- From: ext Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Mon, 13 Aug 2007 11:32:48 -0400
- To: XMLSec <public-xmlsec-maintwg@w3.org>
- Cc: Hirsch Frederick <frederick.hirsch@nokia.com>
Agenda: W3C XML Security Specifications Maintenance WG (XMLSec) v2 Teleconference 13 August 2007 Distributed Meeting #13 v2 reordered to focus on concluding XML Signature changes, update with latest mailing list items, fix upcoming meeting scribe info 9-10am Eastern Time (6-7am Pacific, 1400-1500 Dublin, 1500-1600 CET, 1600-1700 Crete) See <http://www.w3.org/2007/xmlsec/Group/Overview.html> for time in other time zones. Zakim Bridge: +1.617.761.6200 conference code 965732# ('XMLSEC') IRC Chat: irc.w3.org (port 6665), #xmlsec Web-based IRC (member-only): <http://cgi.w3.org/member-bin/irc/irc.cgi> Please note that attendance of XMLSEC WG telecons is restricted to registered WG participants and persons invited by the chair. Chair: Frederick Hirsch Regrets: Juan Carlos Cruellas 1) Administrivia: scribe confirmation, next meeting, other 1a) Sean Mullan is scheduled to scribe. The current scribe list is at the end of this message. Scribe Instructions (updated): http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html 1b) Meeting planning Next meetings: Tuesday 21 August, Scribe: Giles Hogben Tuesday 28 August, Scribe: Phill Hallam-Baker November plenary, 8-9 November (and possibly 10th) scheduled http://lists.w3.org/Archives/Member/member-xmlsec-maintwg/2007Jul/ 0005.html 1c) Workshop Reminder: position papers due today, 14 August, including from WG members. Chairs of workshop will not submit position papers. Announcement: http://www.w3.org/2007/xmlsec/ws/ CFP: http://www.w3.org/2007/xmlsec/ws/cfp.html Information about writing position paper: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jul/ 0056.html Submission mailing list archive: http://lists.w3.org/Archives/Member/member-xmlsec-submit/ Three submitted so far. 1d) Other Updated administrative web page http://lists.w3.org/Archives/Member/member-xmlsec-maintwg/2007Aug/ 0000.html 2) Review and approval of last meeting's minutes http://www.w3.org/2007/08/07-xmlsec-minutes 3) Action item review Open actions are listed in Tracker at http://www.w3.org/2007/ xmlsec/Group/track/actions/open Text list: http://www.w3.org/2007/xmlsec/actions-open.html Procedure for closing actions: http://www.w3.org/2007/xmlsec/Group/ Overview.html#closing-actions [OPEN] ACTION-26: Thomas Roessler to draft CG note draft for submission to XML CG - due 2007-08-30 [OPEN] ACTION-50: Thomas Roessler to Create workshop logistics page - due 2007-08-15 [OPEN] ACTION-65: Juan Carlos Cruellas to develop/retrieve test cases for C14N with comments, scheme-based xpointers - due 2007-07-24 New content in latest draft for Scheme Based XPointers http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Aug/ 0004.html Keep open - additional information: http://lists.w3.org/Archives/ Public/public-xmlsec-maintwg/2007Jul/0054.html [OPEN] ACTION-68: Sean Mullan to Develop RFC 4514 / RFC 2253 test cases - due 2007-07-24 see http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jul/ 0024.html and Juan Carlos message http://lists.w3.org/Archives/Public/ public-xmlsec-maintwg/2007Aug/0004.html [OPEN] ACTION-71: Sean Mullan to Send e-mail to list on UTF-8 and printable UTF-8 strings - due 2007-08-07 See agenda item 6. [OPEN] ACTION-72: Konrad Lanz to Review existing use of XML Signature and Xpointer with respect to new redline - due 2007-08-07 [OPEN] ACTION-73: Konrad Lanz to Check which xpointers are used and where, contact ebics etc - due 2007-08-07 Note opened additional ACTION-79 based on Konrad's issue, see agenda item 4d. [OPEN] ACTION-74: Thomas Roessler to Update Acknowledgements section in XML SIgnature 2nd edition - due 2007-10-09 [OPEN] ACTION-75: Juan Carlos Cruellas to Carlos add test case for RFC 4514 warning - due 2007-08-14 [OPEN] ACTION-76: Frederick Hirsch to Make changes to document to (a) clarify same-document URI reference, (b) change reference to URI - due 2007-08-14 Done see agenda item 4b. [OPEN] ACTION-77: Frederick Hirsch to Update algorithm URIs for c14n11 - due 2007-08-14 Done see agenda item 4a. [OPEN] ACTION-78: Frederick Hirsch to Put note about corrected appendix A all over the place, including editor's note in xmldsig- core editor's draft - due 2007-08-14 Done see agenda item 4c. [OPEN] ACTION-79: Frederick Hirsch to Update [XML Signature] since URI-Literal/ RFC 2732 obsoleted by 3986. Open, see agenda item 4d for proposal. 