Agenda: Distributed meeting 2008-11-11 v2 from Frederick Hirsch on 2008-11-10 (public-xmlsec@w3.org from November 2008)

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Mon, 10 Nov 2008 11:30:23 -0500
To: XMLSec WG Public List <public-xmlsec@w3.org>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>
Message-Id: <618A16EA-7968-43E9-8B08-09488C9017CD@nokia.com>
Agenda: W3C XML Security WG (XMLSec)  v2
Teleconference 11 November  2008
Distributed Meeting #11

v2 add item re publication of Best Practices and examples, link to  
Kelvin's algorithm email, additional thread on cert encoding, comment  
on derived data requirement, comment on derived key types, additional  
liaison information

10-12:00 am Eastern Time
Information on meeting times in various time zones:
http://www.w3.org/2008/xmlsec/Group/Overview.html#phone

Zakim Bridge:
+1.617.761.6200 conference code 965732# ('XMLSEC')
IRC Chat:
irc.w3.org (port 6665), #xmlsec
Web-based IRC (member-only):
<http://cgi.w3.org/member-bin/irc/irc.cgi>

Please note that attendance of XMLSEC WG teleconferences is restricted  
to registered WG participants and persons invited by the chair.

Chair: Frederick Hirsch

Regrets: Thomas Roessler

see http://www.w3.org/2008/xmlsec/Group/Overview.html#upcoming-meetings

1) Administrivia: scribe confirmation, next meeting, other

1a)  Magnus Nyström is scheduled to scribe

The current scribe list is at the end of this message, will rotate  
through this list.

Scribe Instructions:
http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html

1b)   Meeting planning: weekly meetings

This WG meets weekly on Tuesdays 10-12 Eastern unless a meeting is  
cancelled.

Upcoming meeting information is available on the WG Administrative page:
http://www.w3.org/2008/xmlsec/Group/Overview.html#upcoming-meetings

25 November, 23 December, 30 December 2008 Teleconferences have been  
cancelled

Next meeting 18 November, Ed Simon is scheduled to scribe.

1c) Liaisons and Coordination

See status at members page
http://www.w3.org/2008/xmlsec/Group/Overview.html#coordination

Added WS-Federation, JSR 105/106. Updated links to OASIS Public Pages  
(Frederick)

WS-Federation
http://lists.w3.org/Archives/Member/member-xmlsec/2008Nov/0011.html  
(Frederick, member only)

2) Minutes Approval

2a)  (Updated) Minutes from F2F 20-21 October  2008  for approval:

Please review the minutes which incorporate corrections from Frederick

http://www.w3.org/2008/10/20-xmlsec-minutes

http://www.w3.org/2008/10/21-xmlsec-minutes

2b) Minutes from 4 November 2008 for approval:

http://www.w3.org/2008/11/04-xmlsec-minutes

3) Best Practices Publication

Potentially delayed to 14 November.

http://lists.w3.org/Archives/Member/member-xmlsec/2008Nov/0012.html  
(Thomas, member only)

Agree to publish examples linked from document?

4) v1.1 Roadmap

Review and comments on v1.1 Roadmap

http://www.w3.org/2008/xmlsec/Drafts/roadmap/roadmap.html

Comments
- Only Recommend for ECC (not MUST), to avoid IPR issues?, SHA2 a  
MUST...
"SHA2 + RSA" and "EC-based signature algorithms",

- Transform simplification should be on v2.0 roadmap, not 1.1

5) Algorithms for v1.1

5a) Algorithm issues

http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0018.html  
(Kelvin)

5b) DTDs
  New Issue: Requirement for DTD definition for XML Signature in v1.1,  
v.next

http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0008.html  
(Frederick)

6) Requirements

6a) Certificates and DER encoding

"certificates SHOULD be DER encoded ... and implementations MAY issue  
an error if an encoding other than DER is encountered"
http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0009.html  
(Konrad)

