W3C home > Mailing lists > Public > public-xmlsec@w3.org > October 2010

F2F Agenda (v2) 1-2 November 2010

From: <Frederick.Hirsch@nokia.com>
Date: Tue, 26 Oct 2010 20:34:57 +0200
To: <public-xmlsec@w3.org>
CC: <Frederick.Hirsch@nokia.com>
Message-ID: <1948C8AD-C4C3-4E0B-AF2D-7918A558BA70@nokia.com>
Draft F2F Agenda (v2): W3C XML Security WG (XMLSec) - F2F #6, 1-2 November 2010

Note that the meeting will start 8:30 am on Monday 1 November and Tuesday 2 November. On Monday the meeting is scheduled until 18:00.
On Tuesday the meeting is scheduled for the entire day until 18:00 but may end earlier depending on progress in the working sessions.

If dialing in, please confirm with  F2F meeting attendees on IRC chat first. Logistics follow agenda.

Monday 1 November 2010, 8:30 - 18:00 ; http://www.w3.org/2010/11/TPAC/Schedule.html#MonGroups

1) Welcome and Administrative (8:30 Monday 1 November)

Welcome, Scribe Selection, Agenda review, Introductions, Announcements

2) Minutes Approval

Approve minutes from 26 October 2009

http://lists.w3.org/Archives/Public/public-xmlsec/2010Oct/att-0041/minutes-2010-10-26.html

3) XML Security 2.0 Last Call Readiness review

Ready to publish Last Call of 2.0 documents? Review outstanding editorial actions, issues and next steps required.

http://www.w3.org/2005/10/Process-20051014/tr.html#last-call

3a)  XML Signature Streaming Profile of XPath 1.0

http://www.w3.org/2008/xmlsec/Drafts/xmldsig-xpath/

ISSUE-211 : Stand alone version of Streaming XPath Profile versus diff, http://lists.w3.org/Archives/Public/public-xmlsec/2010Aug/0055.html ; http://www.w3.org/2008/xmlsec/track/issues/211 

3b) Canonical XML 2.0

http://www.w3.org/2008/xmlsec/Drafts/c14n-20/

ISSUE-215 : C14N2 conformance - optional parameters, profiles, etc ; http://www.w3.org/2008/xmlsec/track/issues/215 

ISSUE-204 : Integrated recognition of QName content ;  http://www.w3.org/2008/xmlsec/track/issues/204 

ISSUE-206 : For c14n20 profile - clarify that conformance implies support, but also changes to xml or what must be explicitly specified ; http://www.w3.org/2008/xmlsec/track/issues/206 

ISSUE-198 : How to determine if arbitrary text content contains prefixes? Might need to do a lot of searching because text content can be large ; http://www.w3.org/2008/xmlsec/track/issues/198 

[Break 10:30 - 11:00]

3c) XML Signature 2.0

http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-20/

ISSUE-213 : XML Signature 2.0 needs precise definitions of Included/ExcludedXPath elements ; http://www.w3.org/2008/xmlsec/track/issues/213 

ISSUE-217 : XML Signature 2.0 needs 2.0 mode examples, e.g. , verification, selection etc. ; http://www.w3.org/2008/xmlsec/track/issues/217 

ISSUE-214 : XML Signature 2.0 needs precise definitions of Verification element and its children. ; http://www.w3.org/2008/xmlsec/track/issues/214 

ISSUE-210 : Restructuring of Signature 2.0 "uncomplicate" section 4.4.3 by http://www.w3.org/2008/xmlsec/track/issues/210 

ISSUE-140 : Clarify how XPath is interpreted relative to entire document and ds:Reference ; http://www.w3.org/2008/xmlsec/track/issues/140 

ISSUE-203 : How to tag id-ness of attributes when schema isn't parsed ;  http://www.w3.org/2008/xmlsec/track/issues/203 

ISSUE-43 : Improvements to XML Signature schema ; http://www.w3.org/2008/xmlsec/track/issues/43 

ISSUE-160 : Define URI for Canonical XML 2.0, add section to Signature 2.0 defining Canonical XML 2.0 ; http://www.w3.org/2008/xmlsec/track/issues/160 

[12:00 - 14:00 Lunch]

3d) XML Security 2.0 Requirements

http://www.w3.org/2008/xmlsec/Drafts/xmlsec-reqs2/Overview.html

3e) Summary of XML Security 2.0 next steps and issues for Last Call

ISSUE-208 : List 2.0 algorithms in algorithms cross-reference  ; http://www.w3.org/2008/xmlsec/track/issues/208 

ISSUE-202 : How to define parameter sets in document, vs conformance criteria ; http://www.w3.org/2008/xmlsec/track/issues/202

ISSUE-132 : Keep 2.0 xenc transform feature in sync with signature 2.0 ; http://www.w3.org/2008/xmlsec/track/issues/132 

4)  Test Cases and Interop planning for 1.1 and 2.0

Interop wiki

http://www.w3.org/2008/xmlsec/wiki/Interop

Implementations wiki

http://www.w3.org/2008/xmlsec/wiki/Implementations

[3:30 - 4:00 Break ]

Additional test cases and interop working session

ISSUE-216 : Whether and how to test denial of service cases in test suite ; http://www.w3.org/2008/xmlsec/track/issues/216 

5) Recess (18:00)

-------

Tuesday, 2 November 2010 (8:30 - 18:00, possible earlier end)

1) Welcome and Administrative (8:30 Tuesday 2 November)

Welcome, Scribe Selection, Agenda review, Introductions, Announcements

2) 1.1 CR readiness review

http://www.w3.org/2005/10/Process-20051014/tr.html#cfi

2a) Expectations and process for entering CR

2b)  XML Signature 1.1

All Last Call comments to date have been resolved:
http://www.w3.org/2006/02/lc-comments-tracker/42458/WD-xmldsig-core1-20100204/doc/

Additional Last Call of XML Signature 1.1 due to addition of X509Digest element and deprecation of X509IssuerSerial. http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.html#sec-X509Data

proposed RESOLUTION: WG agrees to bring XML Signature 1.1 to an additional three week Last Call beginning 9 November and ending 30 November 2010  due to the addition of X509Digest element and deprecation of X509IssuerSerial.

editorial update required for Last Call, including update to SOTD.

