/xmlsecbos0705/results

   <fjh> ballot still open for F2F, please register whether or not you plan to
   attend

   fjh: will just go through charter ...

   <klanz2> yes

   <Giles> yes

   fjh: goal is to do very limited work on the spec, and then suggest charter
   for further work ...
   ... there is some other items, such as a note ...
   ... basic idea is to do minimum changes, then consider next steps ...
   ... fairly short time line especially if consider interop ...
   ... confidentiality: plan to do everything in public ...
   ... we have an administrative list for things like sending regrets or few
   member-confidential items ...
   ... use that sparingly ...
   ... Frederick to chair, Thomas to team-contact ...
   ... suspect 3 face-to-face meetings ...
   ... first one in May, second as workshop, third @ tech plenary ...
   ... 6-8 november ...

   [12]http://www.w3.org/2002/09/TPOverview.html

   scribe: need to talk about specific slots to take in that week ...
   ... May 8 is conflicting wiht AC meeting; will send out e-mail about that
   ...

   fjh: background and scope has links to background material; there's reading
   list on home page as well
   ... XML Sig was 1999-2002 ...
   ... produced a bunch of recs ...
   ... how to sign/encrypt XML and other stuff and encapsulate results in XML
   ...
   ... Canonical XML to make signatures verify despite surface changes ...
   ... there's C14N 1.1 from XML Core ...
   ... that work is in last call ...
   ... one of the things to do is to comment on that ...
   ... get feedback to them ...

   <fjh> ck klanz2

   klanz2: to clarify, C14N 1.1 fixes xml:id and xml:base issues, not related
   to xml 1.1
   ... there's also a wiki done by konrad and Jose Kahan ..
   ... will post pointer to IRC ...

   <klanz2> [13]http://esw.w3.org/topic/XML-Dsig?highlight=%28xml%29

   <klanz2> go ahead

   fjh: useful to know, thanks
   ... deliverables ...
   ... two initial ones that we need to be careful with the timing ...
   ... Syntax & Processing / Decryption Transform ...
   ... we'll need to do interop testing on these ...
   ... review of both of them ...
   ... for Syntax & Processing - since this was joint effort - give the IETF a
   chance to have a last call review and have published as RFC ...
   ... get on track fairly quickly at face-to-face ...
   ... with XML Sig, starting with REC, move it to Proposed Edited Rec ...
   ...  part  of doing this is to limit the changse - no new features, no
   conformance-affecting things except for the bits that we know of ...
   ... we're shortcutting process on that one ...
   ... decryption trasnform back to Working Draft, then go through the process
   ...
   ... there's some work that outlines proposed changes ...
   ... fold in some of the errata as well ...

   <fjh> thomas: should look at reading list and Note that Thomas produced
   indicating the changes that need to be done

   <fjh> ... this would be very useful to help those with implementations

   <fjh> ... so we can get to interop and testing more easily and quickly

   <fjh> ... please indicate to those in your companies doing implementations
   as soon as possible

   <fjh> ... so we can get a start on interop

   fjh: the sooner we get started on interop, the better we'll be off
   ... process details to be discussed at f2f ...
   ... rec track deliverables are the timing critical ones due to review and
   interop ...
   ... SHOULD do a charter for further work, reach out to other communities ...
   ... MAY do a note on best practices ...
   ... might be something to do without extra work ...
   ... we might be able to document things as we go ...
   ... but the REC track deliverables and chartering work have priority ...
   ...  use wiki to document ideas and issues as we go, also as input for
   chartering ...
   ... might have workshop ...
   ... meetings ...
   ... weekly, and face-to-faces ..
   ... plan to have phone bridge in Cambridge ...
   ... critical sentence in the deliverables and schedule is "early interop
   testing" ...
   ... from introductions, looks like we're in good shape ...
   ... please indicate who will actually participate in interop testing ...
   ... private e-mail is fine, don't want to put folks on the spot right now
   ...
   ... dependencies, obviously XML Core ...

   [14]http://lists.w3.org/Archives/Member/member-xmlsec-maintwg/2007Mar/0001.h
   tml

   scribe: XML Core closes Last Call before our f2f, but they're prepared to
   accept late comments from us ...
   ... please review C14N 1.1 before f2f ...
   ... comments to share on the list? ...
   ... also, things noteworthy on the wiki? If so, Konrad please send mail ...
   ... there's also XML Coordination Group ...

   fjh: uwa dependency?

   tlr: in response to member input during AC review; mostly for charter work

   klanz2: happen to be in the XML Core WG
   ... they're not particularly eager to keep C14N as a deliverable ...

   tlr: change of rec-track deliverables requires rechartering

   <fjh> thomas: would prefer to avoid the necessary AC review to recharter
   XMLSec Maint

   tlr: would rather avoid that during the next half year ...

