W3C home > Mailing lists > Public > public-xmlsec@w3.org > January 2009

Agenda: F2F meeting 2009-01-13/14 (v3)

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Mon, 12 Jan 2009 10:06:35 -0500
Message-Id: <1E98A118-C23D-4884-9E48-E43D067EF21C@nokia.com>
To: XMLSec WG Public List <public-xmlsec@w3.org>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, ext Taki Kamiya <tkamiya@us.fujitsu.com>, John Schneider <john.schneider@agiledelta.com>
Agenda: W3C XML Security WG (XMLSec) v3
F2F 13-14 January 2009
Oracle Conference center, Room 104, 350 Oracle Parkway, Redwood City,  
CA, USA
F2F #3

v3 added links for material associated with actions, expanded and  
updated agenda items. Separated Security 1.1 agenda items. EXI remains  
at same time. added break at 4:15 on day 1.

9-6 PT each day, arrival and setup at 8:30 am

Information on meeting times in various time zones:
http://www.w3.org/2008/xmlsec/Group/Overview.html#phone

Zakim Bridge:
+1.617.761.6200 conference code 965732# ('XMLSEC')
IRC Chat:
irc.w3.org (port 6665), #xmlsec
Web-based IRC (member-only):
<http://cgi.w3.org/member-bin/irc/irc.cgi>

F2F logistics
http://lists.w3.org/Archives/Member/member-xmlsec/2008Nov/0035.html

map and directions
http://lists.w3.org/Archives/Member/member-xmlsec/2009Jan/att-0001/00-part

Please note that attendance of XMLSEC WG teleconferences is restricted  
to registered WG participants and persons invited by the chair.

Chair: Frederick Hirsch

Attendees, Dial-in Attendees and Regrets listed on admin page at
  http://www.w3.org/2008/xmlsec/Group/Overview.html#f2f3

Tuesday 13 January

1) Welcome, Introductions, Administrivia  (9 - 9:30 am PT)

1a) Introductions as needed, Local logistics

1b) Scribe confirmation

13 January AM
13 January PM
14 January AM
14 January PM

The current scribe list is at the end of this message, will rotate  
through this list.

Scribe Instructions:
http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html

1c)   Meeting planning: weekly meetings

This WG meets weekly on Tuesdays 10-12 Eastern unless a meeting is  
cancelled.

Upcoming meeting information is available on the WG Administrative page:
http://www.w3.org/2008/xmlsec/Group/Overview.html#upcoming-meetings

20 January 2009 Teleconference cancelled
27 January 2009 Teleconference #17, 10-12 Eastern

1d) Liaisons and Coordination

See status at members page
http://www.w3.org/2008/xmlsec/Group/Overview.html#coordination

No new updates.

1e) Announcements

Verisign has joined the WG.

2) Minutes Approval

2a) Minutes from 6 January 2009 for approval:

http://www.w3.org/2009/01/06-xmlsec-minutes.html

3) Issues

XML Signature and PDF (Juan Carlos)
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0018.html

4) Editorial updates (discuss later in agenda)

4a) Update to XML Signature 1.1

http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0021.html

4b) Initial draft of XML Encryption 1.1

http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0021.html

4c) Initial draft of Security Algorithms

http://www.w3.org/2008/xmlsec/Drafts/xmlsec-algorithms/Overview.html

4d) Updated Signature Properties

http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0014.html

4e) Widgets 1.0 Digital Signature

http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0022.html

5) XML Signature 1.1   (9:30 - 10:45 am PT)

5a) XML Signature 1.1 updated

http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0021.html  
(Kelvin, Brian)

http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview_diff.htm  
(redline)

5b) Versioning text

http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0024.html  
(Thomas)

5c) SHA-1, MD5 text

http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0023.html  
(Thomas)

5d) Errata incorporation

http://www.w3.org/2008/06/xmldsigcore-errata.html

5e) RFC reference changes, separate normative and informative references

Editorial fixes (references)
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0000.html

5f) Other changes needed?

Algorithms - review and agreement
NIST re key lengths - update?
Container for OCSP in KeyInfo?

