# XML Security Working Group Teleconference ## 24 May 2011 [Agenda][3] See also: [IRC log][4] ## Attendees Present Frederick_Hirsch, Scott_Cantor, Gerald_Edgar, Pratik_Datta, Magnus_Nystrom, Brian_LaMacchia, Bruce_Rich, Shivaram_Mysore, Chris_Solc Regrets Cynthia_Martin, Ed_Simon Chair Frederick_Hirsch Scribe Gerald-E ## Contents * [Topics][5] 1. [Administrative][6] 2. [Widget Signature][7] 3. [Minutes approval][8] 4. [PAG][9] 5. [Charter renewal][10] 6. [2.0 Last call][11] 7. [C14N2 Test Cases][12] 8. [Interop gap review][13] 9. [Adjourn][14] * [Summary of Action Items][15] * * * Date: 24 May 2011 ScribeNick: Gerald-E ### Administrative Next meeting 7 June 2011, see [http://www.w3.org/2008/xmlsec/Group/Overview.html#meetings][16] ### Widget Signature new widget signature last call anticipated, [http://lists.w3.org/Archives/Public/public-xmlsec/2011May/0007.html][17] ### Minutes approval Approve minutes, 19 April 2011 [http://lists.w3.org/Archives/Public/public- xmlsec/2011Apr/att-0032/minutes-2011-04-19.html][18] **RESOLUTION: Minutes from 19 April approved.** ### PAG fjh: The PAG has been meeting and continues to meet. ### Charter renewal [http://lists.w3.org/Archives/Member/member- xmlsec/2011Apr/0001.html][19] fjh: to work with thomas for this. ### 2.0 Last call Last Call drafts published 26 April 2011: XML Signature 2.0, Canonical XML 2.0, XML Signature Streaming Profile of XPath 1.0 [http://www.w3.org/News/2011#entry-9075][20] Updated WDs also published: XML Security 2.0 Requirements and Design Consideration, XML Security RELAX NG Schemas, XML Security Algorithm Cross- Reference announcement, [http://lists.w3.org/Archives/Public/public- xmlsec/2011Apr/0034.html][21] (Frederick) ACTION-791: Thomas Roessler to Request SAAG review of XML Sec 2.0 once spec is in LC ACTION-791 Request SAAG review of XML Sec 2.0 once spec is in LC notes added Definition of whitespace for the TrimTextNodes parameter in C14N 2.0 [http://lists.w3.org/Archives/Public/public- xmlsec/2011Apr/0041.html][22] fjh: whitespace or trim text comment Pratik: there is a "iswhitespace" function in Java that is different from this. need to clarify that whitespace is as xml defined Scott To use whitespace as XML defines it, not as others define it. **ACTION:** pdatta to update C14N2 draft with note to clarify whitespace definition as XML definition, provide warning re using other libraries like Java [recorded in [http://www.w3.org/2011/05/24-xmlsec- minutes.html#action01][23]] Created ACTION-799 - Update C14N2 draft with note to clarify whitespace definition as XML definition, provide warning re using other libraries like Java [on Pratik Datta - due 2011-05-31]. PrefixRewrite in C14N 2.0 [http://lists.w3.org/Archives/Public/public- xmlsec/2011May/0000.html][24] proposal each uri to map only to one prefix pdatta: prefix rewriting and operations based on URIs fjh: what is the downside of this change? pdatta: prefix shortcut for uri, this was an oversight noticed with writing test cases **ACTION:** pdatta to update C14N for 1-1 prefix to uri mapping [recorded in [http://www.w3.org/2011/05/24-xmlsec-minutes.html#action02][25]] Created ACTION-800 - Update C14N for 1-1 prefix to uri mapping [on Pratik Datta - due 2011-05-31]. if there are two prefix declarations to the same URI e.g.xmlns:a="[http://z0][26]" and xmlns:b:="[http://z0][26]" they should map to the same rewritten prefix ### C14N2 Test Cases [http://www.w3.org/2008/xmlsec/Group/interop/c14n2/][27] Pdatta: documented test using default namespaces ... test with whitespaces pdatta: need to add whitespace, c14n1 examples pdatta: to see what applies to 2.0 fjh: we should take a look at the test cases all, please review c14N test case document - namespace sections **ACTION:** fjh to review C14N2 test case document [recorded in [http://www.w3.org/2011/05/24-xmlsec-minutes.html#action03][28]] Created