DER required for Cert extensions, but CA chooses encoding
http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0010.html  
(Magnus)

important to note CA is third party and chooses encoding, so do not  
mandate DER
http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0011.html  
(John Wray)

http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0013.html  
(Scott)

http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0015.html  
(Scott)

http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0019.html  
(Magnus)

6b) Long Term Signatures

http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0006.html  
(Juan Carlos)

6c) Derived Data

http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0007.html  
(Konrad)

http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0016.html  
(Frederick)


6d) Derived Key Types

http://lists.w3.org/Archives/Public/public-xmlsec/2008Aug/0064.html  
(Analysis, Magnus)

http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0017.html  
(Frederick)

7) Best Practices

7a) Comments from Juan Carlos

http://www.w3.org/2008/xmlsec/Drafts/best-practices/comments-bhill-jcc.html 
  (Edited document)

http://lists.w3.org/Archives/Public/public-xmlsec/2008Oct/0020.html  
(Frederick)

http://lists.w3.org/Archives/Public/public-xmlsec/2008Oct/0030.html  
(Juan Carlos)

7b) Example file and empty XPath (ISSUE-69)

http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0005.html

7c) Key length, SHA best practice

http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0003.html

8) v.next

8a) Profiling XPath for XML Schema

http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0002.html  
(from Norm Walsh, Frederick)

8b) XSL Streaming

Members only
http://lists.w3.org/Archives/Member/member-xmlsec/2008Nov/0010.html

8c) XPointer element scheme

http://www.w3.org/TR/xptr-element/ (Recommendation) (Konrad)

8d) Transform Primitives

ACTION-51: Provide proposal on list regarding transform primitives  
(draft)
http://lists.w3.org/Archives/Public/public-xmlsec/2008Oct/0000.html (1  
Oct, Konrad)

8e) Backward compatibility (Konrad)

streaming with v1
http://lists.w3.org/Archives/Public/public-xmlsec/2008Jul/0045.html

http://tools.ietf.org/html/rfc3986#section-5.1.2

8f) Namespace undeclarations

http://lists.w3.org/Archives/Member/member-xmlsec/2008Sep/0041.html  
(Konrad)

9) Action Item Review

9a) Close Pending actions

[pending review] ACTION-66: Frederick Hirsch to Follow up with xsl to  
get documents related to serialization - due 2008-09-23 [on WG- 
Coordination]
http://www.w3.org/2008/xmlsec/track/actions/66

9b) Open Action Review

Open actions are listed in Tracker at http://www.w3.org/2008/xmlsec/track/actions/open

Procedure for closing actions: http://www.w3.org/2007/xmlsec/Group/Overview.html#closing-actions

Please review open action list and update your actions appropriately:

http://www.w3.org/2008/xmlsec/actions-open.html

10) Other Business

11) Adjourn

Scribing  list (to be updated)
----------------
Magnus Nyström, EMC ()
Leonard Rosenthol, Adobe ()
Anil Saldhana, Red Hat ()
Ed Simon, Invited Expert ()
John Wray, IBM ()
Konrad Lanz, IAIK (16 July F2F am)
Hal Lockhart, Oracle (16 July F2F pm)
Scott Cantor, invited expert (29 July 2008)
Sean Mullan, Sun (12 August 2008)
Pratik Datta, Oracle (19 August 2008)
Subramanian Chidambaram, Nokia (26 August)
Brian LaMacchia, Microsoft (2 September 2008)
Bradley Hill, Invited Expert (9 September 2008)
Juan Carlos Cruellas, Universitat Politècnica de Catalunya (16  
September 2008)
Gerald Edgar, Boeing (7 October 2008)
Chris Solc, Adobe (20 October 2008 F2F am)
Robert Miller, MITRE (20 October 2008 F2F pm)
Bruce Rich, IBM (17 July F2F am, 21 October 2008 F2F am)
Kelvin Yiu, Microsoft (21 October 2008 F2F, pm)
Shivaram Mysore, Invited Expert (11 November 2008)

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG
Received on Monday, 10 November 2008 16:31:13 UTC