# XML Security Working Group Teleconference

## 03 Jul 2012

[Agenda][3]

See also: [IRC log][4]

## Attendees

Present

    Frederick_Hirsch, Gerald_Edgar, Hal_Lockhart, Scott_Cantor, Bruce_Rich

Regrets


Chair

    Frederick_Hirsch

Scribe

    fjh

## Contents

  * [Topics][5]

    1. [Administrivia][6]

    2. [Minutes Approval][7]

    3. [XML Signature Best Practices publication][8]

    4. [XML Encryption 1.1 update][9]

    5. [Test cases and Interop][10]

    6. [Action review][11]

    7. [Issue review][12]

    8. [Roadmap][13]

    9. [Adjourn][14]

  * [Summary of Action Items][15]

* * *

<trackbot> Date: 03 July 2012

<scribe> ScribeNick: fjh

### Administrivia

### Minutes Approval

Approve minutes, 19 June 2012

[http://lists.w3.org/Archives/Public/public-
xmlsec/2012Jun/att-0018/minutes-2012-06-19.html][16]

**RESOLUTION: Minutes from 19 June 2012 are approved.**

### XML Signature Best Practices publication

Update: [http://lists.w3.org/Archives/Public/public-
xmlsec/2012Jun/0020.html][17]

**RESOLUTION: Publish XML Signature Best Practices as a WG Note on 10 July
2012**

<scribe> **ACTION:** fjh to arrange publication of XML Signature Best
Practices [recorded in [http://www.w3.org/2012/07/03-xmlsec-
minutes.html#action01][18]]

<trackbot> Created ACTION-889 - Arrange publication of XML Signature Best
Practices [on Frederick Hirsch - due 2012-07-10].

### XML Encryption 1.1 update

[http://lists.w3.org/Archives/Public/public-xmlsec/2012Jul/0003.html][19]

**RESOLUTION: update XML Encryption 1.1 and xenc-schema-11.xsd to make the
anyType type of Parameters in PBKDF2 explicit**

fjh: I have already implemented this change in the editors draft, as well as
fixing a validation error and updating the reference for SP-800-67 -
[http://lists.w3.org/Archives/Public/public-xmlsec/2012Jul/0008.html][20]

### Test cases and Interop

ACTION-888?

<trackbot> ACTION-888 -- Pratik Datta to distribute test case and result for
testing XML Signature 1.1 HMACOutputLength minimum length -- due 2012-06-19 --
OPEN

<trackbot> [http://www.w3.org/2008/xmlsec/track/actions/888][21]

scantor: limited time, but have implemented items at risk in 1.1, other than
ocsp response

... focus on cryptographic items

... no time to create harness for KeyInfo etc

### Action review

ACTION-238?

<trackbot> ACTION-238 -- Thomas Roessler to draft proposal to add identifiers
for ECDSA-RIPEMD, RSA-WHIRLPOOL, ECDSA-WHIRLPOOL to XML Security Algorithms
Cross-Reference (follow up to ACTION-222) -- due 2012-01-31 -- OPEN

<trackbot> [http://www.w3.org/2008/xmlsec/track/actions/238][22]

ACTION-887 closed

<trackbot> ACTION-887 Draft text on HMAC truncation for XML Signature best
practices closed

### Issue review

ISSUE-232?

<trackbot> ISSUE-232 -- Clarify meaning of HMAC truncation -- open

<trackbot> [http://www.w3.org/2008/xmlsec/track/issues/232][23]

ISSUE-232: RFC makes it clear so this can be closed

<trackbot> ISSUE-232 Clarify meaning of HMAC truncation notes added

ISSUE-232 closed

<trackbot> ISSUE-232 Clarify meaning of HMAC truncation closed

### Roadmap

[http://lists.w3.org/Archives/Public/public-xmlsec/2012Jul/0005.html][24]

fjh: email summarizes status of documents and next steps. Plan is go to LC as
soon as PAG completes, for Signature 1.1, 2.0 and Encryption 1.1. Need to
decide what will not have interop and remove as well. We also have a number of
Notes to publish at that time.

### Adjourn

Have a good 4 July for those in the US.

## Summary of Action Items

**[NEW]** **ACTION:** fjh to arrange publication of XML Signature Best
Practices [recorded in [http://www.w3.org/2012/07/03-xmlsec-
minutes.html#action01][18]]


[End of minutes]

* * *

Minutes formatted by David Booth's [scribe.perl][25] version 1.135 ([CVS
log][26])

$Date: 2009-03-02 03:52:20 $

   [1]: http://www.w3.org/Icons/w3c_home

   [2]: http://www.w3.org/

   [3]: http://lists.w3.org/Archives/Public/public-xmlsec/2012Jul/0006.html

   [4]: http://www.w3.org/2012/07/03-xmlsec-irc

   [5]: #agenda

   [6]: #item01

   [7]: #item02

   [8]: #item03

   [9]: #item04

   [10]: #item05

   [11]: #item06

   [12]: #item07

   [13]: #item08

   [14]: #item09

   [15]: #ActionSummary

   [16]: http://lists.w3.org/Archives/Public/public-
xmlsec/2012Jun/att-0018/minutes-2012-06-19.html

   [17]: http://lists.w3.org/Archives/Public/public-xmlsec/2012Jun/0020.html

   [18]: http://www.w3.org/2012/07/03-xmlsec-minutes.html#action01

   [19]: http://lists.w3.org/Archives/Public/public-xmlsec/2012Jul/0003.html

   [20]: http://lists.w3.org/Archives/Public/public-xmlsec/2012Jul/0008.html

   [21]: http://www.w3.org/2008/xmlsec/track/actions/888

   [22]: http://www.w3.org/2008/xmlsec/track/actions/238

   [23]: http://www.w3.org/2008/xmlsec/track/issues/232

   [24]: http://lists.w3.org/Archives/Public/public-xmlsec/2012Jul/0005.html

   [25]: http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm

   [26]: http://dev.w3.org/cvsweb/2002/scribe/