W3C home > Mailing lists > Public > public-xmlsec@w3.org > January 2009

Agenda: F2F meeting 2009-01-13/14 (v3)

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Mon, 12 Jan 2009 10:06:35 -0500
Message-Id: <1E98A118-C23D-4884-9E48-E43D067EF21C@nokia.com>
To: XMLSec WG Public List <public-xmlsec@w3.org>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, ext Taki Kamiya <tkamiya@us.fujitsu.com>, John Schneider <john.schneider@agiledelta.com>
Agenda: W3C XML Security WG (XMLSec) v3
F2F 13-14 January 2009
Oracle Conference center, Room 104, 350 Oracle Parkway, Redwood City,  
F2F #3

v3 added links for material associated with actions, expanded and  
updated agenda items. Separated Security 1.1 agenda items. EXI remains  
at same time. added break at 4:15 on day 1.

9-6 PT each day, arrival and setup at 8:30 am

Information on meeting times in various time zones:

Zakim Bridge:
+1.617.761.6200 conference code 965732# ('XMLSEC')
IRC Chat:
irc.w3.org (port 6665), #xmlsec
Web-based IRC (member-only):

F2F logistics

map and directions

Please note that attendance of XMLSEC WG teleconferences is restricted  
to registered WG participants and persons invited by the chair.

Chair: Frederick Hirsch

Attendees, Dial-in Attendees and Regrets listed on admin page at

Tuesday 13 January

1) Welcome, Introductions, Administrivia  (9 - 9:30 am PT)

1a) Introductions as needed, Local logistics

1b) Scribe confirmation

13 January AM
13 January PM
14 January AM
14 January PM

The current scribe list is at the end of this message, will rotate  
through this list.

Scribe Instructions:

1c)   Meeting planning: weekly meetings

This WG meets weekly on Tuesdays 10-12 Eastern unless a meeting is  

Upcoming meeting information is available on the WG Administrative page:

20 January 2009 Teleconference cancelled
27 January 2009 Teleconference #17, 10-12 Eastern

1d) Liaisons and Coordination

See status at members page

No new updates.

1e) Announcements

Verisign has joined the WG.

2) Minutes Approval

2a) Minutes from 6 January 2009 for approval:


3) Issues

XML Signature and PDF (Juan Carlos)

4) Editorial updates (discuss later in agenda)

4a) Update to XML Signature 1.1


4b) Initial draft of XML Encryption 1.1


4c) Initial draft of Security Algorithms


4d) Updated Signature Properties


4e) Widgets 1.0 Digital Signature


5) XML Signature 1.1   (9:30 - 10:45 am PT)

5a) XML Signature 1.1 updated

(Kelvin, Brian)


5b) Versioning text


5c) SHA-1, MD5 text


5d) Errata incorporation


5e) RFC reference changes, separate normative and informative references

Editorial fixes (references)

5f) Other changes needed?

Algorithms - review and agreement
NIST re key lengths - update?
Container for OCSP in KeyInfo?

5g) Next steps

OK to publish before requirements document?
First public working draft?

6) XML Encryption 1.1

6a) Updated draft



6b) Versioning
same text as signature

6c) Errata


6d) References
same issue as signature

6e) Next steps?

First public working draft?

7) XML Security 1.1 test cases and interop

7a) Actions to draft test cases

7b) Interop planning - distributed interop?

8) Break (15 min, 10:45 - 11)

9) Algorithm Note (11:00 - 11:30)

9a) Review updated draft note of Algorithms, URIs and references for  
those algorithms


Exclusive C14N


9b) Next steps

First Public working draft?

10) Widget Signature review and Signature Properties  (11:30 - 12:30)

10a) Review update of Signature Properties



10b) Next steps for Signature Properties?

First public working draft?

10c) Walk through latest draft of Widget Signature



Issue of DSAwithSHA256 ?

10d) Next steps for Widget Signature?

Profile X.509 Certs, CRL and OCSP -Web Applications WG

11) Lunch 12:30 - 1:30

12) RELAX NG Schema Note (1:30 - 1:45)


Next step?

13)  XML Security 2.0 (1:45 - 3:00)

13a) Review Transform Simplification update

Add explicit "see what you sign" stage? (Frederick)

13b) Next step for Transform Simplification note

Publish First Public Working Draft?

13c) Additional streaming discussion

13d) Simple Signing next steps, requirements, PI use


original proposal


13e) Backward compatibility, profiles/levels, interoperability,  
extensibility mechanisms

13f) KeyInfo discussion

OCSP container?
Clarifications and other requirements?

14) Break  (15 min, 3:00 - 3:15)

15) Canonicalization simplification and next steps, QNames,Namespaces,  
Infoset (3:15 - 4:15)

Review and work through issues and technical approaches, requirements.

