- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Tue, 12 Jan 2010 09:56:54 -0500
- To: XMLSec WG Public List <public-xmlsec@w3.org>
- Cc: Frederick Hirsch <frederick.hirsch@nokia.com>
Agenda: W3C XML Security WG (XMLSec) v2
Teleconference 12 January 2010
Distributed Meeting #53
v2 added editorial updates, xml encryption item 13
10-12:00 am Eastern Time
Information on meeting times in various time zones:
http://www.w3.org/2008/xmlsec/Group/Overview.html#phone
Zakim Bridge:
+1.617.761.6200 conference code 965732# ('XMLSEC')
IRC Chat:
irc.w3.org (port 6665), #xmlsec
Web-based IRC (member-only):
<http://cgi.w3.org/member-bin/irc/irc.cgi>
Please note that attendance of XMLSEC WG teleconferences is
restricted to registered WG participants and persons invited by the
chair.
Publication Status available at
http://www.w3.org/2008/xmlsec/wiki/PublicationStatus
Chair: Frederick Hirsch
Regrets:
see http://www.w3.org/2008/xmlsec/Group/Overview.html#upcoming-meetings
1) Administrivia: Scribe confirmation, Agenda review, Meeting
Planning, Liaisons, Announcements
1a) Scribe selection
The current scribe list is at the end of this message, will rotate
through this list.
Scribe Instructions:
http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html
1b) Agenda review
Review agenda.
1c) Meeting planning
Next call 19 January
1d) Liaisons and Coordination
See status at members page
http://www.w3.org/2008/xmlsec/Group/Overview.html#coordination
1e) Announcements
new RSA factoring record (768-bit)
http://eprint.iacr.org/2010/006.pdf (Thomas)
2) Minutes Approval
2a) Approve 5 January minutes
http://www.w3.org/2010/01/05-xmlsec-minutes.html
3) Editorial Updates
3a) Signature Properties
http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0018.html
(Frederick)
added RNG schema
http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0031.html
(Frederick)
3b) Best Practices
http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0022.html
(Frederick)
I've added a note to the Best Practices text related to RFC 3161.
Please review. See http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/#timestamp-authorities
http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0029.html
(Frederick)
3c) XML Signature 1.1
Reference updates
http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0038.html
(Frederick/Thomas)
http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0043.html
(Frederick)
3d) XML Encryption 1.1
Reference updates
http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0044.html
(Frederick)
4) Open XML Signature 1.1 Issues
ISSUE-82: Should 1.1 spec mandate support for range of RSA key sizes
(and DSA)?
ISSUE-91: ECC can't be REQUIRED
ISSUE-149: Link requirements to features
Completed with restructuring of Requirements to 1.1 and 2.0
requirements?
ISSUE-158: Add SHA-1 warnings
http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0004.html
(Cynthia)
ISSUE-166 -- RNG schema needed for Signature Properties
http://www.w3.org/2008/xmlsec/track/issues/166
ISSUE-165 -- Add note that standalone XSD file takes precedence
when there is XSD schema file, XSD snippets in document and RNG
schema - to XML Signature 1.1, Signature Properties, XML Encryption
1.1 and
Generic Hybrid Ciphers -- OPEN
Proposal: http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0017.html
(Frederick)
ISSUE-167 Unicode references
http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0032.html
fixed.
ISSUE-168 references
http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0033.html
5) Open Actions related to Last Call of XML Signature 1.1 and
SIgnature Properties
If these are completed please change status to Pending.
ACTION-421: Ed Simon to Look at the 1.1 schema
ACTION-350: Ed Simon to Propose text to align node set result
treatment for XSLT and XPath in 1.1 spec
ACTION-431: Thomas Roessler to Fix "they" in RFC2119 section
throughout all documents
ACTION-438: Shivaram Mysore to check 1.1 requirements against enc,
sig EDs
ACTION-449: Cynthia Martin to Review 1.1 bibliographies (depends on
ACTION-448)
6) XML Signature 1.1 Readiness to Enter Last Call
7) XML Signature Properties Readiness to Enter Last Call
8) Best Practices - ready for Publication Update
Review comments
http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0019.html
(Frederick)
ISSUE-156: Threat for signature from use of namespace prefixes with
corresponding unsigned namespace declarations leading to wrapping
like attacks
9) XML Security 1.1 Requirements - ready for Publication Update
ACTION-391: Gerald Edgar to See if ISSUE-131 is covered in
requirements doc
ISSUE-131 is closed.