4) XML Signature Editors Draft - Wrap up changes http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/ 4a) ACTION-77 done, Update C14N11 algorithm URIs http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Aug/ 0010.html 4b) ACTION-76 done, (a) clarify same-document URI reference, (b) change reference to URI see http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Aug/ 0011.html and red-lining correction http://lists.w3.org/Archives/Public/public- xmlsec-maintwg/2007Aug/0020.html Comment on change in 4.3.3.1 http://lists.w3.org/Archives/Public/ public-xmlsec-maintwg/2007Aug/0013.html 4c) ACTION-78 done, put note about corrected appendix A all over the place, including editor's note in xmldsig-core editor's draft http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Aug/ 0017.html 4d) URI-Literal/RFC 2732 fix: ACTION-79 - proposal made, Update [XML Signature] since URI-Literal/ RFC 2732 obsoleted by 3986. see http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Aug/ 0023.html Thomas: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/ 2007Aug/0036.html Revised proposed changes: 1. Remove from Section 4.3.3.1, "The URI Attribute, the following text: "However, some Unicode characters are disallowed from URI references including all non-ASCII characters and the excluded characters listed in RFC3986 [URI, section 2.4]. However, the number sign (#), percent sign (%), and square bracket characters re-allowed in RFC 2732 [URI- Literal] are permitted." http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec-URI 2. Change "Disallowed characters must be escaped as follows:" to "Characters disallowed in URI references by [URI] MUST be escaped as specified in [URI]:" 3. Remove URI-Literal from list of references, i.e. remove: "URI-Literal RFC 2732. Format for Literal IPv6 Addresses in URL's. R. Hinden, B. Carpenter, L. Masinter. December 1999. http://www.ietf.org/rfc/rfc2732.txt" Change consistent with Konrad's message - http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Aug/ 0008.html 4e) Deprecating XPointer decision Frederick: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/ 2007Aug/0018.html Thomas: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/ 2007Aug/0037.html Proposal: In section 4.3.3.2 The Reference Processing Model, Replace "Support of the xpointer() scheme [XPointer-xpointer] beyond the minimal usage discussed in this section is discouraged." with "[XPointer-xpointer] is in Working Draft status as of publication of this edition of XML Signature. Therefore, support of the xpointer() scheme beyond the minimal usage discussed in this section is discouraged." http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec- ReferenceProcessingModel 4f) Record WG resolution *not* to list Exclusive algorithms explicitly. http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec-c14nAlg Note that exclusive canonicalization is explicitly mentioned in Section 6.5. There has been no discussion of this item on the list or call since 31 July, http://www.w3.org/2007/07/31-xmlsec-minutes . 5) Test case document Warning: Source, xslt, and html are now in CVS. Please only edit version from CVS. Editors Draft link: http://www.w3.org/2007/xmlsec/interop/xmlsig- interop-doc/testcases.html 5a) ACTION-78 done, put note about corrected appendix A all over the place, including editor's note in xmldsig-core editor's draft note added to test cases document http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Aug/ 0017.html 5b) Stand-alone executable files for each test case needed. Input, output, possibly context. 5c) Review comments: Frederick: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/ 2007Aug/0031.html Note: use signatures even for C14N is twofold, automated testing, universable usability by implementations, HMAC-SHA-1 6) Best Practices - reversibility warning Request for ASN.1 expert review - Ed, http://lists.w3.org/Archives/ Public/public-xmlsec-maintwg/2007Aug/0035.html Put latest draft text on wiki? - additional review for warning - add item to interop test draft 7) Test case process outline on wiki see http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jul/ 0025.html 8) Decryption Transform 8a) Change to correspond to Signature change regarding fragments (ACTION-76) Proposal: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/ 2007Aug/0012.html 8b) In general, more changes needed related to XPointer issues 9) C14N11 - Appendix A Konrad had pointed out some issues with Appendix A at http://lists.w3.org/Archives/Public/public-xml-core-wg/2007May/0046 Appendix update: Konrad http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/ 0073.html includes changes from Juan Carlos. 10) Any other business 11) Adjourn Scribe list ----------- Elisabetta Carrara Ram Mohan Chris Nautiyal Rich Salz Daniel Schutzer Andrew Sullivan Panagiotis Trimintzios Tarun Tyagi Gregory Berezowsky (F2F 3 May 07 am) Sean Mullan (F2F 3 May 07 pm) Juan Carlos Cruellas (15 May 2007) Phillip Hallam-Baker (22 May 2007) Giles Hogben (29 May 2007) Konrad Lanz (6 June 2007) Donald Eastlake (12 June 2007) Peter Lipp (Konrad, 19 June 2007) Ed Simon (26 June 2007) Hal Lockhart (10 July 2007) Thomas Roessler (17 July 2007, 17 Apr 07) Anthony Nadalin (31 July 2007) Rob Miller (F2F 2 May 07 pm, 7 Aug 07)
Received on Monday, 13 August 2007 15:33:23 UTC