ACTION-801 - Review C14N2 test case document [on Frederick Hirsch - due 2011-05-31]. ### Interop gap review [http://lists.w3.org/Archives/Public/public- xmlsec/2011May/0006.html][29] [http://lists.w3.org/Archives/Public/public-xmlsec/2011May/att-0006 /test-table-1_1-2_0.html][30] fjh: other groups have attempted to write the specifications to automate test case gereration ... ocsp tests seems to be missing ... to document exceptions [http://www.w3.org/Signature/2001/04/05-xmldsig-interop.html][31] [http://www.w3.org/Signature/2002/02/01-exc-c14n-interop.html][32] [http://www.w3.org/Encryption/2002/02-xenc-interop.html][33] bal: try to pick a base of tests that exercise the mandatory elements, and adding in optional elements ... eg ecdsa tests then add additoinal elements, a delta of funtionality ... or to create a large test case and prove the results fjh: to create "unit tests" that can test functionality The tests we developed this winter (and did interop on) was for Derived Key We had interop with IBM [http://www.w3.org/2008/xmlsec/wiki/Interop][34] The test cases have been updated on the Wiki after our interop Gerald is continuing to update the test coverage document, later we can consider moving into CVS etc ISSUE-132? ISSUE-132 -- Keep 2.0 xenc transform feature in sync with signature 2.0 -- open [http://www.w3.org/2008/xmlsec/track/issues/132][35] ### Adjourn ## Summary of Action Items **[NEW]** **ACTION:** fjh to review C14N2 test case document [recorded in [http://www.w3.org/2011/05/24-xmlsec-minutes.html#action03][28]] **[NEW]** **ACTION:** pdatta to update C14N for 1-1 prefix to uri mapping [recorded in [http://www.w3.org/2011/05/24-xmlsec-minutes.html#action02][25]] **[NEW]** **ACTION:** pdatta to update C14N2 draft with note to clarify whitespace definition as XML definition, provide warning re using other libraries like Java [recorded in [http://www.w3.org/2011/05/24-xmlsec- minutes.html#action01][23]] [End of minutes] * * * Minutes formatted by David Booth's [scribe.perl][36] version 1.135 ([CVS log][37]) $Date: 2009-03-02 03:52:20 $ [1]: http://www.w3.org/Icons/w3c_home [2]: http://www.w3.org/ [3]: http://lists.w3.org/Archives/Public/public-xmlsec/2011May/0003.html [4]: http://www.w3.org/2011/05/24-xmlsec-irc [5]: #agenda [6]: #item01 [7]: #item02 [8]: #item03 [9]: #item04 [10]: #item05 [11]: #item06 [12]: #item07 [13]: #item08 [14]: #item09 [15]: #ActionSummary [16]: http://www.w3.org/2008/xmlsec/Group/Overview.html#meetings [17]: http://lists.w3.org/Archives/Public/public-xmlsec/2011May/0007.html [18]: http://lists.w3.org/Archives/Public/public- xmlsec/2011Apr/att-0032/minutes-2011-04-19.html [19]: http://lists.w3.org/Archives/Member/member-xmlsec/2011Apr/0001.html [20]: http://www.w3.org/News/2011#entry-9075 [21]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Apr/0034.html [22]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Apr/0041.html [23]: http://www.w3.org/2011/05/24-xmlsec-minutes.html#action01 [24]: http://lists.w3.org/Archives/Public/public-xmlsec/2011May/0000.html [25]: http://www.w3.org/2011/05/24-xmlsec-minutes.html#action02 [26]: http://z0 [27]: http://www.w3.org/2008/xmlsec/Group/interop/c14n2/ [28]: http://www.w3.org/2011/05/24-xmlsec-minutes.html#action03 [29]: http://lists.w3.org/Archives/Public/public-xmlsec/2011May/0006.html [30]: http://lists.w3.org/Archives/Public/public-xmlsec/2011May/att-0006 /test-table-1_1-2_0.html [31]: http://www.w3.org/Signature/2001/04/05-xmldsig-interop.html [32]: http://www.w3.org/Signature/2002/02/01-exc-c14n-interop.html [33]: http://www.w3.org/Encryption/2002/02-xenc-interop.html [34]: http://www.w3.org/2008/xmlsec/wiki/Interop [35]: http://www.w3.org/2008/xmlsec/track/issues/132 [36]: http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm [37]: http://dev.w3.org/cvsweb/2002/scribe/