XML Security Working Group Teleconference

15 Feb 2011


See also: IRC log


Frederick_Hirsch, Scott_Cantor, Chris_Solc, Meiko_Jensen, Cynthia_Martin, Pratik_Datta, Hal_Lockhart, Bruce_Rich, Thomas_Roessler, Ed_Simon


<trackbot> Date: 15 February 2011

<tlr> trackbot, start meeting

<trackbot> Meeting: XML Security Working Group Teleconference

<trackbot> Date: 15 February 2011

<tlr> ScribeNick: mjensen


<tlr> agenda: http://lists.w3.org/Archives/Public/public-xmlsec/2011Feb/0021.html

<fjh> No meeting 22 February. We will meet the following week, 1 March.

Minutes Approval

<fjh> Approve minutes, 8 February 2011

<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2011Feb/att-0018/minutes-2011-02-08.html

RESOLUTION: Minutes from 8 February 2011 are approved.

XML Security 1.1 CR Publication Status

<fjh> Documents for CR: XML Signature 1.1, XML Encryption 1.1, XML Security Properties, XML Security Generic Hybrid Ciphers

<fjh> Also publish updates of 1.1 Requirements and RELAX NG Schemas

<fjh> Update to XML Encryption 1.1 and XML Signature 1.1 security considerations

<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2011Feb/0020.html

<fjh> http://lists.w3.org/Archives/Member/member-xmlsec/2011Feb/0009.html

<fjh> Updated draft of 1.1 requirements for publication is at

<fjh> http://www.w3.org/2008/xmlsec/Drafts/xmlsec-reqs/wd-snapshot/Overview.html

<fjh> Cynthia review comments, http://lists.w3.org/Archives/Public/public-xmlsec/2011Feb/0026.html

<fjh> #1 http://lists.w3.org/Archives/Public/public-xmlsec/2011Feb/0023.html

<fjh> Reference [XPTR-XPOINTER] is listed as January 2001, but the

<fjh> document says 11 September 2001

<fjh> i The reference [X509V3] does not list a web site. The site to buy the

<fjh> document is

<fjh> http://webstore.iec.ch/servlet/GetPreview?id=40633&path=info_isoiec10021-8%257

<fjh> Bed2.0%7Den.pdf; however, the latest version is 2008, not the 1999 version

<fjh> listed in the reference.

<fjh> brb

<fjh> keep one we can reference hence 1999

<fjh> make change o and p

<fjh> next doc, explain http://lists.w3.org/Archives/Public/public-xmlsec/2011Feb/0024.html

<fjh> Section 6.6.4 is listed as Enveloped Signature Transform, but the title is

<fjh> Signature Transform

<fjh> proposed RESOLUTION: change 6.6.4 title in XML SIgnature 1.1 from Signature Transform to Enveloped Signature Transform

RESOLUTION: change 6.6.4 title in XML SIgnature 1.1 from Signature Transform to Enveloped Signature Transform

<fjh> third, http://lists.w3.org/Archives/Public/public-xmlsec/2011Feb/0026.html

<fjh> these URLs are used as identifiers, not meant to be dereferenced

tlr: we need to do nothing here

<fjh> +1 to do nothing

<fjh> fix 24, [XMLDSIG-BESTPRACTICES] opens to http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.html#bib-XMLDSIG-BESTPRACTICES, but points to [SOAP12-PART1]

<fjh> fix 26, [XMLSEC-RELAXNG], opens to http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.html#bib-XMLSEC-RELAXNG, but points to [SOAP12-PART1]

fjh: if an identifier is outside of the w3c domain, it does not have to point to anything accessible

<fjh> 24 and 26 are non-issues

<fjh> changes needed: [XPTR-XPOINTER] date

<fjh> 6.6.4 title in XML SIgnature 1.1

<fjh> [XPTR-XPOINTER-CR2001]

Elliptic curve PAG status

fjh: what to tell people on this?

tlr: say "working on it"

<fjh> 3rd change - bibliography, cross references for CR versions

XML Security 2.0

pdatta: I've looked at the differences of XPath 1.0 and XPath 2.0
... with xpath 2.0 you always have a schema
... comparison operator can depend on schema type

fjh: does this matter for us?
... i think no it doesn't

<fjh> note that xpath 1 used node sets, xpath 2 moves away from that, but suspect this doesn't matter for the profile since we use trees and not rely on nodesets

<fjh> not sure we need to support all the new types in xpath 2

<fjh> if we have a profile that profiles down

<fjh> wg needs to review this

<fjh> scott notes that relying on schema is bad for interoperability

<fjh> +1 to enumerate what is in

<scantor> seems tricky to me to say you can use relational operators but "make sure you don't have a schema"

<fjh> discussion of whether or not to allow 2.0 predicates, and whether schema is required in that case

<scantor> we have to weigh the value of predicates against the advantage of moving to XPath 2

Security Considerations discussion

<fjh> http://lists.w3.org/Archives/Member/member-xmlsec/2011Feb/0001.html

Other Business

<fjh> any volunteers to help with 2.0 examples?

<fjh> before Last Call, pratik has additional edits, need 2.0 examples in doc, XPath 1 vs 2 resolution


Summary of Action Items

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.135 (CVS log)
$Date: 2009-03-02 03:52:20 $