5g) Next steps

OK to publish before requirements document?
First public working draft?

6) XML Encryption 1.1

6a) Updated draft

http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0021.html  
(Kelvin)

http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview_diff.htm  
(redline)

6b) Versioning
same text as signature

6c) Errata

http://www.w3.org/Encryption/2002/12-xmlenc-errata

6d) References
same issue as signature

6e) Next steps?

First public working draft?

7) XML Security 1.1 test cases and interop

7a) Actions to draft test cases

7b) Interop planning - distributed interop?

8) Break (15 min, 10:45 - 11)

9) Algorithm Note (11:00 - 11:30)

9a) Review updated draft note of Algorithms, URIs and references for  
those algorithms

http://www.w3.org/2008/xmlsec/Drafts/xmlsec-algorithms/Overview.html

Exclusive C14N
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0012.html  
(Sean)

CMAC-AES
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0013.html  
(Phill)

9b) Next steps

First Public working draft?

10) Widget Signature review and Signature Properties  (11:30 - 12:30)

10a) Review update of Signature Properties

http://www.w3.org/2008/xmlsec/Drafts/xmldsig-properties/Overview.html

updated
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0014.html  
(Frederick)

10b) Next steps for Signature Properties?

First public working draft?

10c) Walk through latest draft of Widget Signature

http://dev.w3.org/2006/waf/widgets-digsig/

http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0022.html  
(Frederick)

Issue of DSAwithSHA256 ?
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0017.html

10d) Next steps for Widget Signature?

Profile X.509 Certs, CRL and OCSP -Web Applications WG

11) Lunch 12:30 - 1:30

12) RELAX NG Schema Note (1:30 - 1:45)

http://www.w3.org/2007/xmlsec/Drafts/xmldsig-rngschema/

Next step?

13)  XML Security 2.0 (1:45 - 3:00)

13a) Review Transform Simplification update

Add explicit "see what you sign" stage? (Frederick)

13b) Next step for Transform Simplification note

Publish First Public Working Draft?

13c) Additional streaming discussion

13d) Simple Signing next steps, requirements, PI use

requirements
http://lists.w3.org/Archives/Public/public-xmlsec/2008Oct/0032.html  
(Kelvin)

original proposal
http://lists.w3.org/Archives/Public/public-xmlsec/2008Aug/0007.html  
(Kelvin)

http://lists.w3.org/Archives/Public/public-xmlsec/2008Aug/0049.html

13e) Backward compatibility, profiles/levels, interoperability,  
extensibility mechanisms

13f) KeyInfo discussion

OCSP container?
Clarifications and other requirements?

14) Break  (15 min, 3:00 - 3:15)

15) Canonicalization simplification and next steps, QNames,Namespaces,  
Infoset (3:15 - 4:15)

Review and work through issues and technical approaches, requirements.

16) Break (4:15 - 4:30)

17) EXI Discussion (4:30 - 5:30)

Use Case review
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0025.html (Ed)

18) Review of day, new actions and agenda (5:30 - 5:45)

19) Other Business Day 1

20) Recess (6 pm)

Wednesday 14 January (9 am - 6 pm)

21) Welcome, Administrative

22) Requirements Review (9:00 - 11:00)

22a) Charter milestones
http://www.w3.org/2008/02/xmlsec-charter.html#milestones

22b)  Canonicalization Requirement discussion

http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0006.html  
(Juan Carlos)

22c) Requirements document walkthrough

http://www.w3.org/2008/xmlsec/Drafts/xmlsec-reqs/Overview.html

22d) Additional requirements - working session

List additional requirements associated with approaches taken, reflect  
1.1 and 2.0

Also list non-requirements
e.g., for discussion
"is an XML only serialization required for KeyInfo, maybe we do not  
want this requirement"

23) Break (15 min, 10:30 - 10:45)

24) Review Open Actions and Issues associated with requirements, Next  
steps for requirements (10:45 - 11:15)

Publish First Public Working Draft?

