W3C home > Mailing lists > Public > public-xmlsec@w3.org > May 2009

Agenda: Distributed Meeting 2009-05-05 v2

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Fri, 1 May 2009 11:44:24 -0400
Message-Id: <01C2E4FD-78FE-45A3-9D39-21F88D8C3193@nokia.com>
To: XMLSec WG Public List <public-xmlsec@w3.org>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>
Agenda: W3C XML Security WG (XMLSec) v2
Teleconference 5 May 2009
Distributed Meeting #30

v2
add best practices agenda item, add Cynthia Martin to regrets and  
scribe list, update on newly published documents, minutes update, add  
xml encryption agenda item

10-12:00 am Eastern Time
Information on meeting times in various time zones:
http://www.w3.org/2008/xmlsec/Group/Overview.html#phone

Zakim Bridge:
+1.617.761.6200 conference code 965732# ('XMLSEC')
IRC Chat:
irc.w3.org (port 6665), #xmlsec
Web-based IRC (member-only):
<http://cgi.w3.org/member-bin/irc/irc.cgi>

Please note that attendance of XMLSEC WG teleconferences is restricted  
to registered WG participants and persons invited by the chair.

Roadmap and status of Draft deliverables (both editors drafts and  
latest publications) are available at
http://www.w3.org/2008/xmlsec/wiki/RoadmapandPublicationStatus

Chair: Frederick Hirsch

Regrets: Cynthia Martin

see http://www.w3.org/2008/xmlsec/Group/Overview.html#upcoming-meetings

1) Administrivia: scribe confirmation, next meeting, other

1a)  Bruce Rich is scheduled to scribe

The current scribe list is at the end of this message, will rotate  
through this list.

Scribe Instructions:
http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html

1b)   Meeting planning: weekly meetings

This WG meets weekly on Tuesdays 10-12 Eastern unless a meeting is  
cancelled.

Upcoming meeting information is available on the WG Administrative page:
http://www.w3.org/2008/xmlsec/Group/Overview.html#upcoming-meetings

Next meeting:  F2F #4: 12-13 May, 9:00-18:00 ET each day
Hosted by RSA (EMC), Bedford MA, logistics:  http://lists.w3.org/Archives/Member/member-xmlsec/2009Mar/0015.html

1c) Liaisons and Coordination

See status at members page
http://www.w3.org/2008/xmlsec/Group/Overview.html#coordination

1d) Announcements

i) Please complete F2F Registration (12-13 May) Questionnaire

http://lists.w3.org/Archives/Member/member-xmlsec/2009Mar/0017.html

ii) Signature Properties published 30 April

http://lists.w3.org/Archives/Public/public-xmlsec/2009Apr/0067.html

http://www.w3.org/TR/2009/WD-xmldsig-properties-20090430/

iii) Widget Signature LCWD published 30 April

Please review and provide comment before 1 June 2009

http://lists.w3.org/Archives/Public/public-xmlsec/2009May/0000.html

iv) SHA-1 collisions in 2^52

http://lists.w3.org/Archives/Public/public-xmlsec/2009Apr/0064.html
(Thomas)

2) Minutes Approval

Please review and indicate corrections in attendance list.

Minutes from 28 April 2009, for approval:

http://www.w3.org/2009/04/28-xmlsec-minutes.html

Add Shivaram Mysore to attendees list.

3) New issues and Editorial update status (Completed and pending)

Please remember to send note to public list when completing editing,   
indicating what has changed and associated action. Please mark action   
as pending as well.

3i) New Issue, ISSUE-117, Key Wrap (XML Encryption Syntax and
Processing Maintenance)

The description of the traditional key wrap algorithms in XML  
Encryption duplicates substantive specification material from the
normative specifications for these algorithms. That duplication of   
material should be replaced by a reference to the relevant IETF
specifications.

