Agenda - Distributed Meeting 2010-06-29 from Frederick.Hirsch@nokia.com on 2010-06-28 (public-xmlsec@w3.org from June 2010)

From: <Frederick.Hirsch@nokia.com>
Date: Mon, 28 Jun 2010 20:08:18 +0200
To: <public-xmlsec@w3.org>
CC: <Frederick.Hirsch@nokia.com>
Message-ID: <909AD02F-F458-430A-9BF3-074F206822EA@nokia.com>
Agenda: W3C XML Security WG Distributed Meeting #72,  29 June  2010  Distributed Meeting

Regrets: Shivaram_Mysore

Logistics details and links to information at the bottom of this email.

1) Administrivia: Scribe confirmation, Agenda review, Meeting  Planning, Liaisons, Announcements

1a) Announcements

"Digital Signatures for Widgets" was published as  W3C Candidate Recommendation, 24 June 2010

http://www.w3.org/TR/2010/CR-widgets-digsig-20100624/

TPAC registration open (XML Security F2F 1-2 November 2010)

http://lists.w3.org/Archives/Member/member-xmlsec/2010Jun/0004.html

ACTION-592 (attendance questionnaire)

2) Minutes Approval

Approve 22 June 2010 minutes

<http://lists.w3.org/Archives/Member/member-xmlsec/2010Jun/att-0007/minutes-2010-06-22.html>

Proposed RESOLUTION: Minutes from 22 June 2010 approved.

3)   Elliptic Curve Status

No W3C Team update expected until 6 July meeting.

4) Last Call Comments

Last Call period concluded 10 June 2010.

4a) Proposal for LC-2387 resolution

http://lists.w3.org/Archives/Public/public-xmlsec/2010Jun/0003.html (Frederick Hirsch)

awaiting review from Thomas, ACTION-585

5) Canonical XML 2.0

5a) CURIEs / QNames

http://lists.w3.org/Archives/Public/public-xmlsec/2010Jun/0034.html (Scott)

http://lists.w3.org/Archives/Public/public-xmlsec/2010Jun/0040.html (Scott)

5b) Actions

ACTION-576 (Pratik)

ACTION-594 (Scott)

ACTION-597 (Pratik)

5c) URIs (prefix rewriting, ACTION-579)

Proposed text: http://lists.w3.org/Archives/Public/public-xmlsec/2010Jun/0044.html (Pratik)

http://lists.w3.org/Archives/Public/public-xmlsec/2010Jun/0050.html (Peter Saint Andre)

6) XML Signature 2.0

6a) Schema update issue

http://lists.w3.org/Archives/Public/public-xmlsec/2010Jun/0013.html (Pratik Datta)

ACTION-600 (tlr)

6b) Actions

ACTION-590 (Pratik)

ACTION-589 (Pratik)

7) Best Practices

ACTION-586, Meiko Jensen, Draft text about XPath risks for BP document

8) Test Cases and Interop

ACTION-280, 	Produce test cases for derived keys,	Magnus Nyström

ACTION-411,	Perform measurement related to transform octet conversion,	Pratik Datta

ACTION-540, 	Ask Makoto regarding implementations and interop	Frederick Hirsch

ACTION-552, 	Ask on list about interop and implemention plans for 1.1 features, including encryption and also 2.0,	Frederick Hirsch

Next steps?

9)  Action and Issue Review

9a) Close Pending actions

These will be closed after the meeting unless concern raised before  or  during meeting. Please review in advance of meeting.

ACTION-544: Pratik Datta to Review ISSUE-162, regarding Object/Manifests language and transforms

ACTION-556: Pratik Datta to Review text related to Object tag for consistency with 2.0 model

ACTION-579: Pratik Datta to Update c14n2 with proposal from ACTION-574

ACTION-580: Pratik Datta to Review c14n 2.0 for parsing-related options; propose removal (or add octet-stream processing to 2.0)

ACTION-596: Pratik Datta to Add single xmlAncestors parameter that only supports inherit or none values to c14n2

ACTION-598: Frederick Hirsch to Close LC-2390 with resolution no action via email with scott and list.

ACTION-599: Pratik Datta to Incorporate Object tag proposal as per http://lists.w3.org/Archives/Public/public-xmlsec/2010Jun/0012.html

9b) Open Action Review

Open actions are listed in Tracker at <http://www.w3.org/2008/xmlsec/track/actions/open

Procedure for closing actions: <http://www.w3.org/2007/xmlsec/Group/Overview.html#closing-actions

Please review open action list and update your actions appropriately:

<http://www.w3.org/2008/xmlsec/actions-open.html>

ACTION-538, 	Provide proposal related to namespace wrapping attacks,	Meiko Jensen

ACTION-553, 	Contact implementers known from hmac affair	Thomas Roessler

ACTION-581, 	make proposal around IDness of attributes	Scott Cantor

9c)  Issue Review

<http://www.w3.org/2008/xmlsec/track/issues/open>

Close the following?

