W3C

XML Security Working Group Teleconference

09 Feb 2010

Agenda

See also: IRC log

Attendees

Present
Frederick_Hirsch, Aldrin_DSouza, Brian_LaMacchia, Chris_Solc, Cynthia_Martin, Gerald_Edgar, Pratik_Datta, Scott_Cantor, Shivaram_Mysore, Juan_Carlos_Cruellas, Hal_Lockhart, Magnus_Nystrom
Regrets
Sean_Mullan, Bruce_Rich
Chair
Frederick Hirsch
Scribe
aldrin

Contents


<trackbot> Date: 09 February 2010

Administrative

+Aldrin_DSouza

<fjh> ScribeNick: aldrin

<fjh> unmute Gerald-e

<fjh> Call for Exclusions, XML Signature 1.1 and XML Signature Properties

<fjh> http://lists.w3.org/Archives/Member/member-xmlsec/2010Feb/0011.html

<fjh> Last Call Announcement

<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2010Feb/0007.html

<fjh> tlr will send announcement to ietf re last call, frederick to other external parties

<fjh> ACTION: fjh to announce last call outside w3 [recorded in http://www.w3.org/2010/02/09-xmlsec-minutes.html#action01]

<trackbot> Created ACTION-513 - Announce last call outside w3 [on Frederick Hirsch - due 2010-02-16].

<jcruella> hi everybody, just entered the call

<fjh> ACTION: tlr to remind RIM/Certicom of Last Call time period [recorded in http://www.w3.org/2010/02/09-xmlsec-minutes.html#action02]

<trackbot> Created ACTION-514 - Remind RIM/Certicom of Last Call time period [on Thomas Roessler - due 2010-02-16].

<tlr> action-514 closed

<trackbot> ACTION-514 Remind RIM/Certicom of Last Call time period closed

F2F planning

<jcruella> yes...May would be good time

<fjh> cynthia: notes we need to know who is implementing before f2f

<fjh> formal deadline is 8 wks before meeting to annoucement

<csolc> * Can't go

can't go.

<scantor> can't go

<Cynthia> I can attend if I know well in advance

<shivaram> I can't go either

<Gerald-e> unknown

<Gerald-e> approval is unknown

<bal> i think it's really going to depend on what sort of comments we get out of the LC process

<bal> or if we're in CR before the meeting and get official LC comments

<fjh> agree that depends on last call comments

<fjh> not in favor of extended phone call - does not work for various time zones

<Cynthia> People tend to multi-task on extended phone calls

<Gerald-e> +1 about mutitasking

<tlr> Well, it's a matter of self-discipline, re multitasking. People have a choice about it.

Minutes approval

<tlr> http://www.w3.org/2010/02/02-xmlsec-minutes.html

<fjh> http://lists.w3.org/Archives/Member/member-xmlsec/2010Feb/att-0013/minutes-2010-02-02.html

RESOLUTION: Minutes from 2nd Feb Approved

Editorial updates

<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2010Feb/0009.html

XML Encryption 1.1

<fjh> ISSUE-186?

<trackbot> ISSUE-186 -- What is the normative content of section 5.4.2? (PBKDF2) -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/issues/186

<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2010Feb/0013.html

<tlr> sounds good to me

<Cynthia> can we reference the schema instead

<fjh> Aldrin suggests copying material into the XML Encryption 1.1 spec

<fjh> bal asks why pkcs docs cannot be referenced

<fjh> bal notes we reference SECG

<fjh> tlr notes have used ietf references for all pkcs work to date

<fjh> tlr concerned about change control issue

<fjh> tlr notes markup is the issue

<fjh> tlr refers to w3c policy, to use w3.org namespaces unless good reason

<fjh> bal summarizes - want w3 specs to have control over xml markup/schema, while SECG is limited to algorithms

RESOLUTION: copy schema From PKCS amendment to XML Encryption 1.1

<scribe> ACTION: aldrin to propose the schema addition for issue-186 [recorded in http://www.w3.org/2010/02/09-xmlsec-minutes.html#action03]

<trackbot> Created ACTION-515 - Propose the schema addition for issue-186 [on Aldrin J D'Souza - due 2010-02-16].

<tlr> issue-510?

<trackbot> ISSUE-510 does not exist

<fjh> action-510?

<trackbot> ACTION-510 -- Pratik Datta to propose explanation of use of content vs. element in implementations -- due 2010-02-09 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/510

<fjh> issue-180?

<trackbot> ISSUE-180 -- Section 8 identifies Joseph Reagle as the contact for the XML Encryption media type. This needs to be updated, perhaps to a generic identity? -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/issues/180

<tlr> action-511 due next week

<trackbot> ACTION-511 Propose next steps on media type registration (ISSUE-180) due date now next week

Signature 2.0

<fjh> action-=502?

<fjh> action-502?

<trackbot> ACTION-502 -- Scott Cantor to propose new model for RetrievalMethod in 2.0 -- due 2010-01-26 -- PENDINGREVIEW

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/502

<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2010Feb/0006.html

<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2010Feb/0005.html

<fjh> issue-161?

<trackbot> ISSUE-161 -- Should the RetrievalMethod schema error be fixed in 2.0, see note at end of http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.htm#sec-RetrievalMethod -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/issues/161

<fjh> issue-182?

<trackbot> ISSUE-182 -- Need Retrieval Method proposal for 2.0, KeyInfo correction or continuation of original material -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/issues/182

<fjh> issue-183?

