# XML Security Working Group Teleconference

## 04 Dec 2012

[Agenda][3]

See also: [IRC log][4]

## Attendees

Present

    Thomas, Frederick_Hirsch, Thomas_Roessler, Gerald_Edgar

Regrets


Chair

    Frederick_Hirsch

Scribe

    fjh

## Contents

  * [Topics][5]

    1. [Administrative][6]

    2. [Minutes Approval][7]

    3. [Key Separation and XML Encryption 1.1][8]

    4. [Key Derivation and XML Encryption 1.1][9]

    5. [Proposed Recommendation Transition: XML Encryption 1.1, XML Signature
1.1, XML Signature Properties][10]

    6. [Note publications][11]

    7. [Other business][12]

    8. [Adjourn][13]

  * [Summary of Action Items][14]

* * *

<trackbot> Date: 04 December 2012

<scribe> ScribeNick: fjh

### Administrative

Note there is a call next week, 11 December, unless cancelled (scribe note -
was cancelled at end of today's call)

No call 18 Dec, 25 Dec or 1 January

### Minutes Approval

Approve minutes from 27 November 2012

[http://lists.w3.org/Archives/Public/public-
xmlsec/2012Nov/att-0015/minutes-2012-11-27.html][15]

**RESOLUTION: Minutes from 27 November 2012 are approved.**

### Key Separation and XML Encryption 1.1

approval of added security considerations section to XML Encryption 1.1

fjh: I revised the new security considerations section based on comments from
Magnus and Bruce

[http://lists.w3.org/Archives/Public/public-xmlsec/2012Dec/0001.html][16] plus
subsequent fix for symmetric

Magnus indicated offlist that ok with revised text

juraj gave feedback this morning [http://lists.w3.org/Archives/Public/public-
xmlsec/2012Dec/0009.html][17]

two issues: 1 wording of security consideration, 2 definition of key
derivation

question: process

fjh: believe we can add security consideration without additional process
before PR

tlr: agree

fjh: could add informative example on how to do this without having to cycle
through interop, LC, CR etc

... or add as separate document

tlr: agree to adding informative example, could create separate document or a
1.2 revision, agree need to ship 1.1 now

fjh: how quickly could we cycle a new release

tlr: could do it quickly, define the addition and call it 1.2, could do it
within six months

fjh: do not want to stall 1.1 waiting for interest in new work

tlr: agree, do 1.1. then do 1.2 if interest, then recharter for that

<scribe> **ACTION:** send CfC to agree to put additional features in potential
1.2 if interest [recorded in [http://www.w3.org/2012/12/04-xmlsec-
minutes.html#action01][18]]

<trackbot> Sorry, couldn't find send. You can review and register nicknames at
<[http://www.w3.org/2008/xmlsec/track/users>.][19]

<scribe> **ACTION:** fjh to send CfC to agree to put additional features in
potential 1.2 if interest [recorded in [http://www.w3.org/2012/12/04-xmlsec-
minutes.html#action02][20]]

<trackbot> Created ACTION-925 - Send CfC to agree to put additional features
in potential 1.2 if interest [on Frederick Hirsch - due 2012-12-11].

fjh: Juraj raised a concern regarding language in the new security
consideration, due to the clarification in response to Bruce and Magnus. I
suggest we leave it alone

... will put this in the CfC as well

gerald: no comment

tlr: no comment

<scribe> **ACTION:** fjh to send CfC that WG accepts the added XML Encryption
1.1 security consideration section as currently drafted [recorded in
[http://www.w3.org/2012/12/04-xmlsec-minutes.html#action03][21]]

<trackbot> Created ACTION-926 - Send CfC that WG accepts the added XML
Encryption 1.1 security consideration section as currently drafted [on
Frederick Hirsch - due 2012-12-11].

fjh: any thoughts on appropriate length for CfC - 1 week should be enough?

tlr: yes, 1 week is enough

### Key Derivation and XML Encryption 1.1

already discussed, will send CfC

### Proposed Recommendation Transition: XML Encryption 1.1, XML Signature 1.1,
XML Signature Properties

XML Encryption 1.1 - [http://www.w3.org/2008/xmlsec/Drafts/xmlenc-
core-11/Overview.html][22]

fjh: stable but depends on decisions for security consideration and additional
key derivation