Review of issues subsequent to Last Call for entering CR?

2c)  XML Encryption 1.1

Previous last call comments require additional checking:
http://www.w3.org/2006/02/lc-comments-tracker/42458/WD-xmlenc-core1-20100513/doc/

http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.html

ISSUE-178 : Highlight additional text constraints on XSD schema as such. ;  http://www.w3.org/2008/xmlsec/track/issues/178 
	
2d) XML Security Generic Hybrid Ciphers

http://www.w3.org/2008/xmlsec/Drafts/generic-hybrid-ciphers/Overview.html

2e)	XML Signature Properties

Last call comment requires closure:
http://www.w3.org/2006/02/lc-comments-tracker/42458/WD-xmldsig-properties-20100204/

http://www.w3.org/2008/xmlsec/Drafts/xmldsig-properties/Overview.html

2f) 1.1 Requirements and Design Considerations

http://www.w3.org/2008/xmlsec/Drafts/xmlsec-reqs/Overview.html

2g) 1.1 CR summary and next steps

[Break 10:30 - 11:00]

3) Performance measurement working session

materials, http://lists.w3.org/Archives/Public/public-xmlsec/2010Oct/0042.html (Frederick)

ISSUE-122 : Explain why peformance improvements and rationale, relationship to earlier work ; http://www.w3.org/2008/xmlsec/track/issues/122 

ISSUE-86 : Document performance criterial and benchmarks ;  http://www.w3.org/2008/xmlsec/track/issues/86 

[12:00 - 14:00 Lunch]

4) Draft proposal related to Wrapping Attacks

ISSUE-156 : Threat for signature from use of namespace prefixes with corresponding unsigned namespace declarations leading to wrapping like attacks ; http://www.w3.org/2008/xmlsec/track/issues/156 

5) Best Practices and RELAX NG Schema next steps

ISSUE-212 : Additional denial of service attack for Best Practices, http://lists.w3.org/Archives/Public/public-xmlsec/2010Aug/0020.html   ; http://www.w3.org/2008/xmlsec/track/issues/212 

ISSUE-71 : Change section titles in best practices to match practices ; http://www.w3.org/2008/xmlsec/track/issues/71 

 ISSUE-170 : Should we recomend signing namespaces as part of Best Practice 12 (dependency on ACTION-538) ; http://www.w3.org/2008/xmlsec/track/issues/170 

6) Action and Issue Review

7) Summary of F2F results, issues and next steps

8)  Other Business

9) Adjourn

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG
---

Scribing  list
----------------
Bruce Rich, IBM (30 March 2010)
Ed Simon, Invited Expert (15 June 2010, 25 January 2010)
Pratik Datta, Oracle (27 July 2010, 20 October 2009)
Gerald Edgar, Boeing (10 August 2010, 22 June 2010, 13 April 2010)
Hal Lockhart, Oracle (17 August 2010, 2 February 2010, 27 October 2009)
Thomas Roessler (31 August 2010, 4 May, 2010, 20 April 2010)
Magnus Nyström, Microsoft (7 Sept 2010, 27 April, 2010, 2 June, 2009)
Chris Solc, Adobe (14 Sept 2010, 26 January 2010, 8 December 2009)
Meiko Jensen (21 Sept 2010, 11 May, 2010)
Shivaram Mysore, Invited Expert (28 Sept 2010, 7 Sept 2010, 6 November 2009 F2F, 23 June 2009)
Brian LaMacchia, Microsoft (19 October 2010, 25 May 2010, 6 November 2009 F2F)
Scott Cantor, invited expert (19 October 2010, 31 August 2010, 1 June 2010, 24 Nov 2009)
Cynthia Martin, MITRE (26 October 2010, 6 July 2010, 2 March 2010)

Not seen recently:
Bradley Hill, Invited Expert (14 July 2009)
John Wray, IBM (15 Dec 2009, 1 Sept 2009)
Sean Mullan, Oracle (12 January 2010, 6 October 2009)
Aldrin d'Souza, EMC (9 Feb 2010)
Karel Wouters IBBT, (9 March 2010)

--

Logistics Info:

Daylight Saving Time ends in Europe one week earlier than in US: http://lists.w3.org/Archives/Member/member-xmlsec/2010Oct/0001.html

Hence dialing into F2F from Boston would be 5 hours earlier in Boston, 8 hours earlier PT.

Zakim Bridge:
+1.617.761.6200 conference code 965732# ('XMLSEC')

IRC Chat: irc.w3.org (port 6665), #xmlsec

Web-based IRC (member-only): <http://irc.w3.org/?channels=xmlsec>

Please note that attendance of XMLSEC WG teleconferences is restricted  to registered WG participants and persons invited by the chair.

Scribe Instructions: <http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html>

Liaison information: <http://www.w3.org/2008/xmlsec/Group/Overview.html#coordination>

Publication Status available at <http://www.w3.org/2008/xmlsec/wiki/PublicationStatus>

Roadmap at <http://www.w3.org/2008/xmlsec/wiki/Roadmap>

---
Received on Tuesday, 26 October 2010 18:35:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 26 October 2010 18:35:46 GMT