Agenda - Distributed Meeting 2010-11-16 (v2)

Agenda: W3C XML Security WG Distributed Meeting #86, 16 November  2010  Distributed Meeting

v2 update scribe list, add proposed resolutions, update on explain editorial action, update on  minutes handling, add item on exclusive c14n

Logistics details and links to information at the bottom of this email.

1) Administrivia: Scribe confirmation, Agenda review, Meeting  Planning, Liaisons, Announcements

1a) If you attended this year's TPAC meeting, the W3C created a related survey for your feedback: http://www.w3.org/2002/09/wbs/35125/tpac2010-feedback/

1b) 2011 1H publishing moratorium 13-18 May, http://lists.w3.org/Archives/Member/member-xmlsec/2010Nov/0003.html

1c) Change to draft minute publishing, http://lists.w3.org/Archives/Member/member-xmlsec/2010Nov/0025.html (Frederick)

2) Minutes Approval

Approve F2F minutes, 1-2 November 2010

http://lists.w3.org/Archives/Member/member-xmlsec/2010Nov/att-0000/minutes-2010-11-01.html

http://lists.w3.org/Archives/Member/member-xmlsec/2010Nov/att-0001/minutes-2010-11-02.html

Proposed RESOLUTION: Minutes from  F2F 1-2 November are approved.

3)  XML Signature 1.1 Last Call Status

WG agreed following resolution during F2F:

completed RESOLUTION: WG agrees to bring XML Signature 1.1 to an additional three week Last Call beginning 9 November and ending 30 November 2010 due to the addition of X509Digest element, deprecation of X509IssuerSerial, KeyInfoReference

Updated proposed resolution:

proposed RESOLUTION: The XML Security WG agrees to bring XML Signature 1.1 to an additional three week Last Call for the added X509Digest element,  deprecation of the X509IssuerSerial element, and change of attribute from URN to URI in ECKeyValue section 4.5.2.3. This Last Call will begin 18 November 2010 and end 9 December 2010.

ACTION-719, ACTION-720 tlr

Updated XML Signature 1.1 explain document, http://lists.w3.org/Archives/Public/public-xmlsec/2010Nov/0013.html (Frederick)

4) XML Encryption 1.1

4a) Updated for proposal related to EXI, ACTION-722, http://lists.w3.org/Archives/Public/public-xmlsec/2010Nov/0005.html (Frederick)

completed F2F RESOLUTION: Accept proposal in response to EXI feedback as in http://lists.w3.org/Archives/Public/public-xmlsec/2010Oct/0045.html

ACTION-721, tlr to review

4b) ACTION-697 Update PBKDF2 to recommend HMAC-SHA256

http://lists.w3.org/Archives/Public/public-xmlsec/2010Nov/0007.html (Frederick/Magnus)

4c)  Last Call resolution

proposed RESOLUTION: The XML Security WG agrees to bring XML Encryption 1.1 to an additional three week Last Call for the changed PBKDF2 schema (removed default from PRFAlgorithmIdentifierType), added recommendation to use HMAC-SHA256 with PBKDF2 instead of HMAC-SHA1, updated text regarding use of Type and MimeType with EXI, and corrections based on previous Last Call comments (LC-2420 and LC-2386). This Last Call will begin 18 November 2010 and end 9 December 2010.

Updated XML Encryption explain document, http://lists.w3.org/Archives/Public/public-xmlsec/2010Nov/0013.html (Frederick)

5) C14N2 Changes

Summary of changes decided at F2F:

http://lists.w3.org/Archives/Public/public-xmlsec/2010Nov/0006.html (Pratik)

also 

ACTION-712 - XPathAware child element of QNameAware to C14n2 [on Pratik Datta

ACTION-715 - Add content on scanning algorithm (augment to remove duplicates), and information on where to emit the namespace declaration [on Pratik Datta

