W3C home > Mailing lists > Public > public-xmlsec-maintwg@w3.org > July 2007

Draft minutes: XMLSEC weekly 2007-06-26

From: Thomas Roessler <tlr@w3.org>
Date: Sun, 1 Jul 2007 22:54:41 +0200
To: public-xmlsec-maintwg@w3.org
Message-ID: <20070701205441.GB31894@raktajino.does-not-exist.org>

Seems like these minutes got stuck in an interaction between Ed
waiting for a response and Frederick being away.

  http://www.w3.org/2007/06/26-xmlsec-minutes

Cheers,
-- 
Thomas Roessler, W3C  <tlr@w3.org>




   [1]W3C

                   XML Security Specifications Maintenance WG

26 Jun 2007

   [2]Agenda

   See also: [3]IRC log

Attendees

   Present
          Frederick Hirsch (fjh), Ed Simon (EdS), Thomas Roessler (tlr),
          Juan Carlos Cruellas (jcc), Sean Mullan (sean), Rob Miller,
          Konrad Lanz (klanz2), Donald Eastlake (deastl), Phill
          Hallam-Baker (PHB)

   Regrets
          None

   Chair
          Frederick Hirsch

   Scribe
          Ed Simon

Contents

     * [4]Topics
         1. [5]Administrivia: scribe confirmation, next meeting, other
         2. [6]Interop planning
         3. [7]action garbage collection
         4. [8]XML Signature Draft
     * [9]Summary of Action Items
     __________________________________________________________________


   <fjh2> Meeting: XML Security Specifications Maintenance WG Conference
   Call

   <fjh2> ScribeNick: EdS

   <fjh2> Agenda:
   [10]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/0
   078.html

Administrivia: scribe confirmation, next meeting, other

   No meeting on July 3, Hal Scribing July 10

   Please solicit position papers for meeting at VeriSign headquarters and
   indicate availability.

   XML Core OK with us updating XML Signature note.

   Resolution: Minutes of last week are approved.

   Action-26: Open

   <tlr> I have just updated the interop participation questionnaire to
   close on 30 June.

   Action-25 on Rich Salz is still open;

   fjh will contact Rich on action-25

   action-37: closed

   action-38: Closed

   jcc: Action-48 should be closed re minutes of last meeting, no change
   to doc was necessary

   Action-48: Closed

   <fjh2> action-50 open

   <tlr> ACTION-50 open, ACTION-54 closed, ACTION-55 closed

   Actions 54 and 55 are closed.

Interop planning

   fjh: should interop be open or closed?

   <klanz2> +1 to open

   fjh: is additional interop from outside wanted?

   <sean> +1

   EdS: +1

   <deastlak> I think it should be open...

   Rob Miller says +1

   Rob Miller attempting to get others involved.

   tlr +1

   tlr: we should invite XML Core as co-sponsors for interop

   <tlr> RESOLUTION: interop to be open, invite XML Core to co-sponsor

   Resolution: Interop will be open and we will attemp to co-sponsor with
   XML Core

   fjh: Phb2 confirms VeriSign will host

   tlr: 10-15 people expected.

   <klanz2> ;-)

   phb2: room confirmed for 20 people

   fjh: we need test cases for interop
   ... please respond to questionaire

   tlr: we need to collect old test cases, create new test cases
   ... need action item for test cases

   we need a point person for test cases for the WG

   <tlr> fine with me as well

   fjh: use wiki for test cases?

   <tlr> +1 to using wiki; hadn't thought of it

   klanz2: +1 to wiki, also CVS a good idea, will contribute test cases

   fjh: we should use CVS for test cases and wiki

   <tlr> ACTION: thomas to give Juan Carlos, Sean, Konrad access to
   interop web space in CVS [recorded in
   [11]http://www.w3.org/2007/06/26-xmlsec-minutes.html#action02]

   <trackbot-ng> Created ACTION-56 - Give Juan Carlos, Sean, Konrad access
   to interop web space in CVS [on Thomas Roessler - due 2007-07-03].

   <tlr> ACTION: cruellas to get us started on test cases [recorded in
   [12]http://www.w3.org/2007/06/26-xmlsec-minutes.html#action04]

   <trackbot-ng> Created ACTION-57 - Get us started on test cases [on Juan
   Carlos Cruellas - due 2007-07-03].

   fjh: juan create outline of test cases and indicate links to previous
   test cases

   klanz2: will supply unit cases
   ... will post cases to list

   fjh, klanz2, EdS: put "[InterOp-Testcase]" in subject line for posts
   related to test cases

action garbage collection

   <tlr> ACTION-52 done

   Action-52: Closed

   <fjh2>
   [13]http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec-X509Data

