- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Tue, 17 Apr 2007 11:39:05 -0400
- To: XMLSec <public-xmlsec-maintwg@w3.org>
- Cc: Hirsch Frederick <frederick.hirsch@nokia.com>, ext Thomas Roessler <tlr@w3.org>
As noted on the call, our next meeting is the F2F 2-3 of May. If you have not responded to the questionnaire please do so before the end of this week. Please fill it out even if you do not plan to attend. <http://www.w3.org/2002/09/wbs/40279/xmlsecbos0705/> Thanks if you already filled it out. Please volunteer on the list to scribe at the F2F - thanks Rob for volunteering for Wed afternoon (2 May). Scribing volunteers needed: Wed morning 2 May - ? Wed afternoon 2 May - Rob Miller Thur morning 3 May - ? Thur afternoon 3 May - ? I think Tony made a good suggestion regarding the need for Test Cases to drive interop. If anyone has any that you can post to the list before the F2F that would be very helpful. It would also be useful to know at the F2F who knows now that they will be able to interop. Please review the minutes Thomas distributed. As I mentioned, one goal at the F2F is to bring any comment on Canonical XML 1.1 to XML Core as a result of the F2F, so please review Canonical XML 1.1 in advance of the F2F and please raise any comment on the public XMLSec list. If you can volunteer to give an overview of Decryption Transform please let me know. Based on the questionnaire it looks like our regular teleconference slot will be Tuesdays at 9 am Eastern (6am PT, 3pm Berlin, 13:00 UTC) since that was preferred time which everyone could live with, but there is no additional call before the F2F. Thanks regards, Frederick Frederick Hirsch Nokia On Apr 17, 2007, at 11:09 AM, ext Thomas Roessler wrote: > > Draft minutes from today's meeting are available here: > > http://www.w3.org/2007/04/17-xmlsec-minutes > > A text version is included below the .signature. > -- > Thomas Roessler, W3C <tlr@w3.org> > > > > > > [1]W3C > > - DRAFT - > > XML Sec Weekly > > 17 Apr 2007 > > [2]Agenda > > See also: [3]IRC log > > Attendees > > Present > Frederick Hirsch > Thomas Roessler > Giles Hogben > Rob Miller > Shawn Mullen > Hal Lockhart > Ed Simon > Greg Whitehead > Juan Carlos Cruellas > Anthony Nadalin > Konrad Lanz > Rich Salz > > Regrets > Chair > fjh > > Scribe > tlr > > Contents > > * [4]Topics > 1. [5]Welcome > 2. [6]charter review > 3. [7]face-to-face agenda > * [8]Summary of Action Items > _________________________________________________________________ > > Welcome > > <klanz2> dialing in > > <jcc> can you read me? > > <cgi-irc> test > > <hal> for some reason initially this channel was not listed > > <cgi-irc> test > > fjh: thanks for joinig, I'm Frederick, ... > ... thomas will scribe today, thanks ... > ... maybe do a quick round of introductions here ... > > rdm: Rob Miller, Security Engineer, MITRE, XML wrt architectural > issues > ... having fun with NSA and cross-domain solutions ... > ... would be happy to talk about that at f2f ... > > shawn: Shawn Mullen, Sun Microsystems, working on XML Sig for > past few > years, implementor > ... have implementation shipping as part of JDK, committer for > Apache ... > > EdSimon: Ed Simon, working with xmlsec which is private > consulting firm ... > ... co-author of xml signature and xml encryption specs ... > ... keen to hear how people use it, what the issues are ... > ... Invited Expert ... > > grw: Greg Whitehead, HP, architect in IDM software group, one of > original > specs' authors ... > ... shed light on carzy things that were thought back then ... > > hal: standards full-time for BEA, mostly security standards ... > ... involved with a bunch of standards that use XML Sig and Enc ... > ... you name it ... > ... main interest in follow-on work ... > ... spurious validation errors associated with DSig ... > ... maybe also tweak encryption .. > > JuanCarlosCruellas: Polytech Univ Catalunia ... > ... standardization involvement for a while ... > ... worked on XADES development around ETSI ... > ... editor during two last years (?) ... > ... involved with DSS TC @ OASIS ... > ... main interest is to cooperate in followup ... > ... on stdzation of XML security ... > ... implementation experience ... > > Nadalin: Tony Nadalin, IBM, worked with Shawn on Java > implementation of XML > Sig and Enc ... > ... WS-Security, -Trust, other specs ... > ... most interested in follow-on work ... > ... severe performance problems with Sig and Enc ... > ... large footprints, figure out what to do wrt moving forward > with this > tech ... > > klanz2: Konrad Lanz, Stiftung Secure Information Communication > Technology > (?) @ Graz University ... > ... involved in maintaining implementations ... > ... including Sig, Enc, OASIS DSS, some other Java toolkits ... > ... involved in standardization work in OASIS, DSS TC there ... > ... main interest in robustness of XML Signatures, false > negatives are > rather bad ... > > fjh: Working in security standards for some time, including > original specs, > will chair this working group ... > ... interest in having stuff converge, not have multiple > versions of things > ... > > giles: Giles Hogben, ENISA, European Network & Info Sec Agency ... > ... identity management lead there ... > ... main interest is to see work on European qualified > signatures, XADES > within roadmap ... > ... worked in the P3P working group where chaired a task force > that dealt > with XML Dsig ... > > tlr: W3C Team, main interest is to get the different communities > that have > stakes in XML Signature & friends together at one table > > fjh: agenda bashing ... > ... will talk briefly about scribing, schedule, charter, and > look at agenda > for face-to-face ... > ... do people feel anything needs to be added? > > - silence - > > fjh: scribe role will rotate, chair excused from scribing ... > ... haven't got exact mechanism down ... > ... for 2/3 May face-to-face, will need scribes for mornings and > afternoons > ... > ... if want to volunteer now, that would be helpful ... > ... if you want to select a spot now, speak up ... > > Note you can also type it into the record through IRC > > fjh: or send e-mail ... > > <rdm> I can scribe on the afternoon of May 2. > > scheduling the weekly call, first choice is 9am Eastern slot on > Tuesdays, > 10am second > > fjh: tentatively plan on that time. We won't have a call > before the > face-to-face ... > > hal: if the West Coasters are happy about it, who are we East > Coasters to > complain? > > fjh: next meeting is 8:30-5pm in Cambridge, 2/3 May > ... registration form and logistics; please fill in > registration ... > ... any concerns or questions re face-to-face? ... > > - silence - > > charter review > > [9]http://www.w3.org/2005/Security/xmlsig-charter > > <fjh> link for weekly scheduling results > [10]http://www.w3.org/2002/09/wbs/40279/xmlsecweekly/results > > <fjh> f2f registration results page > [11]http://www.w3.org/2002/09/wbs/40279/xmlsecbos0705/results > > <fjh> ballot still open for F2F, please register whether or not > you plan to > attend > > fjh: will just go through charter ... > > <klanz2> yes > > <Giles> yes > > fjh: goal is to do very limited work on the spec, and then > suggest charter > for further work ... > ... there is some other items, such as a note ... > ... basic idea is to do minimum changes, then consider next > steps ... > ... fairly short time line especially if consider interop ... > ... confidentiality: plan to do everything in public ... > ... we have an administrative list for things like sending > regrets or few > member-confidential items ... > ... use that sparingly ... > ... Frederick to chair, Thomas to team-contact ... > ... suspect 3 face-to-face meetings ... > ... first one in May, second as workshop, third @ tech plenary ... > ... 