Call for Consensus on removal of digest prefix rewriting in C14N2 (Frederick)
http://lists.w3.org/Archives/Public/public-xmlsec/2010Nov/0004.html

proposed RESOLUTION: remove digest based prefix rewriting from C14N2

6) Status of XPath profile actions 

ACTION-686 -- Pratik Datta to add sections on top-level expressions and predicate to XPath profile
ACTION-691 - Add security considerations section to xpath profile

ACTION-687 -- Meiko Jensen to produce top level grammar for XPath profile
ACTION-688 - Add id function at XPath top level (Meiko)
ACTION-690 - Make explicit in grammar difference of included and excluded xpath, - ExcludedXpath can select attributes and element, whereas IncludedXPath can only select elements [on Meiko Jensen

ACTION-689 - Limit to xpath profile during xml signature 2.0 generation in 2.0 mode [on Pratik Datta

ACTION-723 -- Pratik Datta to incorporate changes to XPath profile based on joint xslt/xquery F2F meeting, http://lists.w3.org/Archives/Member/member-xmlsec/2010Nov/att-0000/minutes-2010-11-01.html#item07

Next step is to agree on Last Call once changes completed.

7) XML Signature 2.0

ACTION-706 - Propose definition section text for Included/ExcludedXPath elements for XML Signature 2.0 [on Scott Cantor

ACTION-707 - Remove EnvelopedSignature from section 6.7.1, http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-20/#sec-Type-xml [on Pratik Datta

ACTION-708 - Fix typo in XML Signature 2.0 in DigestDataLength description purpose c) [on Pratik Datta

ACTION-709 - Incorporate Meiko's examples in the document - ISSUE-217 [on Pratik Datta

Status of ISSUE-43 -- Improvements to XML Signature schema? - Scott Cantor.

ACTION-710 - Add reference to XPath profile in the XML Signature 2.0 doc [on Pratik Datta

ACTION-711 - Add QnameAware elements and IDAttributes element to the examples (or check whether they're in and correct) [on Meiko Jensen

ACTION-713 - Review XML Signature 2.0 requirements, http://www.w3.org/2008/xmlsec/Drafts/xmlsec-reqs2/Overview.html [on Bruce Rich

8) Best Practices

ACTION-716 - Propose text for xpath and best practices [on Meiko Jensen

9) Performance, Testing and Interop

9a) Performance

ACTION-717 - Document the Performance improvements with 2.0 [on Pratik Datta

ACTION-718 - Create performance data draft [on Frederick Hirsch
done - see http://lists.w3.org/Archives/Public/public-xmlsec/2010Nov/0008.html (Frederick)

9b) Testing and Interop

Status and next steps

10) Exclusive C14N feedback

http://lists.w3.org/Archives/Public/public-xmlsec/2010Nov/0010.html

11)   Close Pending actions

These will be closed after the meeting unless concern raised before  or  during meeting. Please review in advance of meeting.

ACTION-621: Thomas Roessler to Propose ECC-related refactoring of spec

ACTION-647: Pratik Datta to Implement Cantor's proposed text to identify all attributes

ACTION-659: Pratik Datta to Review newTransformModel URI and does URI need correct? http://www.w3.org/2010/xmldsig2#newTransformModel in Signature 2.0

ACTION-660: Scott Cantor to Propose changes to C14N2 to support enveloped signature

ACTION-661: Pratik Datta to Summarize issue related to use of ID without DTD for discussion and resolution

ACTION-666: Thomas Roessler to Propose edits to XML Encryption examples wrt EXI response

ACTION-667: Pratik Datta to Add text regarding potential 1-pass issues to XPath document, using proposal from Meikohttp://lists.w3.org/Archives/Public/public-xmlsec/2010Sep/0013.html

ACTION-674: Scott Cantor to Update 1.1 with change for X509SerialNumber

ACTION-676: Frederick Hirsch to Discuss XPath profile roadmap with tlr

ACTION-677: Pratik Datta to Remove .. from XPath subset, http://lists.w3.org/Archives/Public/public-xmlsec/2010Oct/0010.html