16) Break (4:15 - 4:30)

17) EXI Discussion (4:30 - 5:30)

Use Case review
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0025.html (Ed)

18) Review of day, new actions and agenda (5:30 - 5:45)

19) Other Business Day 1

20) Recess (6 pm)

Wednesday 14 January (9 am - 6 pm)

21) Welcome, Administrative

22) Requirements Review (9:00 - 11:00)

22a) Charter milestones

22b)  Canonicalization Requirement discussion

(Juan Carlos)

22c) Requirements document walkthrough


22d) Additional requirements - working session

List additional requirements associated with approaches taken, reflect  
1.1 and 2.0

Also list non-requirements
e.g., for discussion
"is an XML only serialization required for KeyInfo, maybe we do not  
want this requirement"

23) Break (15 min, 10:30 - 10:45)

24) Review Open Actions and Issues associated with requirements, Next  
steps for requirements (10:45 - 11:15)

Publish First Public Working Draft?

25) XML Security 2.0 Technical Discussion (11:15 - 12:30)

Additional technical discussion based on previous discussions

26) Lunch (12:30 - 1:30)

27)  Best Practices (1:30 - 2:30)

http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/ [Draft]

28a) review open issues and actions associated with best practices

ACTION-77 Update best practices document for section titles
Sean Mullan	

ACTION-103	Provide updated email on best practices issue
Juan Carlos Cruellas

ACTION-125	draft best practice around xpath filter 2	

ACTION-127	draft text on trade-off between different extensibility  
mechanisms, for BP draft,

ISSUE-52, Rules for syntax of KeyInfo child elements should be  

ISSUE-56 Add references related to timestamping

ISSUE-62 Clarify best practice related to order of schema validation  
and xml security processing for 2nd Edition

ISSUE-64 How to use XML Signature for various applications, e.g. Mail,  
unstructured content

ISSUE-69 Update example file to avoid empty XPath result

28b) Comments received from public working draft?

28c) Next steps for Best Practices
Publish revision?

29) Schema and DTD for 2.0 (2:30 - 3:00)

Schema changes needed. Continue to provide DTDs?

30) Additional KeyInfo and other 2.0 technical discussion (3:00 - 4:00)

31) Action Item and Issue Review (4:00 - 4:30)

31a) Close Pending actions

[pending review] ACTION-113: Thomas Roessler to Suggest text re  
versioning and namespaces for XML Signature - due 2008-12-22 [on v11]

[pending review] ACTION-129: Frederick Hirsch to Update signature  
properties based on feedback - due 2009-01-06 [on ]

[pending review] ACTION-130: Frederick Hirsch to Create template for  
algorithm note - due 2009-01-13 [on ]

[pending review] ACTION-136: Thomas Roessler to Propose stronger  
language on MD5 for 6.2 - due 2009-01-13 [on ]

31b) Open Action Review

Open actions are listed in Tracker at http://www.w3.org/2008/xmlsec/track/actions/open

Procedure for closing actions: http://www.w3.org/2007/xmlsec/Group/Overview.html#closing-actions

Please review open action list and update your actions appropriately:


32) Meeting summary, lessons learned, new issues and actions, future  
meetings and planning (4:30 - 5:15)


F2F discussion

33) Other Business (5:15 - 6:00)

34) Adjourn (6:00)

Scribing  list
Phillip Hallam-Baker, Verisign ()
Konrad Lanz, IAIK (16 July F2F am)
Pratik Datta, Oracle (19 August 2008)
Subramanian Chidambaram, Nokia (26 August)
Brian LaMacchia, Microsoft (2 September 2008)
Bradley Hill, Invited Expert (9 September 2008)
Juan Carlos Cruellas, Universitat Politècnica de Catalunya (16  
September 2008)
Gerald Edgar, Boeing (7 October 2008)
Chris Solc, Adobe (20 October 2008 F2F am)
Robert Miller, MITRE (20 October 2008 F2F pm)
Bruce Rich, IBM (17 July F2F am, 21 October 2008 F2F am)
Kelvin Yiu, Microsoft (21 October 2008 F2F, pm)
Shivaram Mysore, Invited Expert (4 November 2008)
Magnus Nyström, EMC (11 November 2008)
Ed Simon, Invited Expert (18 November 2008)
Scott Cantor, invited expert (29 July 2008, 2 December 2008)
Hal Lockhart, Oracle (9 December 2008)
John Wray, IBM (16 December 2008)
Sean Mullan, Sun (6 January 2009)

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG
Received on Monday, 12 January 2009 15:21:10 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:10 UTC