- From: <Frederick.Hirsch@nokia.com>
- Date: Mon, 15 Nov 2010 17:46:16 +0100
- To: <public-xmlsec@w3.org>
- CC: <Frederick.Hirsch@nokia.com>
Agenda: W3C XML Security WG Distributed Meeting #86, 16 November 2010 Distributed Meeting
v2 update scribe list, add proposed resolutions, update on explain editorial action, update on minutes handling, add item on exclusive c14n
Logistics details and links to information at the bottom of this email.
1) Administrivia: Scribe confirmation, Agenda review, Meeting Planning, Liaisons, Announcements
1a) If you attended this year's TPAC meeting, the W3C created a related survey for your feedback: http://www.w3.org/2002/09/wbs/35125/tpac2010-feedback/
1b) 2011 1H publishing moratorium 13-18 May, http://lists.w3.org/Archives/Member/member-xmlsec/2010Nov/0003.html
1c) Change to draft minute publishing, http://lists.w3.org/Archives/Member/member-xmlsec/2010Nov/0025.html (Frederick)
2) Minutes Approval
Approve F2F minutes, 1-2 November 2010
http://lists.w3.org/Archives/Member/member-xmlsec/2010Nov/att-0000/minutes-2010-11-01.html
http://lists.w3.org/Archives/Member/member-xmlsec/2010Nov/att-0001/minutes-2010-11-02.html
Proposed RESOLUTION: Minutes from F2F 1-2 November are approved.
3) XML Signature 1.1 Last Call Status
WG agreed following resolution during F2F:
completed RESOLUTION: WG agrees to bring XML Signature 1.1 to an additional three week Last Call beginning 9 November and ending 30 November 2010 due to the addition of X509Digest element, deprecation of X509IssuerSerial, KeyInfoReference
Updated proposed resolution:
proposed RESOLUTION: The XML Security WG agrees to bring XML Signature 1.1 to an additional three week Last Call for the added X509Digest element, deprecation of the X509IssuerSerial element, and change of attribute from URN to URI in ECKeyValue section 4.5.2.3. This Last Call will begin 18 November 2010 and end 9 December 2010.
ACTION-719, ACTION-720 tlr
Updated XML Signature 1.1 explain document, http://lists.w3.org/Archives/Public/public-xmlsec/2010Nov/0013.html (Frederick)
4) XML Encryption 1.1
4a) Updated for proposal related to EXI, ACTION-722, http://lists.w3.org/Archives/Public/public-xmlsec/2010Nov/0005.html (Frederick)
completed F2F RESOLUTION: Accept proposal in response to EXI feedback as in http://lists.w3.org/Archives/Public/public-xmlsec/2010Oct/0045.html
ACTION-721, tlr to review
4b) ACTION-697 Update PBKDF2 to recommend HMAC-SHA256
http://lists.w3.org/Archives/Public/public-xmlsec/2010Nov/0007.html (Frederick/Magnus)
4c) Last Call resolution
proposed RESOLUTION: The XML Security WG agrees to bring XML Encryption 1.1 to an additional three week Last Call for the changed PBKDF2 schema (removed default from PRFAlgorithmIdentifierType), added recommendation to use HMAC-SHA256 with PBKDF2 instead of HMAC-SHA1, updated text regarding use of Type and MimeType with EXI, and corrections based on previous Last Call comments (LC-2420 and LC-2386). This Last Call will begin 18 November 2010 and end 9 December 2010.