25) XML Security 2.0 Technical Discussion (11:15 - 12:30)

Additional technical discussion based on previous discussions

26) Lunch (12:30 - 1:30)

27)  Best Practices (1:30 - 2:30)

http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/ [Draft]

28a) review open issues and actions associated with best practices

ACTION-77 Update best practices document for section titles
Sean Mullan	

ACTION-103	Provide updated email on best practices issue
Juan Carlos Cruellas

ACTION-125	draft best practice around xpath filter 2	
Sean

ACTION-127	draft text on trade-off between different extensibility  
mechanisms, for BP draft,
Thomas

ISSUE-52, Rules for syntax of KeyInfo child elements should be  
unambiguous

ISSUE-56 Add references related to timestamping

ISSUE-62 Clarify best practice related to order of schema validation  
and xml security processing for 2nd Edition

ISSUE-64 How to use XML Signature for various applications, e.g. Mail,  
unstructured content

ISSUE-69 Update example file to avoid empty XPath result

28b) Comments received from public working draft?

28c) Next steps for Best Practices
Publish revision?

29) Schema and DTD for 2.0 (2:30 - 3:00)

Schema changes needed. Continue to provide DTDs?

30) Additional KeyInfo and other 2.0 technical discussion (3:00 - 4:00)

31) Action Item and Issue Review (4:00 - 4:30)

31a) Close Pending actions

http://www.w3.org/2008/xmlsec/actions-pending.html
[pending review] ACTION-113: Thomas Roessler to Suggest text re  
versioning and namespaces for XML Signature - due 2008-12-22 [on v11]
http://www.w3.org/2008/xmlsec/track/actions/113

[pending review] ACTION-129: Frederick Hirsch to Update signature  
properties based on feedback - due 2009-01-06 [on ]
http://www.w3.org/2008/xmlsec/track/actions/129

[pending review] ACTION-130: Frederick Hirsch to Create template for  
algorithm note - due 2009-01-13 [on ]
http://www.w3.org/2008/xmlsec/track/actions/130

[pending review] ACTION-136: Thomas Roessler to Propose stronger  
language on MD5 for 6.2 - due 2009-01-13 [on ]
http://www.w3.org/2008/xmlsec/track/actions/136

31b) Open Action Review

Open actions are listed in Tracker at http://www.w3.org/2008/xmlsec/track/actions/open

Procedure for closing actions: http://www.w3.org/2007/xmlsec/Group/Overview.html#closing-actions

Please review open action list and update your actions appropriately:

http://www.w3.org/2008/xmlsec/actions-open.html

32) Meeting summary, lessons learned, new issues and actions, future  
meetings and planning (4:30 - 5:15)

http://www.w3.org/2008/xmlsec/Group/Overview.html#upcoming-meetings

F2F discussion

33) Other Business (5:15 - 6:00)

34) Adjourn (6:00)

Scribing  list
----------------
Phillip Hallam-Baker, Verisign ()
Konrad Lanz, IAIK (16 July F2F am)
Pratik Datta, Oracle (19 August 2008)
Subramanian Chidambaram, Nokia (26 August)
Brian LaMacchia, Microsoft (2 September 2008)
Bradley Hill, Invited Expert (9 September 2008)
Juan Carlos Cruellas, Universitat Politècnica de Catalunya (16  
September 2008)
Gerald Edgar, Boeing (7 October 2008)
Chris Solc, Adobe (20 October 2008 F2F am)
Robert Miller, MITRE (20 October 2008 F2F pm)
Bruce Rich, IBM (17 July F2F am, 21 October 2008 F2F am)
Kelvin Yiu, Microsoft (21 October 2008 F2F, pm)
Shivaram Mysore, Invited Expert (4 November 2008)
Magnus Nyström, EMC (11 November 2008)
Ed Simon, Invited Expert (18 November 2008)
Scott Cantor, invited expert (29 July 2008, 2 December 2008)
Hal Lockhart, Oracle (9 December 2008)
John Wray, IBM (16 December 2008)
Sean Mullan, Sun (6 January 2009)

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG
Received on Monday, 12 January 2009 15:21:10 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:57 GMT