6-8 november ... > > [12]http://www.w3.org/2002/09/TPOverview.html > > scribe: need to talk about specific slots to take in that week ... > ... May 8 is conflicting wiht AC meeting; will send out e-mail > about that > ... > > fjh: background and scope has links to background material; > there's reading > list on home page as well > ... XML Sig was 1999-2002 ... > ... produced a bunch of recs ... > ... how to sign/encrypt XML and other stuff and encapsulate > results in XML > ... > ... Canonical XML to make signatures verify despite surface > changes ... > ... there's C14N 1.1 from XML Core ... > ... that work is in last call ... > ... one of the things to do is to comment on that ... > ... get feedback to them ... > > <fjh> ck klanz2 > > klanz2: to clarify, C14N 1.1 fixes xml:id and xml:base issues, > not related > to xml 1.1 > ... there's also a wiki done by konrad and Jose Kahan .. > ... will post pointer to IRC ... > > <klanz2> [13]http://esw.w3.org/topic/XML-Dsig?highlight=%28xml%29 > > <klanz2> go ahead > > fjh: useful to know, thanks > ... deliverables ... > ... two initial ones that we need to be careful with the timing ... > ... Syntax & Processing / Decryption Transform ... > ... we'll need to do interop testing on these ... > ... review of both of them ... > ... for Syntax & Processing - since this was joint effort - give > the IETF a > chance to have a last call review and have published as RFC ... > ... get on track fairly quickly at face-to-face ... > ... with XML Sig, starting with REC, move it to Proposed Edited > Rec ... > ... part of doing this is to limit the changse - no new > features, no > conformance-affecting things except for the bits that we know > of ... > ... we're shortcutting process on that one ... > ... decryption trasnform back to Working Draft, then go through > the process > ... > ... there's some work that outlines proposed changes ... > ... fold in some of the errata as well ... > > <fjh> thomas: should look at reading list and Note that Thomas > produced > indicating the changes that need to be done > > <fjh> ... this would be very useful to help those with > implementations > > <fjh> ... so we can get to interop and testing more easily and > quickly > > <fjh> ... please indicate to those in your companies doing > implementations > as soon as possible > > <fjh> ... so we can get a start on interop > > fjh: the sooner we get started on interop, the better we'll be off > ... process details to be discussed at f2f ... > ... rec track deliverables are the timing critical ones due to > review and > interop ... > ... SHOULD do a charter for further work, reach out to other > communities ... > ... MAY do a note on best practices ... > ... might be something to do without extra work ... > ... we might be able to document things as we go ... > ... but the REC track deliverables and chartering work have > priority ... > ... use wiki to document ideas and issues as we go, also as > input for > chartering ... > ... might have workshop ... > ... meetings ... > ... weekly, and face-to-faces .. > ... plan to have phone bridge in Cambridge ... > ... critical sentence in the deliverables and schedule is "early > interop > testing" ... > ... from introductions, looks like we're in good shape ... > ... please indicate who will actually participate in interop > testing ... > ... private e-mail is fine, don't want to put folks on the spot > right now > ... > ... dependencies, obviously XML Core ... > > [14]http://lists.w3.org/Archives/Member/member-xmlsec-maintwg/ > 2007Mar/0001.h > tml > > scribe: XML Core closes Last Call before our f2f, but they're > prepared to > accept late comments from us ... > ... please review C14N 1.1 before f2f ... > ... comments to share on the list? ... > ... also, things noteworthy on the wiki? If so, Konrad please > send mail ... > ... there's also XML Coordination Group ... > > fjh: uwa dependency? > > tlr: in response to member input during AC review; mostly for > charter work > > klanz2: happen to be in the XML Core WG > ... they're not particularly eager to keep C14N as a > deliverable ... > > tlr: change of rec-track deliverables requires rechartering > > <fjh> thomas: would prefer to avoid the necessary AC review to > recharter > XMLSec Maint > > tlr: would rather avoid that during the next half year ... > > fjh: external dependencies -- ietf, trying to get out as an RFC, > but attempt > not to have that as a blocking point ... > ... DSS and its future ... > ... WS-I, basic security profile and other things, future work ... > ... Liberty ... > ... there are probably others; if we should be collaborating > with other > organizations and are able to help with that, please speak up on > the list > ... > ... please cover patent policy essentials at face-to-face > > jcc: ETSI should be acknowledged ... > > tlr: charter is cast in stone, but we can put the external > relations > somewhere on the web site > ... and do that as a living document ... > > fjh: jcc to send material to list > > <Giles> Please add Xades to list > > <scribe> ACTION: Cruellas to send note on ETSI liaison to > mailing list > [recorded in [15]http://www.w3.org/2007/04/17-xmlsec- > minutes.html#action02] > > <trackbot-ng> Created ACTION-2 - Send note on ETSI liaison to > mailing list > [on Juan Carlos Cruellas - due 2007-04-24]. > > face-to-face agenda > > <Giles> action on Xades too? > > [16]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/ > 2007Apr/0006.h > tml > > <tlr> Giles, the ETSI liaison is supposed to be about XADES, I > think. > > <Giles> Oh OK sorry > > fjh: think there needs to be additional item about interop ... > ... propose adding something on that ... > ... will start setup at 8:30 .. > ... will start 9am sharp ... > ... scribe volunteers please speak up on list ... > ... note that scribing at f2f has its benefits ... > ... going through inidividual points of agenda ... > ... need somebody to do c14n 1.1 overview ... > ... will talk to people this week about who is to do that ... > ... people on their own for lunch, there's good stuff very > close ... > ... use C14N 1.1 for review? ... > ... if people have comments, please post to list ... > ... need a taker for decryption transform ... > ... if you want to talk about it, please speak up this week ... > ... thursday, setup at 8:30, start 9 sharp... > ... attendance on both days? > > tlr: people indicated they'll join for *both* days > > fjh: interop important ... > ... issues and implementation experience ... > ... quick soundbites on issues and implementations ... > ... 1h total? > ... comments? > ... after lunch, future steps ... > ... charter, best practices; there are some editor / tooling / > mechanics > questions ... > ... having raced through the agenda ... > ... any comments? > > ??: sounds fine > > Tony: sounds good > ... come up with somethig that we want to test > ... use case / scenario ... > > fjh: can people contribute in advance? > ... to have better use of our time ... > ... aob? > > EdSimon: next meeting next week? > > fjh: tentatively had scheduled it ... > ... then cancelled. ... > ... next meeting will be the face-to-face ... > ... from then on, 9-10 Eastern every Tuesday after that, apart > of 8 May ... > ... we'll confirm at f2f ... > > meeting adjourned > > <klanz2> thank you, bye > > Summary of Action Items > > [NEW] ACTION: Cruellas to send note on ETSI liaison to > mailing list > [recorded in [17]http://www.w3.org/2007/04/17-xmlsec- > minutes.html#action02] > > [End of minutes] > _________________________________________________________________ > > > Minutes formatted by David Booth's [18]scribe.perl version > 1.128 ([19]CVS > log) > $Date: 2007/04/17 15:07:48 $ > > References > > 1. http://www.w3.org/ > 2. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/ > 2007Apr/0001.html > 3. http://www.w3.org/2007/04/17-xmlsec-irc > 4. file://localhost/home/roessler/W3C/WWW/2007/04/17-xmlsec- > minutes.html#agenda > 5. file://localhost/home/roessler/W3C/WWW/2007/04/17-xmlsec- > minutes.html#item01 > 6. file://localhost/home/roessler/W3C/WWW/2007/04/17-xmlsec- > minutes.html#item02 > 7. file://localhost/home/roessler/W3C/WWW/2007/04/17-xmlsec- > minutes.html#item03 > 8. file://localhost/home/roessler/W3C/WWW/2007/04/17-xmlsec- > minutes.html#ActionSummary > 9. http://www.w3.org/2005/Security/xmlsig-charter > 10. http://www.w3.org/2002/09/wbs/40279/xmlsecweekly/results > 11. http://www.w3.org/2002/09/wbs/40279/xmlsecbos0705/results > 12. http://www.w3.org/2002/09/TPOverview.html > 13. http://esw.w3.org/topic/XML-Dsig?highlight=%28xml%29 > 14. http://lists.w3.org/Archives/Member/member-xmlsec-maintwg/ > 2007Mar/0001.html > 15. http://www.w3.org/2007/04/17-xmlsec-minutes.html#action02 > 16. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/ > 2007Apr/0006.html > 17. http://www.w3.org/2007/04/17-xmlsec-minutes.html#action02 > 18. http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm > 19. http://dev.w3.org/cvsweb/2002/scribe/ >
Received on Tuesday, 17 April 2007 15:39:35 UTC