Updated XML Encryption explain document, http://lists.w3.org/Archives/Public/public-xmlsec/2010Nov/0013.html (Frederick)
5) C14N2 Changes
Summary of changes decided at F2F:
http://lists.w3.org/Archives/Public/public-xmlsec/2010Nov/0006.html (Pratik)
also
ACTION-712 - XPathAware child element of QNameAware to C14n2 [on Pratik Datta
ACTION-715 - Add content on scanning algorithm (augment to remove duplicates), and information on where to emit the namespace declaration [on Pratik Datta
Call for Consensus on removal of digest prefix rewriting in C14N2 (Frederick)
http://lists.w3.org/Archives/Public/public-xmlsec/2010Nov/0004.html
proposed RESOLUTION: remove digest based prefix rewriting from C14N2
6) Status of XPath profile actions
ACTION-686 -- Pratik Datta to add sections on top-level expressions and predicate to XPath profile
ACTION-691 - Add security considerations section to xpath profile
ACTION-687 -- Meiko Jensen to produce top level grammar for XPath profile
ACTION-688 - Add id function at XPath top level (Meiko)
ACTION-690 - Make explicit in grammar difference of included and excluded xpath, - ExcludedXpath can select attributes and element, whereas IncludedXPath can only select elements [on Meiko Jensen
ACTION-689 - Limit to xpath profile during xml signature 2.0 generation in 2.0 mode [on Pratik Datta
ACTION-723 -- Pratik Datta to incorporate changes to XPath profile based on joint xslt/xquery F2F meeting, http://lists.w3.org/Archives/Member/member-xmlsec/2010Nov/att-0000/minutes-2010-11-01.html#item07
Next step is to agree on Last Call once changes completed.
7) XML Signature 2.0
ACTION-706 - Propose definition section text for Included/ExcludedXPath elements for XML Signature 2.0 [on Scott Cantor
ACTION-707 - Remove EnvelopedSignature from section 6.7.1, http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-20/#sec-Type-xml [on Pratik Datta
ACTION-708 - Fix typo in XML Signature 2.0 in DigestDataLength description purpose c) [on Pratik Datta
ACTION-709 - Incorporate Meiko's examples in the document - ISSUE-217 [on Pratik Datta
Status of ISSUE-43 -- Improvements to XML Signature schema? - Scott Cantor.
ACTION-710 - Add reference to XPath profile in the XML Signature 2.0 doc [on Pratik Datta
ACTION-711 - Add QnameAware elements and IDAttributes element to the examples (or check whether they're in and correct) [on Meiko Jensen
ACTION-713 - Review XML Signature 2.0 requirements, http://www.w3.org/2008/xmlsec/Drafts/xmlsec-reqs2/Overview.html [on Bruce Rich
8) Best Practices
ACTION-716 - Propose text for xpath and best practices [on Meiko Jensen
9) Performance, Testing and Interop
9a) Performance
ACTION-717 - Document the Performance improvements with 2.0 [on Pratik Datta
ACTION-718 - Create performance data draft [on Frederick Hirsch
done - see http://lists.w3.org/Archives/Public/public-xmlsec/2010Nov/0008.html (Frederick)
9b) Testing and Interop
Status and next steps
10) Exclusive C14N feedback
http://lists.w3.org/Archives/Public/public-xmlsec/2010Nov/0010.html
11) Close Pending actions
These will be closed after the meeting unless concern raised before or during meeting. Please review in advance of meeting.
