W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2000

Minutes of 000217-tele

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Thu, 17 Feb 2000 14:03:02 -0500
Message-Id: <3.0.5.32.20000217140302.00a1b100@localhost>
To: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
http://www.w3.org/Signature/Minutes/000217-tele

Participants

     * Donald Eastlake 3rd, Motorola
     * Joseph Reagle, W3C
     * Ed Simon , Entrust Technologies Inc.
     * (regrets) David Solo, Citigroup
     * Mark Bartel, JetForm Corporation
     * John M. Boyer, PureEdge
     * Raghavan "Rags".Srinivas, Sun Microsystems

  Status of documents < 5 minutes

     * Last Call dead-line is fast approaching.
     * Requirements is now in RFC-editors queue.

  Signature Syntax & Processing draft questions:

     * Section 2 re-write as example (10 minutes)
       Bartel, Boyer, Eastlake, Reagle like it. ACTION: Move forward with
       the new organization.
       2.1.1 Uses transforms, using a base64 transform. Change example to
       Canonical XML.
     * Section 6.6.3 XPath re-write (10 minutes)
       Eastlake: question about serialization of line feeds. John
       clarifies ... .
       Reagle: seems like a complex section, might frighten people, but I
       expect if people want to do this, this level of specificity is
       necessary. ACTION: go with this and see if there are further
       comments on the list and at last call.
       Eastlake: Aside, add a sentence in editorial convention say we
       don't rely upon default in DTD/schema.
     * URI/IDREF again (10 minutes)
       Eastlake: Reagle's text MUST understand URI syntax, but not all
       scheme and methods, "XML Signature applications MUST be able to
       dereference (obtain the octets associated with) the resource
       identified by a URI (e.g, DOM, an API, network method). " Must
       understand URI syntax, scheme is application dependent.
       Bartel: and we recommend HTTP.
       Reagle, Eastlake, Boyer, Bartel want to go forward.  Simon and
       Srinivas had not had a chance to read it yet.
       ACTION Reagle: touch bases with all those at last FTF to make sure
       they are comfortable with moving forward.
       Boyer: similar to understanding some of XPath, makes a distinction
       between unverifiable versus invalid.
       Eastlake: if we were doing a more API type specification, we would
       probably have focussed on the processor model a bit more.
       Eastlake: put something in Section 3 that makes it clear there is
       a potential state of unverifiable even if it might be valid.
       Simon: speaking of returning something other than invalid if the
       algorithm isn't available.
       Boyer: in XPath, "throw an exception to show the particular
       function/algorithm is not available."
       Eastlake: write two sentences as proposal for unverifiable.
     * DTD/Schema inline/appendices (8 minutes)
       Stay with what we have.
     * Place for semantics (10 minutes)
       Go with text as it is minimal and clarifying: "While the signing
       application should be very careful about what it signs (it should
       understand what is in the SignatureProperty) a receiving
       application has no obligation to understand that semantic (though
       its parent trust engine may wish to)." More extensive text can be
       proposed, but go with we have and we'll probably get comments and
       arguments.
     * Other topics (7 minutes)
       Boyer: present XPath specified (in DSig) doesn't preserve the DTD
       or declaration. John could change it if necessary, are there any
       requests? Also, preserving order of comments in and around that
       declaration could be done, but seems too complex.
       Boyer: little difficulty with idea that we'd have an XPath
       specified in UTF-8 that operates over a UTF-16 document. The XPath
       application will be comparing a 3 byte sequence for a 16 byte
       sequence. Eastlake: present text seems ok. Reagle: an Xpath
       application could use whatever internal representation it wants
       but should be able to handle this regardless.
       Generate a candidate last call by 21st, move forward with last
       call on the 28th.




_________________________________________________________
Joseph Reagle Jr.   
Policy Analyst           mailto:reagle@w3.org
XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
Received on Thursday, 17 February 2000 14:03:02 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:09 GMT