[OPEN] ISSUE-160 : Define URI for Canonical XML 2.0, add section to Signature 2.0 defining Canonical XML 2.0 ; on [Sig20 (XML Signature 2.0)] 
http://www.w3.org/2008/xmlsec/track/issues/160 

ISSUE-189 : RNG Schemas needed for XML Encryption 1.1 ; on [Schema -XML Signature RNG Schema] 
http://www.w3.org/2008/xmlsec/track/issues/189 

ISSUE-188 : Agreement referenced in XML Signature 1.1 but definition not clear ; on [Sig11 (XML Signature 1.1)] 
http://www.w3.org/2008/xmlsec/track/issues/188 

ISSUE-190 : Two different sha384 URIs ; on [Sig11 (XML Signature 1.1)] 
http://www.w3.org/2008/xmlsec/track/issues/190 

ISSUE-195 : Camelli a cipher ; on [Enc11 and Sig11 and Security Algorithms Summary] 
http://www.w3.org/2008/xmlsec/track/issues/195 

Discuss the following: 

 ISSUE-170 : Should we recomend signing namespaces as part of Best Practice 12 ; on [Best Practices for XML Signature] 
http://www.w3.org/2008/xmlsec/track/issues/170 

ISSUE-196 : Which URI to use for serialization parameter for XML and EXI in C14N2 ; on [C14N (Design for Canonicalization V Next)] 
http://www.w3.org/2008/xmlsec/track/issues/196 

ISSUE-200 : Which references are normative vs informative for C14N2 ; on [C14N (Design for Canonicalization V Next)] 
http://www.w3.org/2008/xmlsec/track/issues/200 

ISSUE-180 : Section 8 identifies Joseph Reagle as the contact for the XML Encryption media type. This needs to be updated, perhaps to a generic identity? ; on [Enc11 (XML Encryption 1.1)] 
http://www.w3.org/2008/xmlsec/track/issues/180 

10) Other Business

11) Adjourn

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG

Scribing  list
----------------
Bradley Hill, Invited Expert (14 July 2009)
Pratik Datta, Oracle (20 October 2009, 13 May 2009 F2F pm)
Shivaram Mysore, Invited Expert (6 November 2009 F2F, 23 June 2009)
John Wray, IBM (15 Dec 2009, 1 Sept 2009)
Sean Mullan, Sun (12 January 2010, 6 October 2009)
Chris Solc, Adobe (26 January 2010, 8 December 2009)
Hal Lockhart, Oracle (2 February 2010, 27 October 2009)
Aldrin d'Souza, EMC (9 Feb 2010)
Cynthia Martin, MITRE (2 March 2010, 17 November 2009)
Karel Wouters IBBT, (9 March 2010)
Bruce Rich, IBM (30 March 2010)
Magnus Nyström, Microsoft (27 April, 2010, 2 June, 2009)
Thomas Roessler (4 May, 2010, 20 April 2010)
Meiko Jensen (11 May, 2010)
Brian LaMacchia, Microsoft (25 May 2010, 6 November 2009 F2F)
Scott Cantor, invited expert (1 June 2010, 24 Nov 2009)
Ed Simon, Invited Expert (15 June 2010, 25 January 2010)
Gerald Edgar, Boeing (22 June 2010, 13 April 2010)

Logistics Info:

10-12:00 am Eastern Time
Information on meeting times in various time zones:
http://www.w3.org/2008/xmlsec/Group/Overview.html#phone

Zakim Bridge:
+1.617.761.6200 conference code 965732# ('XMLSEC')

IRC Chat: irc.w3.org (port 6665), #xmlsec

Web-based IRC (member-only): <http://irc.w3.org/?channels=xmlsec>

Please note that attendance of XMLSEC WG teleconferences is  
restricted  to registered WG participants and persons invited by the  
chair.

Scribe Instructions: <http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html

Liaison information: <http://www.w3.org/2008/xmlsec/Group/Overview.html#coordination

Publication Status available at <http://www.w3.org/2008/xmlsec/wiki/PublicationStatus

Roadmap at <http://www.w3.org/2008/xmlsec/wiki/Roadmap>
---
Received on Monday, 28 June 2010 18:09:05 UTC