XML Signature Draft

   <fjh2> should" to "MAY" at end of 4.4.4

   <fjh2> reference to RFC2253 updated to RFC4515

   <fjh2> conversion of last bullet to additional text, since not
   augmentation of encoding rules

   <fjh2>
   [14]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/0
   071.html

   <fjh2> s/the string encoding rules in section 2.4/the character
   escaping rules in section 2.4/

   konrad: dname encoding is clarified as optional
   ... should say "Character-escaping" rules

   jcc: rfc4514 not restricted just to ASCII, talks of Unicode

   <jcc> one of the characters '"', '+', ',', ';', '<', '>', or '\'

   <jcc> (U+0022, U+002B, U+002C, U+003B, U+003C, U+003E, or U+005C,

   <jcc> respectively);

   jcc: 2.4 of rfc 4514

   <Zakim> tlr, you wanted to note that 2253 isn't limited to ASCII either

   rfc 2253 talks about UTF-8

   rfc 4514 deals with Unicode

   <fjh2> [15]http://www.rfc-editor.org/rfc/rfc4514.txt

   tlr: need to be compatible with various XML encodings, Konrad's
   additions make that work

   <fjh2> tlr: if receiver can process according to RFC then sender has
   some encoding flexibility

   <tlr> tlr: RFC 4514, section 2.4 gives you two ways to encode things.
   hex (which you pick if you don't know how to deal with charset) or
   utf-8 + escaping rules. Receiving party needs to be able to deal with
   both. Therefore, propose that we just stick to the current text, plus
   Konrad's proposed change.

   jcc: to send email explaining his thoughts on RFC 2253 and 4514 diffs

   tlr: string generated must comply with sec 3 of rfc 4514

   klanz2: an rfc 2253 implemenation should be happy with what we have now

   <tlr> we are talking of not even a conformance point.

   <fjh2> Consider the string as consisting of Unicode characters.

   jcc: most recent red-line is OK with him with Konrad's edit but first
   bullet (Unicode one) is of concern

   <Zakim> tlr, you wanted to suggest striking that bullet point

   tlr: agree with JCC re string "consisting of Unicode characters"

   <tlr> tlr: suggest to strike it

   <fjh2> klanz2: if talking character escaping then clearer that not hex
   encoding

   jcc and konrad agree with tlr

   <fjh2> re removing first bullet

   sean: wary of going with 4514 in addition to 2253

   back to getting rid of Unicode bullet

   <klanz2> +1 to skip first bullet

   agreed to get rid of that bullet

   back to sean's comment

   <fjh2> RESOLUTION: Remove first bullet in second bullet list in XML Sig
   4.4.4

   tlr: grammar in 2253 is broken, 4514 is fixed

   sean: what of implemenations already out there

   EdS: are we worried about legacy implementations?

   tlr: are implementations of 2253 going to be broken by 4514

   sean: hard to answer that

   EdS: if it can be broken, it will ;)

   tlr: going with 4514 and let interop flush out problems

   klanz2: asks tlr to summarize his comments on the mailing list to
   record his detailed thinking about 4514

   <scribe> ACTION: Sean to create test re rfc 2253 vs rfc 4514
   implementations [recorded in
   [16]http://www.w3.org/2007/06/26-xmlsec-minutes.html#action06]

   <trackbot-ng> Created ACTION-58 - Create test re rfc 2253 vs rfc 4514
   implementations [on Sean Mullan - due 2007-07-03].

   <fjh2> 2253 implementation able to receive

   <tlr> I think if Sean finds a "trouble" test case, that needs to go
   into the interop testing.

   <klanz2> May I propose to add 15 minutes to the call ?

   <tlr> +1 to adding 15 min

   <fjh2> eds: uniform referencing of RFC 2253 and 4514 in draft? Earlier
   section?

   <sean> +1 to adding 15 min

   <fjh2> +1 to 15 min

   <scribe> ACTION: thomas to summarize his comments on the mailing list
   to record his detailed thinking about 4514 [recorded in
   [17]http://www.w3.org/2007/06/26-xmlsec-minutes.html#action07]

   <trackbot-ng> Created ACTION-59 - Summarize his comments on the mailing
   list to record his detailed thinking about 4514 [on Thomas Roessler -
   due 2007-07-03].

   tlr: all decisions are subject to interop testing results

   resolution: wg agrees to change to rfc 4514 from rfc 2253 subject to
   interop testing

   <klanz2>
   [18]http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec-X509Data

   <tlr>
   [19]http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec-X509Data

   <klanz2> [20]http://www.w3.org/TR/xmldsig-core/#ref-LDAP-DN

   <klanz2> Update the Reference Section as well

   tlr: review wording changes to XML Sig

   sean: in section 11, need to update ref to 2253 to 4514

   tlr: that was done

   <tlr>
   [21]http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec-References

