Draft minutes: XMLSEC weekly 2007-05-15

Draft minutes from today's meetings are available here:
  http://www.w3.org/2007/05/15-xmlsec-minutes

Thanks to Juan Carlos for scribing.

Regards,
-- 
Thomas Roessler, W3C  <tlr@w3.org>






   [1]W3C 

                                   - DRAFT -

                                    XMLSEC

15 May 2007

   [2]Agenda

   See also: [3]IRC log

Attendees

   Present
          Frederick_Hirsch,  Thomas, JuanCarlosCruellas, +1.781.442.aaaa,
          SeanMullen, +1.650.380.aabb, EdSimon, +1.443.695.aacc, GregWhitehead,
          RobMiller, Hal_Lockhart, +30281039aadd, GilesHogben, +1.781.306.aaee,
          PHB, klanz2, peter_Lipp, +1.514.861.aaff, DonEastlake

   Regrets
          Donald_Eastlake, Gregory_Berezowsky

   Chair
          Frederick Hirsch

   Scribe
          Juan Carlos Cruellas

Contents

     * [4]Topics
         1. [5]Administrative
         2. [6]1a) Regrets: Donald Eastlake, Gregory Berezowsky
         3. [7]2) Review and Approval of WG minutes
         4. [8]3) Future WG Meetings
         5. [9]5) Editorial Status
         6. [10]5a) Review status of XML Signature draft
         7. [11]5b) Review status Decryption Transform draft
         8. [12]7. Workshop Planning
     * [13]Summary of Action Items
     _________________________________________________________________

   <scribe> Chair: Frederick Hirsch

   <scribe> Scribe: Juan Carlos Cruellas

   <jh> Meeting: XML Security Specifications Maintenance WG Conference Call

   <jh> Chair: Frederick Hirsch

   <scribe> Scribe: Juan Carlos Cruellas

   <scribe> Agenda:
   [14]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0025.h
   tml

   TOPIC: 1) Administrative: Scribe confirmation, Attendance, Agenda review
   (9:00 am Eastern)

Administrative

   <tlr> Scribe for next week: PHB

   <fjh> confirming next week scribe Phillp Hallman for the week after, not
   next week

   <tlr> Scribe for 29 May: Giles Hogben

   <tlr> s/Hallam/Hallam-Baker/

1a) Regrets: Donald Eastlake, Gregory Berezowsky

   <tlr> Agenda:
   [15]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0025.h
   tml

2) Review and Approval of WG minutes from face to face meeting

   <tlr>
   [16]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0012.h
   tml

   <hal> there were changes to the canonicalization. They were not in the
   minutes.

   <fjh> minutes approved

   <fjh>  ACTION: Frederick to post red-line link for C14N11 [recorded in
   [17]http://www.w3.org/2007/05/15-xmlsec-minutes.html#action02]

   <trackbot-ng>  Created  ACTION-25  - Post red-line link for C14N11 [on
   Frederick Hirsch - due 2007-05-22].

   RESOLUTION:  minutes of May 2nd 2007 and 3rd face to face meeting were
   approved

3) Future WG Meetings

   <fjh> Frederick will be out, Thomas will chair the next two meetings

4) Action Item Review

   ACTION-3: closed

   ACTION-4: closed; fjh updated the homepage.

   ACTION-5: open for finishing.

   ACTION-6: open. Konrad will complete in the next week

   ACTION-8: closed as part of the editorial update.

   ACTION-9: closed. Sent email to the list.

   <fjh>
   [18]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0022.h
   tml

   <tlr> asks Sean to pass the link of the message

   ACTION-12: open. fjh has been working on it...almost done

   ACTION-13: closed

   ACTION-15: closed; done it 2007-05-14 call.

   <fjh> the coordination group will take care of security issues. when a
   charter is created it should include security considerations and how they
   will be managed, and the coordination group would take care.

   <fjh> EdSimons: should have permanent security group to review materials?

   <tlr> it should also do errata handling ...

   <Hal> seconds the idea, and also to be in the position of receiving errata
   of security specifications

   <Ed> the group should be the place where the policies and processes are
   reviewed

   <tlr> this is a useful proposal and this could be part of the outcome to be
   produced by the group. Question to Frederick, what documentation should be
   managed in the group? only minutes or also reports?

   <fjh> we should draft a note.

   <tlr> we could capture text from minutes and generate the note.

   <fjh> the group should start indicating what the issues are and then we will
   receive indications on what to do.

   <tlr> ACTION: thomas to draft CG note draft for submission to XML CG - due
   2007-06-20 [recorded in
   [19]http://www.w3.org/2007/05/15-xmlsec-minutes.html#action03]

   <trackbot-ng> Created ACTION-26 - draft CG note draft for submission to XML
   CG [on Thomas Roessler - due 2007-06-20].