10) XML Security 2.0 Requirements - ready for Publication Update
11) Open Issues for XML Encryption 1.1
ISSUE-165 -- Add note that standalone XSD file takes precedence when
there is XSD schema file, XSD snippets in document and RNG schema -
to XML Signature 1.1, Signature Properties, XML Encryption 1.1 and
Generic Hybrid Ciphers -- OPEN
discussed above.
ISSUE-150: Use of XML encryption type encoding in EXI
ISSUE-154: Links to references need to be updated from 2000 XML Rec
to XML 1.0 5th Edition
General review of references
12) Open issues for Generic Hybrid Ciphers
ISSUE-164 -- RNG schema needed for Generic Hybrid Ciphers -- OPEN
http://www.w3.org/2008/xmlsec/track/issues/164
ISSUE-165 -- Add note that standalone XSD file takes precedence when
there is XSD schema file, XSD snippets in document and RNG schema -
to XML Signature 1.1, Signature Properties, XML Encryption 1.1 and
Generic Hybrid Ciphers -- OPEN
discussed above.
13) XML Encryption 1.1
http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0030.html
(Magnus)
14) Action review
14a) Close Pending actions
These will be closed after the meeting unless concern raised before
or during meeting. Please review in advance of meeting.
ACTION-451: Magnus Nystrom to Review the Pratik AES-GCM proposal with
Magnus
ACTION-468: Thomas Roessler to Confirm whether optional features
require 2+ implementations or only one.
ACTION-480: Frederick Hirsch to Create issues for 2.0 from 1.1 review
ACTION-482: Thomas Roessler to Update approved minutes from 15
december, permissions and style - http://www.w3.org/2009/12/15-xmlsec-minutes.html
ACTION-483: Frederick Hirsch to Update HMAC output warning with text
from Brian: "Signatures must be deemed invalid if the truncation
length is below the larger of (a) half the underlying hash
algorithm's output length, and (b) 80 bits"
ACTION-484: Frederick Hirsch to Review Cynthia comments on best
practices, update best practices
ACTION-486: Frederick Hirsch to Update XML Signature Properties to
correct schema, add stand-alone schema file
14b) Open Action Review
Open actions are listed in Tracker at http://www.w3.org/2008/xmlsec/track/actions/open
Procedure for closing actions: http://www.w3.org/2007/xmlsec/Group/Overview.html#closing-actions
Please review open action list and update your actions appropriately:
http://www.w3.org/2008/xmlsec/actions-open.html
ACTION-412: Ed Simon to Review ISSUE-115
ISSUE-115 is closed.
ACTION-485 Thomas Roessler to Review actions assigned to Konrad and
summarize which can be closed and which need further action
15) Issue review
http://www.w3.org/2008/xmlsec/track/issues/open
16) Other Business
17) Adjourn
Scribing list
----------------
Konrad Lanz, IAIK (24 February 2009, 16 July F2F am)
Juan Carlos Cruellas, Universitat Politècnica de Catalunya (17
February 2009, 16 September 2008)
Magnus Nyström, EMC (2 June, 2009)
Bradley Hill, Invited Expert (14 July 2009)
Thomas Roessler/Ed Simon, Invited Expert (11 August 2009)
Sean Mullan, Sun (6 October 2009, 12 May 2009 F2F am)
Bruce Rich, IBM (13 October 2009, 5 May 2009)
Pratik Datta, Oracle (20 October 2009, 13 May 2009 F2F pm)
Hal Lockhart, Oracle (27 October 2009, 16 June 2009)
Shivaram Mysore, Invited Expert (6 November 2009 F2F, 23 June 2009)
Brian LaMacchia, Microsoft (6 November 2009 F2F, 13 May 2009 F2F am)
Cynthia Martin, MITRE (17 November 2009, 7 July 2009)
Scott Cantor, invited expert (24 Nov 2009, 8 Sept 2009)
Chris Solc, Adobe (8 December 2009)
John Wray, IBM (15 Dec 2009, 1 Sept 2009)
Gerald Edgar, Boeing (5 January 2010, 5 November 2009 F2F)
regards, Frederick
Frederick Hirsch, Nokia
Chair XML Security WG
Received on Tuesday, 12 January 2010 14:58:11 UTC