... will include this in the same CfC

... signature stable, so we can make PR decision

XML Signature 1.1 - [http://www.w3.org/2008/xmlsec/Drafts/xmldsig-
core-11/Overview.html][23]

<scribe> **ACTION:** fjh to make CfC for proposed RESOLUTION: The XML Security
working group agrees to progress XML Signature 1.1 to Proposed Recommendation,
using the latest editors draft of 13 November 2012 that includes an update in
response to LC-2721. [recorded in [http://www.w3.org/2012/12/04-xmlsec-
minutes.html#action04][24]]

<trackbot> Created ACTION-927 - Make CfC for proposed RESOLUTION: The XML
Security working group agrees to progress XML Signature 1.1 to Proposed
Recommendation, using the latest editors draft of 13 November 2012 that
includes an update in response to LC-2721. [on Frederick Hirsch - due
2012-12-11].

fjh: signature properties also stable

<scribe> **ACTION:** fjh to send CfC for proposed RESOLUTION: The XML Security
working group agrees to progress XML Signature Properties to Proposed
Recommendation, using the latest editors draft of 10 September 2012 which
reflects removal of at-risk items that were not tested. [recorded in
[http://www.w3.org/2012/12/04-xmlsec-minutes.html#action05][25]]

XML Signature Properties - [http://www.w3.org/2008/xmlsec/Drafts/xmldsig-
properties/Overview.html][26]

<scribe> **ACTION:** fjh to submit transition request to Proposed
Recommendation for XML Encryption 1.1, XML Signature 1.1 and XML Signature
Properties once Exclusion Period for XML Encryption 1.1 is completed, after 17
December and CfCs approved [recorded in [http://www.w3.org/2012/12/04-xmlsec-
minutes.html#action06][27]]

<trackbot> Created ACTION-928 - Submit transition request to Proposed
Recommendation for XML Encryption 1.1, XML Signature 1.1 and XML Signature
Properties once Exclusion Period for XML Encryption 1.1 is completed, after 17
December and CfCs approved [on Frederick Hirsch - due 2012-12-11].

fjh: plan to set publication date for 10 Jan, is that a problem?

... assume it is ok

### Note publications

proposed RESOLUTION:The XML Security working group agrees to publish "XML
Security 1.1 Requirements and Design Considerations" as a W3C Note.

Updated "Functional Explanation of Changes in XML Encryption 1.1" ,
[http://lists.w3.org/Archives/Public/public-xmlsec/2012Dec/0004.html][28]

proposed RESOLUTION: The XML Security working group agrees to published
updated Note of "Functional Explanation of Changes in XML Encryption 1.1"

XML Security Algorithm Cross-Reference, Updated editors draft :
[http://lists.w3.org/Archives/Public/public-xmlsec/2012Dec/0005.html][29]

proposed RESOLUTION: The XML Security working group agrees not to include XML
Security 2.0 algorithms in "XML Security Algorithm Cross-Reference".

proposed RESOLUTION: The XML Security working group agrees to publish "XML
Security Algorithm Cross-Reference" as W3C Note.

gerald: what about security considerations

fjh: we probably should update it for the latest and republish

<scribe> **ACTION:** fjh to update security considerations to add latest
[recorded in [http://www.w3.org/2012/12/04-xmlsec-minutes.html#action07][30]]

<trackbot> Created ACTION-929 - Update security considerations to add latest
[on Frederick Hirsch - due 2012-12-11].

<scribe> **ACTION:** fjh to send CfC for publishing these Notes [recorded in
[http://www.w3.org/2012/12/04-xmlsec-minutes.html#action08][31]]

<trackbot> Created ACTION-930 - Send CfC for publishing these Notes [on
Frederick Hirsch - due 2012-12-11].