<trackbot> ISSUE-183 -- Constrain 2.0 SignedInfo canonicalization choice for 2.0 model? -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/issues/183

<fjh> two open issues, Type and URI syntax

<fjh> scott notes raw certs are issue related to Type

<fjh> scott suggests KeyInfoReference to reference key info, use RetrievalMethod for certs

<fjh> +1 to clarity of purpose

<fjh> scott proposes dropping Type

<fjh> +1 to eliminating optionality where possible

<Cynthia> +1

<fjh> revised proposal is to define new element, without Type, and retain RetrievalMethod for other uses (non KeyInfo element cases)

<fjh> tlr asks if this is 2.0, 1.1. material or elsewhere

<fjh> separate document for 1.1 is possibillity

<fjh> enter last call comment, with proposal

<fjh> +1 to last call comment for this

<fjh> would require short last call on the addition.

<fjh> scott notes this would be used in metadocuments

<fjh> scott has use case

<fjh> general group consensus on adding new element to 1.1 as last call comment

<fjh> discussion of uri, http://lists.w3.org/Archives/Public/public-xmlsec/2010Feb/0005.html

<fjh> tlr notes comments do not matter for keyinfo

<fjh> +1 same constraints in 1.1 and 2.0 version of new element

<fjh> tlr suggests saying URI is processed as a Reference, which would differ in 1.1 and 2.0

<fjh> ACTION: scantor to make last call comment and proposed change [recorded in http://www.w3.org/2010/02/09-xmlsec-minutes.html#action04]

<trackbot> Created ACTION-516 - Make last call comment and proposed change [on Scott Cantor - due 2010-02-16].

<fjh> proposed resolution: WG agrees to KeyInfoReference proposal from Scott, removing Type, allowing continued use of RetrievalMethod for other purposes, and referencing Reference for URI processing

RESOLUTION: WG agrees to KeyInfoReference proposal from Scott, removing Type, allowing continued use of RetrievalMethod for other purposes, and referencing Reference for URI processing

Signature Properties

<fjh> http://lists.w3.org/Archives/Member/member-xmlsec/2010Jan/0014.html

<fjh> http://lists.w3.org/Archives/Member/member-xmlsec/2010Jan/0015.html

<fjh> http://lists.w3.org/Archives/Member/member-xmlsec/2010Jan/0016.html

<fjh> this is another case of defining schema in W3C

<fjh> fjh notes that this is support for Widget Signatures, a different use case

<fjh> tlr suggests modifying abstract to indicate purpose of mobile code signing

<tlr> jcc: concern about overlap between xmldsig-properties and XAdES

<tlr> ... worry about adding more and more overlapping properties in the future

<fjh> It seems that XAdES addresses a clear problem that is broader, and not confused with this properties document, that is small and focused toward different case.

<tlr> tlr: perhaps call out the specific mobile code signing use case (which this is intended for) in the Abstract?

<fjh> This document defines schema for use in widget signing, without addressing the semantics or details of XAdES which is much broader.

<fjh> We also have to address the need of Widget Signature to minimize references and complexity of those references

<tlr> http://www.w3.org/TR/2010/WD-xmldsig-properties-20100204/

<fjh> we can add text to the intro referencing XAdES and noting its appropriate use, also note re mobile case in abstract

<fjh> next step, share in XMLSec WG list

<fjh> then jcc get feedback from community re this text and link to document

<fjh> ACTION: fjh to provide proposed update to Signature Properties document [recorded in http://www.w3.org/2010/02/09-xmlsec-minutes.html#action05]

<trackbot> Created ACTION-517 - Provide proposed update to Signature Properties document [on Frederick Hirsch - due 2010-02-16].

<fjh> ACTION: jcc to draft email and check with tlr regarding it before sending [recorded in http://www.w3.org/2010/02/09-xmlsec-minutes.html#action06]

<trackbot> Created ACTION-518 - Draft email and check with tlr regarding it before sending [on Juan Carlos Cruellas - due 2010-02-16].

Other Business

<fjh> jcc notes New ETSI standards for PDF signatures using XML SIgnatures

<fjh> jcc notes did not receive any use cases

<fjh> jcc CMS being used, apart from XML Forms

<Cynthia> is this the spec we are discussing: http://uri.etsi.org/01903/v1.2.2/ts_101903v010202p.pdf

<jcruella> http://stf364ms.e.ac.upc.edu/phpmyfaq/

<jcruella> faq on PAdES

<jcruella> PDF Advanced Electronic Signatures

<Cynthia> got it thanks

<tlr> http://uri.etsi.org/01903/v1.4.1/

<jcruella> http://www.etsi.org/deliver/etsi_ts/101900_101999/101903/01.04.01_60/ts_101903v010401p.pdf

<Cynthia> it works, thanks

<jcruella> bye

Summary of Action Items

[NEW] ACTION: aldrin to propose the schema addition for issue-186 [recorded in http://www.w3.org/2010/02/09-xmlsec-minutes.html#action03]
[NEW] ACTION: fjh to announce last call outside w3 [recorded in http://www.w3.org/2010/02/09-xmlsec-minutes.html#action01]
[NEW] ACTION: fjh to provide proposed update to Signature Properties document [recorded in http://www.w3.org/2010/02/09-xmlsec-minutes.html#action05]
[NEW] ACTION: jcc to draft email and check with tlr regarding it before sending [recorded in http://www.w3.org/2010/02/09-xmlsec-minutes.html#action06]
[NEW] ACTION: scantor to make last call comment and proposed change [recorded in http://www.w3.org/2010/02/09-xmlsec-minutes.html#action04]
[NEW] ACTION: tlr to remind RIM/Certicom of Last Call time period [recorded in http://www.w3.org/2010/02/09-xmlsec-minutes.html#action02]
 
[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.135 (CVS log)
$Date: 2009-03-02 03:52:20 $