- From: Juan Carlos Cruellas <cruellas@ac.upc.edu>
- Date: Wed, 18 Apr 2007 09:59:43 +0200
- To: Frederick Hirsch <frederick.hirsch@nokia.com>
- CC: XMLSec <public-xmlsec-maintwg@w3.org>, ext Thomas Roessler <tlr@w3.org>
UPC would be willing to participate in interop tests with its XMLSig implementation. Regards Juan Carlos. Frederick Hirsch wrote: > > As noted on the call, our next meeting is the F2F 2-3 of May. If you > have not responded to the questionnaire please do so before the end of > this week. Please fill it out even if you do not plan to attend. > <http://www.w3.org/2002/09/wbs/40279/xmlsecbos0705/> Thanks if you > already filled it out. > > Please volunteer on the list to scribe at the F2F - thanks Rob for > volunteering for Wed afternoon (2 May). > > Scribing volunteers needed: > Wed morning 2 May - ? > Wed afternoon 2 May - Rob Miller > Thur morning 3 May - ? > Thur afternoon 3 May - ? > > I think Tony made a good suggestion regarding the need for Test Cases > to drive interop. If anyone has any that you can post to the list > before the F2F that would be very helpful. It would also be useful to > know at the F2F who knows now that they will be able to interop. > > Please review the minutes Thomas distributed. As I mentioned, one goal > at the F2F is to bring any comment on Canonical XML 1.1 to XML Core as > a result of the F2F, so please review Canonical XML 1.1 in advance of > the F2F and please raise any comment on the public XMLSec list. > > If you can volunteer to give an overview of Decryption Transform > please let me know. > > Based on the questionnaire it looks like our regular teleconference > slot will be Tuesdays at 9 am Eastern > (6am PT, 3pm Berlin, 13:00 UTC) since that was preferred time which > everyone could live with, but there is no additional call before the F2F. > > Thanks > > regards, Frederick > > Frederick Hirsch > Nokia > > > On Apr 17, 2007, at 11:09 AM, ext Thomas Roessler wrote: > >> >> Draft minutes from today's meeting are available here: >> >> http://www.w3.org/2007/04/17-xmlsec-minutes >> >> A text version is included below the .signature. >> --Thomas Roessler, W3C <tlr@w3.org> >> >> >> >> >> >> [1]W3C >> >> - DRAFT - >> >> XML Sec Weekly >> >> 17 Apr 2007 >> >> [2]Agenda >> >> See also: [3]IRC log >> >> Attendees >> >> Present >> Frederick Hirsch >> Thomas Roessler >> Giles Hogben >> Rob Miller >> Shawn Mullen >> Hal Lockhart >> Ed Simon >> Greg Whitehead >> Juan Carlos Cruellas >> Anthony Nadalin >> Konrad Lanz >> Rich Salz >> >> Regrets >> Chair >> fjh >> >> Scribe >> tlr >> >> Contents >> >> * [4]Topics >> 1. [5]Welcome >> 2. [6]charter review >> 3. [7]face-to-face agenda >> * [8]Summary of Action Items >> _________________________________________________________________ >> >> Welcome >> >> <klanz2> dialing in >> >> <jcc> can you read me? >> >> <cgi-irc> test >> >> <hal> for some reason initially this channel was not listed >> >> <cgi-irc> test >> >> fjh: thanks for joinig, I'm Frederick, ... >> ... thomas will scribe today, thanks ... >> ... maybe do a quick round of introductions here ... >> >> rdm: Rob Miller, Security Engineer, MITRE, XML wrt architectural >> issues >> ... having fun with NSA and cross-domain solutions ... >> ... would be happy to talk about that at f2f ... >> >> shawn: Shawn Mullen, Sun Microsystems, working on XML Sig for past >> few >> years, implementor >> ... have implementation shipping as part of JDK, committer for >> Apache ... >> >> EdSimon: Ed Simon, working with xmlsec which is private consulting >> firm ... >> ... co-author of xml signature and xml encryption specs ... >> ... keen to hear how people use it, what the issues are ... >> ... Invited Expert ... >> >> grw: Greg Whitehead, HP, architect in IDM software group, one of >> original >> specs' authors ... >> ... shed light on carzy things that were thought back then ... >> >> hal: standards full-time for BEA, mostly security standards ... >> ... involved with a bunch of standards that use XML Sig and Enc ... >> ... you name it ... >> ... main interest in follow-on work ... >> ... spurious validation errors associated with DSig ... >> ... maybe also tweak encryption .. >> >> JuanCarlosCruellas: Polytech Univ Catalunia ... >> ... standardization involvement for a while ... >> ... worked on XADES development around ETSI ... >> ... editor during two last years (?) ... >> ... involved