### Other business

**RESOLUTION: Cancel next week's call, 11 December**

next call will be 8 January

fjh: we will progress our work by email

### Adjourn

## Summary of Action Items

**[NEW]** **ACTION:** fjh to make CfC for proposed RESOLUTION: The XML
Security working group agrees to progress XML Signature 1.1 to Proposed
Recommendation, using the latest editors draft of 13 November 2012 that
includes an update in response to LC-2721. [recorded in
[http://www.w3.org/2012/12/04-xmlsec-minutes.html#action04][24]]

**[NEW]** **ACTION:** fjh to send CfC for proposed RESOLUTION: The XML
Security working group agrees to progress XML Signature Properties to Proposed
Recommendation, using the latest editors draft of 10 September 2012 which
reflects removal of at-risk items that were not tested. [recorded in
[http://www.w3.org/2012/12/04-xmlsec-minutes.html#action05][25]]

**[NEW]** **ACTION:** fjh to send CfC for publishing these Notes [recorded in
[http://www.w3.org/2012/12/04-xmlsec-minutes.html#action08][31]]

**[NEW]** **ACTION:** fjh to send CfC that WG accepts the added XML Encryption
1.1 security consideration section as currently drafted [recorded in
[http://www.w3.org/2012/12/04-xmlsec-minutes.html#action03][21]]

**[NEW]** **ACTION:** fjh to send CfC to agree to put additional features in
potential 1.2 if interest [recorded in [http://www.w3.org/2012/12/04-xmlsec-
minutes.html#action02][20]]

**[NEW]** **ACTION:** fjh to submit transition request to Proposed
Recommendation for XML Encryption 1.1, XML Signature 1.1 and XML Signature
Properties once Exclusion Period for XML Encryption 1.1 is completed, after 17
December and CfCs approved [recorded in [http://www.w3.org/2012/12/04-xmlsec-
minutes.html#action06][27]]

**[NEW]** **ACTION:** fjh to update security considerations to add latest
[recorded in [http://www.w3.org/2012/12/04-xmlsec-minutes.html#action07][30]]

**[NEW]** **ACTION:** send CfC to agree to put additional features in
potential 1.2 if interest [recorded in [http://www.w3.org/2012/12/04-xmlsec-
minutes.html#action01][18]]


[End of minutes]

* * *

Minutes formatted by David Booth's [scribe.perl][32] version 1.135 ([CVS
log][33])

$Date: 2009-03-02 03:52:20 $

   [1]: http://www.w3.org/Icons/w3c_home

   [2]: http://www.w3.org/

   [3]: http://lists.w3.org/Archives/Public/public-xmlsec/2012Dec/0006.html

   [4]: http://www.w3.org/2012/12/04-xmlsec-irc

   [5]: #agenda

   [6]: #item01

   [7]: #item02

   [8]: #item03

   [9]: #item04

   [10]: #item05

   [11]: #item06

   [12]: #item07

   [13]: #item08

   [14]: #ActionSummary

   [15]: http://lists.w3.org/Archives/Public/public-
xmlsec/2012Nov/att-0015/minutes-2012-11-27.html

   [16]: http://lists.w3.org/Archives/Public/public-xmlsec/2012Dec/0001.html

   [17]: http://lists.w3.org/Archives/Public/public-xmlsec/2012Dec/0009.html

   [18]: http://www.w3.org/2012/12/04-xmlsec-minutes.html#action01

   [19]: http://www.w3.org/2008/xmlsec/track/users>.

   [20]: http://www.w3.org/2012/12/04-xmlsec-minutes.html#action02

   [21]: http://www.w3.org/2012/12/04-xmlsec-minutes.html#action03

   [22]: http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.html

   [23]: http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.html

   [24]: http://www.w3.org/2012/12/04-xmlsec-minutes.html#action04

   [25]: http://www.w3.org/2012/12/04-xmlsec-minutes.html#action05

   [26]: http://www.w3.org/2008/xmlsec/Drafts/xmldsig-properties/Overview.html

   [27]: http://www.w3.org/2012/12/04-xmlsec-minutes.html#action06

   [28]: http://lists.w3.org/Archives/Public/public-xmlsec/2012Dec/0004.html

   [29]: http://lists.w3.org/Archives/Public/public-xmlsec/2012Dec/0005.html

   [30]: http://www.w3.org/2012/12/04-xmlsec-minutes.html#action07

   [31]: http://www.w3.org/2012/12/04-xmlsec-minutes.html#action08

   [32]: http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm

   [33]: http://dev.w3.org/cvsweb/2002/scribe/