4) Interop Status and Planning

See wiki page

http://www.w3.org/2008/xmlsec/wiki/InteropPlanning (Frederick)

5) Algorithm URIs

http://lists.w3.org/Archives/Public/public-xmlsec/2009Apr/0062.html
(Thomas)

6) F2F Agenda review and planning

Please review F2F Agenda and note missing items or other suggestions

http://lists.w3.org/Archives/Public/public-xmlsec/2009Apr/0065.html

7) Best Practices
7a) ACTION-126: Call out local system access risks regarding XSLT
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0001.html  
(Ken)

7b) ACTION-127 trade-off between different extensibility mechanisms

request for intermediary use cases

http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0003.html  
(Thomas)

7c) Best practice on XPath Filter 2.0 preference

http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0062.html  
(Sean)

7d) Best practices review comment

http://lists.w3.org/Archives/Public/public-xmlsec/2008Oct/0030.html  
(Juan Carlos)

switch order of BP 1 and 2, rename BP 1
"Mitigate denial of service attacks by validating the references (that  
might imply potentially dangerous operations ) only after the  
verification of SignedInfo has been completed"
see current practice and comment:
http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/#denial-of-service

8) XML Encryption 1.1

8a) AES KeyWrap with padding

http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0077.html  
(Thomas)

http://lists.w3.org/Archives/Public/public-xmlsec/2009Feb/0100.html

Added to section 5.6.4 as OPTIONAL, time to revisit?
http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.htm#sec-Alg-SymmetricKeyWrap

Need to add to section 5.1 list of algorithms?
http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.htm#sec-AlgID

8b) Table of contents to one level deeper?

9) Use cases and requirements

9a) Missing byte range use case and requirements?

http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0023.html  
(Chris)

10) Action Item and Issue Review

10a) Close Pending actions

[pending review] ACTION-264: Frederick Hirsch to Make publication
request for signature properties for this thursday, 30 April - due
2009-05-05 [on ]
http://www.w3.org/2008/xmlsec/track/actions/264 (Completed by Thomas)

[pending review] ACTION-265: Thomas Roessler to Update signature
properties for publication and place in proper location - due
2009-05-05 [on ]
http://www.w3.org/2008/xmlsec/track/actions/265

10b) Open Action Review

Open actions are listed in Tracker at http://www.w3.org/2008/xmlsec/track/actions/open

Procedure for closing actions: http://www.w3.org/2007/xmlsec/Group/Overview.html#closing-actions

Please review open action list and update your actions appropriately:

http://www.w3.org/2008/xmlsec/actions-open.html

11) Issues review

http://www.w3.org/2008/xmlsec/track/issues/open

12) Other Business

13) Adjourn

Scribing  list
----------------
Cynthia Martin, MITRE ()
Bruce Rich, IBM (17 July F2F am, 21 October 2008 F2F am)
Hal Lockhart, Oracle (9 December 2008)
Phillip Hallam-Baker, Verisign (F2F 13 January 2009, am)
Shivaram Mysore, Invited Expert ( F2F 14 January 2009, pm)
Brian LaMacchia, Microsoft ( F2F 14 January 2009, pm)
Bradley Hill, Invited Expert (27 January 2009)
Sean Mullan, Sun (3 February 2009)
Pratik Datta, Oracle ( F2F 14 January 2009, pm, 10 February 2009)
Konrad Lanz, IAIK (24 February 2009, 16 July F2F am)
Juan Carlos Cruellas, Universitat Politècnica de Catalunya (17
February 2009, 16 September 2008)
Chris Solc, Adobe (3 March 2009, 20 October 2008 F2F am)
Robert Miller, MITRE (10 March 2009, 20 October 2008 F2F pm)
Magnus Nyström, EMC (17 March 2009, 11 November 2008)
Scott Cantor, invited expert (24 March 2009, 29 July 2008, 2 December
2008)
Ed Simon, Invited Expert (31 March 2009, 18 November 2008)
Gerald Edgar, Boeing (7 April 2009, F2F 13 January 2009, pm)
John Wray, IBM (21 April 2009, 16 December 2008)
Kelvin Yiu, Microsoft (28 April 2009, 21 October 2008 F2F, pm)

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG
Received on Friday, 1 May 2009 15:45:08 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:58 GMT