with DSS TC @ OASIS ... >> ... main interest is to cooperate in followup ... >> ... on stdzation of XML security ... >> ... implementation experience ... >> >> Nadalin: Tony Nadalin, IBM, worked with Shawn on Java >> implementation of XML >> Sig and Enc ... >> ... WS-Security, -Trust, other specs ... >> ... most interested in follow-on work ... >> ... severe performance problems with Sig and Enc ... >> ... large footprints, figure out what to do wrt moving forward >> with this >> tech ... >> >> klanz2: Konrad Lanz, Stiftung Secure Information Communication >> Technology >> (?) @ Graz University ... >> ... involved in maintaining implementations ... >> ... including Sig, Enc, OASIS DSS, some other Java toolkits ... >> ... involved in standardization work in OASIS, DSS TC there ... >> ... main interest in robustness of XML Signatures, false negatives >> are >> rather bad ... >> >> fjh: Working in security standards for some time, including >> original specs, >> will chair this working group ... >> ... interest in having stuff converge, not have multiple versions >> of things >> ... >> >> giles: Giles Hogben, ENISA, European Network & Info Sec Agency ... >> ... identity management lead there ... >> ... main interest is to see work on European qualified signatures, >> XADES >> within roadmap ... >> ... worked in the P3P working group where chaired a task force >> that dealt >> with XML Dsig ... >> >> tlr: W3C Team, main interest is to get the different communities >> that have >> stakes in XML Signature & friends together at one table >> >> fjh: agenda bashing ... >> ... will talk briefly about scribing, schedule, charter, and look >> at agenda >> for face-to-face ... >> ... do people feel anything needs to be added? >> >> - silence - >> >> fjh: scribe role will rotate, chair excused from scribing ... >> ... haven't got exact mechanism down ... >> ... for 2/3 May face-to-face, will need scribes for mornings and >> afternoons >> ... >> ... if want to volunteer now, that would be helpful ... >> ... if you want to select a spot now, speak up ... >> >> Note you can also type it into the record through IRC >> >> fjh: or send e-mail ... >> >> <rdm> I can scribe on the afternoon of May 2. >> >> scheduling the weekly call, first choice is 9am Eastern slot on >> Tuesdays, >> 10am second >> >> fjh: tentatively plan on that time. We won't have a call before >> the >> face-to-face ... >> >> hal: if the West Coasters are happy about it, who are we East >> Coasters to >> complain? >> >> fjh: next meeting is 8:30-5pm in Cambridge, 2/3 May >> ... registration form and logistics; please fill in registration ... >> ... any concerns or questions re face-to-face? ... >> >> - silence - >> >> charter review >> >> [9]http://www.w3.org/2005/Security/xmlsig-charter >> >> <fjh> link for weekly scheduling results >> [10]http://www.w3.org/2002/09/wbs/40279/xmlsecweekly/results >> >> <fjh> f2f registration results page >> [11]http://www.w3.org/2002/09/wbs/40279/xmlsecbos0705/results >> >> <fjh> ballot still open for F2F, please register whether or not >> you plan to >> attend >> >> fjh: will just go through charter ... >> >> <klanz2> yes >> >> <Giles> yes >> >> fjh: goal is to do very limited work on the spec, and then suggest >> charter >> for further work ... >> ... there is some other items, such as a note ... >> ... basic idea is to do minimum changes, then consider next steps ... >> ... fairly short time line especially if consider interop ... >> ... confidentiality: plan to do everything in public ... >> ... we have an administrative list for things like sending regrets >> or few >> member-confidential items ... >> ... use that sparingly ... >> ... Frederick to chair, Thomas to team-contact ... >> ... suspect 3 face-to-face meetings ... >> ... first one in May, second as workshop, third @ tech plenary ... >> ... 