   fjh: external dependencies -- ietf, trying to get out as an RFC, but attempt
   not to have that as a blocking point ...
   ... DSS and its future ...
   ... WS-I, basic security profile and other things, future work ...
   ... Liberty ...
   ... there are probably others; if we should be collaborating with other
   organizations and are able to help with that, please speak up on the list
   ...
   ... please cover patent policy essentials at face-to-face

   jcc: ETSI should be acknowledged ...

   tlr:  charter  is cast in stone, but we can put the external relations
   somewhere on the web site
   ... and do that as a living document ...

   fjh: jcc to send material to list

   <Giles> Please add Xades to list

   <scribe> ACTION: Cruellas to send note on ETSI liaison to mailing list
   [recorded in [15]http://www.w3.org/2007/04/17-xmlsec-minutes.html#action02]

   <trackbot-ng> Created ACTION-2 - Send note on ETSI liaison to mailing list
   [on Juan Carlos Cruellas - due 2007-04-24].

face-to-face agenda

   <Giles> action on Xades too?

   [16]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Apr/0006.h
   tml

   <tlr> Giles, the ETSI liaison is supposed to be about XADES, I think.

   <Giles> Oh OK sorry

   fjh: think there needs to be additional item about interop ...
   ... propose adding something on that ...
   ... will start setup at 8:30 ..
   ... will start 9am sharp ...
   ... scribe volunteers please speak up on list ...
   ... note that scribing at f2f has its benefits ...
   ... going through inidividual points of agenda ...
   ... need somebody to do c14n 1.1 overview ...
   ... will talk to people this week about who is to do that ...
   ... people on their own for lunch, there's good stuff very close ...
   ... use C14N 1.1 for review? ...
   ... if people have comments, please post to list ...
   ... need a taker for decryption transform ...
   ... if you want to talk about it, please speak up this week ...
   ... thursday, setup at 8:30, start 9 sharp...
   ... attendance on both days?

   tlr: people indicated they'll join for *both* days

   fjh: interop important ...
   ... issues and implementation experience ...
   ... quick soundbites on issues and implementations ...
   ... 1h total?
   ... comments?
   ... after lunch, future steps ...
   ... charter, best practices; there are some editor / tooling / mechanics
   questions ...
   ... having raced through the agenda ...
   ... any comments?

   ??: sounds fine

   Tony: sounds good
   ... come up with somethig that we want to test
   ... use case / scenario ...

   fjh: can people contribute in advance?
   ... to have better use of our time ...
   ... aob?

   EdSimon: next meeting next week?

   fjh: tentatively had scheduled it ...
   ... then cancelled. ...
   ... next meeting will be the face-to-face ...
   ... from then on, 9-10 Eastern every Tuesday after that, apart of 8 May ...
   ... we'll confirm at f2f ...

   meeting adjourned

   <klanz2> thank you, bye

Summary of Action Items

   [NEW]  ACTION:  Cruellas  to send note on ETSI liaison to mailing list
   [recorded in [17]http://www.w3.org/2007/04/17-xmlsec-minutes.html#action02]

   [End of minutes]
     _________________________________________________________________


    Minutes formatted by David Booth's [18]scribe.perl version 1.128 ([19]CVS
    log)
    $Date: 2007/04/17 15:07:48 $

References

   1. http://www.w3.org/
   2. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Apr/0001.html
   3. http://www.w3.org/2007/04/17-xmlsec-irc
   4. file://localhost/home/roessler/W3C/WWW/2007/04/17-xmlsec-minutes.html#agenda
   5. file://localhost/home/roessler/W3C/WWW/2007/04/17-xmlsec-minutes.html#item01
   6. file://localhost/home/roessler/W3C/WWW/2007/04/17-xmlsec-minutes.html#item02
   7. file://localhost/home/roessler/W3C/WWW/2007/04/17-xmlsec-minutes.html#item03
   8. file://localhost/home/roessler/W3C/WWW/2007/04/17-xmlsec-minutes.html#ActionSummary
   9. http://www.w3.org/2005/Security/xmlsig-charter
  10. http://www.w3.org/2002/09/wbs/40279/xmlsecweekly/results
  11. http://www.w3.org/2002/09/wbs/40279/xmlsecbos0705/results
  12. http://www.w3.org/2002/09/TPOverview.html
  13. http://esw.w3.org/topic/XML-Dsig?highlight=%28xml%29
  14. http://lists.w3.org/Archives/Member/member-xmlsec-maintwg/2007Mar/0001.html
  15. http://www.w3.org/2007/04/17-xmlsec-minutes.html#action02
  16. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Apr/0006.html
  17. http://www.w3.org/2007/04/17-xmlsec-minutes.html#action02
  18. http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
  19. http://dev.w3.org/cvsweb/2002/scribe/
Received on Tuesday, 17 April 2007 15:09:41 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:21:59 GMT