   ACTION-16: closed

   ACTION-17: open

   ACTION-18: open

   ACTION-19: open

   <klanz2> ongoing

   ACTION-20: done

   <fjh> we will indicate when we can meet when we kno. Question: When we will
   know when we will meet in November plenary?

   <tlr> in the next few months...

   ACTION-21: closed

   ACTION-22: open

   ACTION-23: proposal for qnames. Frederick was not sure of the action agreed
   during the f2f meeting on that issue but this is a timing issue ....

   <PHB> qnames should not be used as data

   qnames are prefixed or unprefixed, this makes that we must make it explicit
   that we are dealing with prefixed qnames

   <PHB> The prefix namespaces do not work within the data space

   <PHB> There is an TAG finding on the topic

   <tlr> EdSimon: Said qnames are prefixed or unprefixed; didn't talk about
   ambiguity. The concern is about prefixed qnames in data space. It's an issue
   I thought about during the last week WRT c14n

   <PHB> The point here was that there should be a note in the C14N section to
   the effect that prefixes will break, and protocols should avoid them per the
   TAG

   <tlr> hal: Don't agree that only prefixed qnames are a problem

   <fjh> asks whether this affects canonicalization

   <Greg> suggests treat as best practice

   <Zakim> tlr, you wanted to ask whether this is considered critical path for
   C14N 1.1

   <tlr>  we  should advice core group as soon as we can on the issues we
   identify

   <tlr> nah... we can always ask politely.

   <Konrad> suggests only formal objection possible now

   <fjh> speaking as self: don't think we need to do more, rather do best
   practice approach

   <EdS> proposed changes to c14n would need to be broader; rather thinking of
   C14N 2.0

   <tlr> ... don't expect resolution near-term ...

   <fjh> can we agree on that?
   ... can we agree on the best practice issue?

   RESOLUTION: we are not going to bring the qname issue to the core group but
   be part of the best practices

   <phil> sligthly more than best practices: something that has to be noted as
   property of the algorithm. It is a consequence of the XML and we should
   provide more information

   <EdS> Strongly agrees with Phill.

   <fjh> is it possible to provide more text for CN14.1?

   <tlr> we need to coordinate with core as they have been waiting for us

   <greg> I would think in a note that would be rather simple: using prefixed
   qnames  values in data then you must use the implicit namespace or the
   prefixes may not be captured, just for pointing what is not obviuos for all
   the people

   <EdS> +1 to greg

   <phil> best practices suggest that you have options, and this would not be
   the case

   <hal>  there  are  also other aspects to basic XML semantics, security
   considerations... do we want to discuss this now? is a lengthy discussion

   <fjh> this is an important topic and we have to discuss....maybe in the next
   call

   <klanz2> no syntactical means for distinguighing from other data that may
   alsoo look like prefixed names...

   <<klanz2> eg: urn:somename

   <ed> should get broader attention to this as this may not be an issue only
   on one type of canonicalization algorithm

   <phil> when applying transforms, and you use prefixed qnames, then you have
   to take into account how to deal with them..

   <EdS> Ed: qname discussion not likely to be resolved in short order; will
   likely  lead to significant discussion. Suggests capping c14n 1.1, and
   getting to work on c14n 2.0 ASAP.

   <hal> +1

   <Zakim> tlr, you wanted to note that c14N 1.1 is actually explicit

   <klanz2> +1 to tlr

   <fjh> tlr: table qname issues for now, leave C14N11 as now, future work item

   <tlr> if this is relevant, then we should include it for future work...
   leave C14n1 as it is

   <hal> agrees moving on.

   <tlr> fjh: phill, can you live with this?

   <tlr> phill: yeah *sigh*

   RESOLUTION: not to feed C14n1 on the qnames issue

   <klanz2> shall we distill some thing for the future work now from this
   discussion

   ACTION-23:> closed

   <hal> [20]http://www.w3.org/2001/tag/doc/qnameids.html

   ACTION-24:> closed

   <fjh> asks members to complete the questionnaire on interop.

5) Editorial Status

   <fjh> asks to review the editorial material circulated. Not possible to
   discuss it now

5a) Review status of XML Signature draft

5b) Review status Decryption Transform draft

   <EdS>  I  share  Phill's  sigh.  From my review of c14n 1.1, uddi c14n
   ([21]http://www.uddi.org/pubs/SchemaCentricCanonicalization-20020710.htm),
   and the qname issue, my strong initial impression is that it will be best to
   move from c14n 1.1 to c14n 2.0 ASAP.

7. Workshop Planning

   <fjh> two or three proposals for workshops?... Austria, Spain, California...

   <tlr> peterlipp: would be willing to host in Graz

   <fjh> how many days? assumed 2 or 3

   tlr mentioned typically 2

   <tlr> fjh: do we need face-to-face processing time?

   <tlr> ... any difference to the folks who would host?

   <tlr> hal: no difference to us

   <tlr> peter: no problem

   <tlr> juanCC: can do 3

   <tlr>  three months in advance it announces the workshop. Workshop not
   earlier than September.