   <klanz2> It's there, there is a limit due to the speed of Light ;-)

   <klanz2> we have two more minutes

   everyone to review new version of specification -- make sure you have
   the latest version! -- and add your comments to the list and be
   prepared to approve, or debate, XML Sig at next meeting

   fjh: reversibility warning can be in best practices,

   <fjh2>
   [22]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/0
   000.html

   to make sure you have latest draft, go to top and look for "Editor's
   Draft $Date: 2007/07/01 20:53:25 $" or later time stamp

   <tlr> sorry, no

   <tlr> XML-Signature Syntax and Processing Editor's Draft $Date:
   2007/07/01 20:53:25 $

   <tlr> ,-)

   jcc: mime types not an open issue

   <klanz2> do you have a link to the errata document

   <tlr> +1 to fjh's proposal

   <tlr> ACTION: cruellas to investigate mime types vs uri for next
   meeting -due 2007-07-10 [recorded in
   [23]http://www.w3.org/2007/06/26-xmlsec-minutes.html#action09]

   <trackbot-ng> Created ACTION-60 - Investigate mime types vs uri for
   next meeting -due 2007-07-10 [on Juan Carlos Cruellas - due
   2007-07-03].

   <klanz2>
   [24]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/0
   078.html

   fjh: prefer to leave stuff on agenda to next time if we do not get it
   to it this time
   ... will need to review canonicalization revision from Konrad

   klanz2: there are some issues; more feedback potentially when interop
   starts, c14n wants to be informed of xmlsec wg status

   <tlr> juan-carlos, I think the Type vs MIMEType issue isn't one.

   fjh: will we need more time on these calls? as we move to interop, may
   not, or maybe we will

   <klanz2> 7a) changes to appendix, considered changes by JCC, did not
   consider changes by sean as I sticked as close as possible to RFC 3986
   ...

   next call on July 10

   <klanz2> ... maybe rewording may enhance readability

   <klanz2> ... unsure about the implications and impacts wehn rewording
   appendix moving away from rfc 3986

   <klanz2> ... as original mission in xml core was to stick as close as
   posssible to the rfc 3986 ...

   <klanz2> .. discussion useful .

Summary of Action Items

   ACTION-56 - Give Juan Carlos, Sean, Konrad access to interop web space
   in CVS [on Thomas Roessler - due 2007-07-03].

   ACTION-57 - Get us started on test cases [on Juan Carlos Cruellas - due
   2007-07-03].

   ACTION-58 - Create test re rfc 2253 vs rfc 4514 implementations [on
   Sean Mullan - due 2007-07-03].

   ACTION-59 - Summarize his comments on the mailing list to record his
   detailed thinking about 4514 [on Thomas Roessler - due 2007-07-03].

   ACTION-60 - Investigate mime types vs uri for next meeting -due
   2007-07-10 [on Juan Carlos Cruellas - due 2007-07-03].


   [End of minutes]
     __________________________________________________________________


    Minutes formatted by David Booth's [25]scribe.perl version 1.128
    ([26]CVS log)
    $Date: 2007/07/01 20:53:25 $

References

   1. http://www.w3.org/
   2. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/0072.html
   3. http://www.w3.org/2007/06/26-xmlsec-irc
   4. http://www.w3.org/2007/06/26-xmlsec-minutes#agenda
   5. http://www.w3.org/2007/06/26-xmlsec-minutes#item01
   6. http://www.w3.org/2007/06/26-xmlsec-minutes#item02
   7. http://www.w3.org/2007/06/26-xmlsec-minutes#item03
   8. http://www.w3.org/2007/06/26-xmlsec-minutes#item04
   9. http://www.w3.org/2007/06/26-xmlsec-minutes#ActionSummary
  10. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/0078.html
  11. http://www.w3.org/2007/06/26-xmlsec-minutes.html#action02
  12. http://www.w3.org/2007/06/26-xmlsec-minutes.html#action04
  13. http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec-X509Data
  14. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/0071.html
  15. http://www.rfc-editor.org/rfc/rfc4514.txt
  16. http://www.w3.org/2007/06/26-xmlsec-minutes.html#action06
  17. http://www.w3.org/2007/06/26-xmlsec-minutes.html#action07
  18. http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec-X509Data
  19. http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec-X509Data
  20. http://www.w3.org/TR/xmldsig-core/#ref-LDAP-DN
  21. http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec-References
  22. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/0000.html
  23. http://www.w3.org/2007/06/26-xmlsec-minutes.html#action09
  24. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/0078.html
  25. http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
  26. http://dev.w3.org/cvsweb/2002/scribe/
Received on Sunday, 1 July 2007 20:54:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:22:00 GMT