ACTION-621: Thomas Roessler to Propose ECC-related refactoring of spec
ACTION-647: Pratik Datta to Implement Cantor's proposed text to identify all attributes
ACTION-659: Pratik Datta to Review newTransformModel URI and does URI need correct? http://www.w3.org/2010/xmldsig2#newTransformModel in Signature 2.0
ACTION-660: Scott Cantor to Propose changes to C14N2 to support enveloped signature
ACTION-661: Pratik Datta to Summarize issue related to use of ID without DTD for discussion and resolution
ACTION-666: Thomas Roessler to Propose edits to XML Encryption examples wrt EXI response
ACTION-667: Pratik Datta to Add text regarding potential 1-pass issues to XPath document, using proposal from Meikohttp://lists.w3.org/Archives/Public/public-xmlsec/2010Sep/0013.html
ACTION-674: Scott Cantor to Update 1.1 with change for X509SerialNumber
ACTION-676: Frederick Hirsch to Discuss XPath profile roadmap with tlr
ACTION-677: Pratik Datta to Remove .. from XPath subset, http://lists.w3.org/Archives/Public/public-xmlsec/2010Oct/0010.html
ACTION-679: Pratik Datta to Update XPath profile to allow assertion to include all id references utilized by reference
ACTION-681: Frederick Hirsch to Send magnus email re running additional test cases, including ghc
ACTION-683: Frederick Hirsch to Review newTransformModel URI, ACTION-659
ACTION-693: Frederick Hirsch to Ask EMC/Aldrin about Generic Hybrid Cipher implementation at EMC
ACTION-694: Frederick Hirsch to Ask Magnus/Microsoft about Generic Hybrid Cipher implementation/interop
ACTION-697: Magnus Nystrom to Update PBKDF2 for SHA2 URI
ACTION-698: Frederick Hirsch to Check with sean on ECKeyValue
ACTION-701: Frederick Hirsch to Check with sean on status of implementations wiki
ACTION-702: Frederick Hirsch to Check with scott re interop, in particulars DEREncodedKeyValue, OCSP, KeyInfoReference
ACTION-703: Frederick Hirsch to Send cfc on resolutions
ACTION-718: Frederick Hirsch to Create performance data draft
ACTION-722: Frederick Hirsch to Update XML Encryption with proposal noted in http://lists.w3.org/Archives/Public/public-xmlsec/2010Oct/0045.html
ACTION-724: Frederick Hirsch to Update change explanation for XML Signature 1.1
ACTION-725: Frederick Hirsch to Update change explanation for XML Encryption
12) Other Business
13) Adjourn
Scribing list
----------------
Ed Simon, Invited Expert (15 June 2010, 25 January 2010)
Pratik Datta, Oracle (27 July 2010, 20 October 2009)
Gerald Edgar, Boeing (10 August 2010, 22 June 2010, 13 April 2010)
Hal Lockhart, Oracle (17 August 2010, 2 February 2010, 27 October 2009)
Thomas Roessler (31 August 2010, 4 May, 2010, 20 April 2010)
Magnus Nyström, Microsoft (7 Sept 2010, 27 April, 2010, 2 June, 2009)
Chris Solc, Adobe (14 Sept 2010, 26 January 2010, 8 December 2009)
Shivaram Mysore, Invited Expert (28 Sept 2010, 7 Sept 2010, 6 November 2009 F2F, 23 June 2009)
Brian LaMacchia, Microsoft (19 October 2010, 25 May 2010, 6 November 2009 F2F)
Scott Cantor, invited expert (19 October 2010, 31 August 2010, 1 June 2010, 24 Nov 2009)
Cynthia Martin, MITRE (26 October 2010, 6 July 2010, 2 March 2010)
Meiko Jensen (2 November 2010 F2F, 21 Sept 2010, 11 May, 2010)
Bruce Rich, IBM (1 & 2 November 2010 F2F, 30 March 2010)
Not seen recently:
Bradley Hill, Invited Expert (14 July 2009)
John Wray, IBM (15 Dec 2009, 1 Sept 2009)
Sean Mullan, Oracle (12 January 2010, 6 October 2009)
Aldrin d'Souza, EMC (9 Feb 2010)
Karel Wouters IBBT, (9 March 2010)
Logistics Info:
10-12:00 am Eastern Time
Information on meeting times in various time zones:
http://www.w3.org/2008/xmlsec/Group/Overview.html#phone
Zakim Bridge:
+1.617.761.6200 conference code 965732# ('XMLSEC')
IRC Chat: irc.w3.org (port 6665), #xmlsec
Web-based IRC (member-only): <http://irc.w3.org/?channels=xmlsec>
Please note that attendance of XMLSEC WG teleconferences is restricted to registered WG participants and persons invited by the chair.
Scribe Instructions: <http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html
Liaison information: <http://www.w3.org/2008/xmlsec/Group/Overview.html#coordination
Publication Status available at <http://www.w3.org/2008/xmlsec/wiki/PublicationStatus
Roadmap at <http://www.w3.org/2008/xmlsec/wiki/Roadmap>
---
regards, Frederick
Frederick Hirsch, Nokia
Chair XML Security WG
Received on Monday, 15 November 2010 16:47:47 UTC