   <fjh> people must think on time.
   ... Avoid first week of September.
   Asks Konrad if constraints existent

   <PeterLipp> only the first week of september is difficult

   <fjh> might be an advantage having in Europe for attracting European people.
   Would producing a questionnaire for getting information be a good idea?

   <tlr> Elaborating rationale for supporting one option or the other: if we
   konw that a big part of XML security community is on West Coast, that would
   be a good reason for having it there, on the other side if having it in
   Europe would attract enough European people that would be a reason for
   having it in Europe.

   <fjh> generally agreed not to have 1st week of september

   <fjh> Juan Carlos Has to make bookings in advance, has made bookings. Needs
   to know in advance, October also possible

   <tlr> make a poll on the email for the location

   <ghogben3> add October?

   <tlr> first week of October also possible.

   <Zakim> tlr, you wanted to ask for clarification

   <Hal> main relevant input coming from people that have implementation?

   <tlr> good question, discuss it through email

   <tlr>   ACTION:  thomas  to  put  up  WBS  for  known  constraints  in
   SeptembeR/October [recorded in
   [22]http://www.w3.org/2007/05/15-xmlsec-minutes.html#action04]

   <trackbot-ng>  Created ACTION-27 - Put up WBS for known constraints in
   SeptembeR/October [on Thomas Roessler - due 2007-05-22].

   <fjh> review the links in the agenda and take a look to the material linked.

   <fjh> ajourns the meeting.

   <klanz2> thanks bye

Summary of Action Items

   [NEW] ACTION: fjh to post the changes to canonicalization process [recorded
   in [23]http://www.w3.org/2007/05/15-xmlsec-minutes.html#action01]
   [NEW]  ACTION: Frederick to post red-line link for C14N11 [recorded in
   [24]http://www.w3.org/2007/05/15-xmlsec-minutes.html#action02]
   [NEW] ACTION: thomas to draft CG note draft for submission to XML CG - due
   2007-06-20 [recorded in
   [25]http://www.w3.org/2007/05/15-xmlsec-minutes.html#action03]
   [NEW]   ACTION:  thomas  to  put  up  WBS  for  known  constraints  in
   SeptembeR/October [recorded in
   [26]http://www.w3.org/2007/05/15-xmlsec-minutes.html#action04]
   [End of minutes]
     _________________________________________________________________


    Minutes formatted by David Booth's [27]scribe.perl version 1.128 ([28]CVS
    log)
    $Date: 2007/05/15 19:21:31 $

References

   1. http://www.w3.org/
   2. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0025.html
   3. http://www.w3.org/2007/05/15-xmlsec-irc
   4. file://localhost/home/roessler/W3C/WWW/2007/05/15-xmlsec-minutes.html#agenda
   5. file://localhost/home/roessler/W3C/WWW/2007/05/15-xmlsec-minutes.html#item01
   6. file://localhost/home/roessler/W3C/WWW/2007/05/15-xmlsec-minutes.html#item02
   7. file://localhost/home/roessler/W3C/WWW/2007/05/15-xmlsec-minutes.html#item03
   8. file://localhost/home/roessler/W3C/WWW/2007/05/15-xmlsec-minutes.html#item04
   9. file://localhost/home/roessler/W3C/WWW/2007/05/15-xmlsec-minutes.html#item05
  10. file://localhost/home/roessler/W3C/WWW/2007/05/15-xmlsec-minutes.html#item06
  11. file://localhost/home/roessler/W3C/WWW/2007/05/15-xmlsec-minutes.html#item07
  12. file://localhost/home/roessler/W3C/WWW/2007/05/15-xmlsec-minutes.html#item08
  13. file://localhost/home/roessler/W3C/WWW/2007/05/15-xmlsec-minutes.html#ActionSummary
  14. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0025.html
  15. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0025.html
  16. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0012.html
  17. http://www.w3.org/2007/05/15-xmlsec-minutes.html#action02
  18. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0022.html
  19. http://www.w3.org/2007/05/15-xmlsec-minutes.html#action03
  20. http://www.w3.org/2001/tag/doc/qnameids.html
  21. http://www.uddi.org/pubs/SchemaCentricCanonicalization-20020710.htm%29
  22. http://www.w3.org/2007/05/15-xmlsec-minutes.html#action04
  23. http://www.w3.org/2007/05/15-xmlsec-minutes.html#action01
  24. http://www.w3.org/2007/05/15-xmlsec-minutes.html#action02
  25. http://www.w3.org/2007/05/15-xmlsec-minutes.html#action03
  26. http://www.w3.org/2007/05/15-xmlsec-minutes.html#action04
  27. http://dev.w3.org/cvsweb/%7Echeckout%7E/2002/scribe/scribedoc.htm
  28. http://dev.w3.org/cvsweb/2002/scribe/

Received on Tuesday, 15 May 2007 19:23:11 UTC