ACTION-679: Pratik Datta to Update XPath profile to allow assertion to include all id references utilized by reference

ACTION-681: Frederick Hirsch to Send magnus email re running additional test cases, including ghc

ACTION-683: Frederick Hirsch to Review newTransformModel URI, ACTION-659

ACTION-693: Frederick Hirsch to Ask EMC/Aldrin about Generic Hybrid Cipher implementation at EMC

ACTION-694: Frederick Hirsch to Ask Magnus/Microsoft about Generic Hybrid Cipher implementation/interop

ACTION-697: Magnus Nystrom to Update PBKDF2 for SHA2 URI

ACTION-698: Frederick Hirsch to Check with sean on ECKeyValue

ACTION-701: Frederick Hirsch to Check with sean on status of implementations wiki

ACTION-702: Frederick Hirsch to Check with scott re interop, in particulars DEREncodedKeyValue, OCSP, KeyInfoReference

ACTION-703: Frederick Hirsch to Send cfc on resolutions

ACTION-718: Frederick Hirsch to Create performance data draft

ACTION-722: Frederick Hirsch to Update XML Encryption with proposal noted in http://lists.w3.org/Archives/Public/public-xmlsec/2010Oct/0045.html

ACTION-724: Frederick Hirsch to Update change explanation for XML Signature 1.1

ACTION-725: Frederick Hirsch to Update change explanation for XML Encryption

12) Other Business

13) Adjourn

Scribing  list
----------------
Ed Simon, Invited Expert (15 June 2010, 25 January 2010)
Pratik Datta, Oracle (27 July 2010, 20 October 2009)
Gerald Edgar, Boeing (10 August 2010, 22 June 2010, 13 April 2010)
Hal Lockhart, Oracle (17 August 2010, 2 February 2010, 27 October 2009)
Thomas Roessler (31 August 2010, 4 May, 2010, 20 April 2010)
Magnus Nyström, Microsoft (7 Sept 2010, 27 April, 2010, 2 June, 2009)
Chris Solc, Adobe (14 Sept 2010, 26 January 2010, 8 December 2009)
Shivaram Mysore, Invited Expert (28 Sept 2010, 7 Sept 2010, 6 November 2009 F2F, 23 June 2009)
Brian LaMacchia, Microsoft (19 October 2010, 25 May 2010, 6 November 2009 F2F)
Scott Cantor, invited expert (19 October 2010, 31 August 2010, 1 June 2010, 24 Nov 2009)
Cynthia Martin, MITRE (26 October 2010, 6 July 2010, 2 March 2010)
Meiko Jensen (2 November 2010 F2F,  21 Sept 2010, 11 May, 2010)
Bruce Rich, IBM (1 & 2 November 2010 F2F, 30 March 2010)

Not seen recently:
Bradley Hill, Invited Expert (14 July 2009)
John Wray, IBM (15 Dec 2009, 1 Sept 2009)
Sean Mullan, Oracle (12 January 2010, 6 October 2009)
Aldrin d'Souza, EMC (9 Feb 2010)
Karel Wouters IBBT, (9 March 2010)

Logistics Info:

10-12:00 am Eastern Time
Information on meeting times in various time zones:
http://www.w3.org/2008/xmlsec/Group/Overview.html#phone

Zakim Bridge:
+1.617.761.6200 conference code 965732# ('XMLSEC')

IRC Chat: irc.w3.org (port 6665), #xmlsec

Web-based IRC (member-only): <http://irc.w3.org/?channels=xmlsec>

Please note that attendance of XMLSEC WG teleconferences is  restricted  to registered WG participants and persons invited by the chair.

Scribe Instructions: <http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html

Liaison information: <http://www.w3.org/2008/xmlsec/Group/Overview.html#coordination

Publication Status available at <http://www.w3.org/2008/xmlsec/wiki/PublicationStatus

Roadmap at <http://www.w3.org/2008/xmlsec/wiki/Roadmap>
---
regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG

Received on Monday, 15 November 2010 16:47:47 UTC