6-8 november ... >> >> [12]http://www.w3.org/2002/09/TPOverview.html >> >> scribe: need to talk about specific slots to take in that week ... >> ... May 8 is conflicting wiht AC meeting; will send out e-mail >> about that >> ... >> >> fjh: background and scope has links to background material; >> there's reading >> list on home page as well >> ... XML Sig was 1999-2002 ... >> ... produced a bunch of recs ... >> ... how to sign/encrypt XML and other stuff and encapsulate >> results in XML >> ... >> ... Canonical XML to make signatures verify despite surface >> changes ... >> ... there's C14N 1.1 from XML Core ... >> ... that work is in last call ... >> ... one of the things to do is to comment on that ... >> ... get feedback to them ... >> >> <fjh> ck klanz2 >> >> klanz2: to clarify, C14N 1.1 fixes xml:id and xml:base issues, not >> related >> to xml 1.1 >> ... there's also a wiki done by konrad and Jose Kahan .. >> ... will post pointer to IRC ... >> >> <klanz2> [13]http://esw.w3.org/topic/XML-Dsig?highlight=%28xml%29 >> >> <klanz2> go ahead >> >> fjh: useful to know, thanks >> ... deliverables ... >> ... two initial ones that we need to be careful with the timing ... >> ... Syntax & Processing / Decryption Transform ... >> ... we'll need to do interop testing on these ... >> ... review of both of them ... >> ... for Syntax & Processing - since this was joint effort - give >> the IETF a >> chance to have a last call review and have published as RFC ... >> ... get on track fairly quickly at face-to-face ... >> ... with XML Sig, starting with REC, move it to Proposed Edited >> Rec ... >> ... part of doing this is to limit the changse - no new >> features, no >> conformance-affecting things except for the bits that we know of ... >> ... we're shortcutting process on that one ... >> ... decryption trasnform back to Working Draft, then go through >> the process >> ... >> ... there's some work that outlines proposed changes ... >> ... fold in some of the errata as well ... >> >> <fjh> thomas: should look at reading list and Note that Thomas >> produced >> indicating the changes that need to be done >> >> <fjh> ... this would be very useful to help those with >> implementations >> >> <fjh> ... so we can get to interop and testing more easily and >> quickly >> >> <fjh> ... please indicate to those in your companies doing >> implementations >> as soon as possible >> >> <fjh> ... so we can get a start on interop >> >> fjh: the sooner we get started on interop, the better we'll be off >> ... process details to be discussed at f2f ... >> ... rec track deliverables are the timing critical ones due to >> review and >> interop ... >> ... SHOULD do a charter for further work, reach out to other >> communities ... >> ... MAY do a note on best practices ... >> ... might be something to do without extra work ... >> ... we might be able to document things as we go ... >> ... but the REC track deliverables and chartering work have >> priority ... >> ... use wiki to document ideas and issues as we go, also as input >> for >> chartering ... >> ... might have workshop ... >> ... meetings ... >> ... weekly, and face-to-faces .. >> ... plan to have phone bridge in Cambridge ... >> ... critical sentence in the deliverables and schedule is "early >> interop >> testing" ... >> ... from introductions, looks like we're in good shape ... >> ... please indicate who will actually participate in interop >> testing ... >> ... private e-mail is fine, don't want to put folks on the spot >> right now >> ... >> ... dependencies, obviously XML Core ... >> >> >> [14]http://lists.w3.org/Archives/Member/member-xmlsec-maintwg/2007Mar/0001.h >> >> tml >> >> scribe: XML Core closes Last Call before our f2f, but they're >> prepared to >> accept late comments from us ... >> ... please review C14N 1.1 before f2f ... >> ... comments to share on the list? ... >> ... also, things noteworthy on the wiki? If so, Konrad please send >> mail ... >> ... there's also XML Coordination Group ... >> >> fjh: uwa dependency? >> >> tlr: in response to member input during AC review; mostly for >> charter work >> >> klanz2: happen to be in the XML Core WG >> ... they're not particularly eager to keep C14N as a deliverable ... >> >> tlr: change of rec-track deliverables requires rechartering >> >> <fjh> thomas: would prefer to avoid the necessary AC review to >> recharter >> XMLSec Maint >> >> tlr: would rather avoid that during the next half year ... >> >> fjh: external dependencies -- ietf, trying to get out as an RFC, >> but attempt >> not to have that as a blocking point ... >> ... DSS and its future ... >> ... WS-I, basic security profile and other things, future work ... >> ... Liberty ... >> ... there are probably others; if we should be collaborating with >> other >> organizations and are able to help with that, please speak up on >> the list >> ... >> ... please cover patent policy essentials at face-to-face >> >> jcc: ETSI should be acknowledged ... >> >> tlr: charter is cast in stone, but we can put the external >> relations >> somewhere on the web site >> ... and do that as a living document ... >> >> fjh: jcc to send material to list >> >> <Giles> Please add Xades to list >> >> <scribe> ACTION: Cruellas to send note on ETSI liaison to mailing >> list >> [recorded in >> [15]http://www.w3.org/2007/04/17-xmlsec-minutes.html#action02] >> >> <trackbot-ng> Created ACTION-2 - Send note on ETSI liaison to >> mailing list >> [on Juan Carlos Cruellas - due 2007-04-24]. >> >> face-to-face agenda >> >> <Giles> action on Xades too? >> >> >> [16]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Apr/0006.h >> >> tml >> >> <tlr> Giles, the ETSI liaison is supposed to be about XADES, I think. >> >> <Giles> Oh OK sorry >> >> fjh: think there needs to be additional item about interop ... >> ... propose adding something on that ... >> ... will start setup at 8:30 .. >> ... will start 9am sharp ... >> ... scribe volunteers please speak up on list ... >> ... note that scribing at f2f has its benefits ... >> ... going through inidividual points of agenda ... >> ... need somebody to do c14n 1.1 overview ... >> ... will talk to people this week about who is to do that ... >> ... people on their own for lunch, there's good stuff very close ... >> ... use C14N 1.1 for review? ... >> ... if people have comments, please post to list ... >> ... need a taker for decryption transform ... >> ... if you want to talk about it, please speak up this week ... >> ... thursday, setup at 8:30, start 9 sharp... >> ... attendance on both days? >> >> tlr: people indicated they'll join for *both* days >> >> fjh: interop important ... >> ... issues and implementation experience ... >> ... quick soundbites on issues and implementations ... >> ... 1h total? >> ... comments? >> ... after lunch, future steps ... >> ... charter, best practices; there are some editor / tooling / >> mechanics >> questions ... >> ... having raced through the agenda ... >> ... any comments? >> >> ??: sounds fine >> >> Tony: sounds good >> ... come up with somethig that we want to test >> ... use case / scenario ... >> >> fjh: can people contribute in advance? >> ... to have better use of our time ... >> ... aob? >> >> EdSimon: next meeting next week? >> >> fjh: tentatively had scheduled it ... >> ... then cancelled. ... >> ... next meeting will be the face-to-face ... >> ... from then on, 9-10 Eastern every Tuesday after that, apart of >> 8 May ... >> ... we'll confirm at f2f ... >> >> meeting adjourned >> >> <klanz2> thank you, bye >> >> Summary of Action Items >> >> [NEW] ACTION: Cruellas to send note on ETSI liaison to mailing >> list >> [recorded in >> [17]http://www.w3.org/2007/04/17-xmlsec-minutes.html#action02] >> >> [End of minutes] >> _________________________________________________________________ >> >> >> Minutes formatted by David Booth's [18]scribe.perl version 1.128 >> ([19]CVS >> log) >> $Date: 2007/04/17 15:07:48 $ >> >> References >> >> 1. http://www.w3.org/ >> 2. >> http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Apr/0001.html >> >> 3. http://www.w3.org/2007/04/17-xmlsec-irc >> 4. >> file://localhost/home/roessler/W3C/WWW/2007/04/17-xmlsec-minutes.html#agenda >> >> 5. >> file://localhost/home/roessler/W3C/WWW/2007/04/17-xmlsec-minutes.html#item01 >> >> 6. >> file://localhost/home/roessler/W3C/WWW/2007/04/17-xmlsec-minutes.html#item02 >> >> 7. >> file://localhost/home/roessler/W3C/WWW/2007/04/17-xmlsec-minutes.html#item03 >> >> 8. >> file://localhost/home/roessler/W3C/WWW/2007/04/17-xmlsec-minutes.html#ActionSummary >> >> 9. http://www.w3.org/2005/Security/xmlsig-charter >> 10. http://www.w3.org/2002/09/wbs/40279/xmlsecweekly/results >> 11. http://www.w3.org/2002/09/wbs/40279/xmlsecbos0705/results >> 12. http://www.w3.org/2002/09/TPOverview.html >> 13. http://esw.w3.org/topic/XML-Dsig?highlight=%28xml%29 >> 14. >> http://lists.w3.org/Archives/Member/member-xmlsec-maintwg/2007Mar/0001.html >> >> 15. http://www.w3.org/2007/04/17-xmlsec-minutes.html#action02 >> 16. >> http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Apr/0006.html >> >> 17. http://www.w3.org/2007/04/17-xmlsec-minutes.html#action02 >> 18. http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm >> 19. http://dev.w3.org/cvsweb/2002/scribe/ >> >
Received on Wednesday, 18 April 2007 07:59:42 UTC