- From: ext Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Mon, 13 Aug 2007 11:32:48 -0400
- To: XMLSec <public-xmlsec-maintwg@w3.org>
- Cc: Hirsch Frederick <frederick.hirsch@nokia.com>
Agenda: W3C XML Security Specifications Maintenance WG (XMLSec) v2
Teleconference 13 August 2007
Distributed Meeting #13
v2 reordered to focus on concluding XML Signature changes, update
with latest mailing list items, fix upcoming meeting scribe info
9-10am Eastern Time
(6-7am Pacific, 1400-1500 Dublin, 1500-1600 CET, 1600-1700 Crete)
See <http://www.w3.org/2007/xmlsec/Group/Overview.html> for time in
other time zones.
Zakim Bridge:
+1.617.761.6200 conference code 965732# ('XMLSEC')
IRC Chat:
irc.w3.org (port 6665), #xmlsec
Web-based IRC (member-only):
<http://cgi.w3.org/member-bin/irc/irc.cgi>
Please note that attendance of XMLSEC WG telecons is restricted to
registered WG participants and persons invited by the chair.
Chair:
Frederick Hirsch
Regrets:
Juan Carlos Cruellas
1) Administrivia: scribe confirmation, next meeting, other
1a) Sean Mullan is scheduled to scribe.
The current scribe list is at the end of this message.
Scribe Instructions (updated):
http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html
1b) Meeting planning
Next meetings:
Tuesday 21 August, Scribe: Giles Hogben
Tuesday 28 August, Scribe: Phill Hallam-Baker
November plenary, 8-9 November (and possibly 10th) scheduled
http://lists.w3.org/Archives/Member/member-xmlsec-maintwg/2007Jul/
0005.html
1c) Workshop Reminder: position papers due today, 14 August,
including from WG members.
Chairs of workshop will not submit position papers.
Announcement: http://www.w3.org/2007/xmlsec/ws/
CFP: http://www.w3.org/2007/xmlsec/ws/cfp.html
Information about writing position paper:
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jul/
0056.html
Submission mailing list archive:
http://lists.w3.org/Archives/Member/member-xmlsec-submit/
Three submitted so far.
1d) Other
Updated administrative web page
http://lists.w3.org/Archives/Member/member-xmlsec-maintwg/2007Aug/
0000.html
2) Review and approval of last meeting's minutes
http://www.w3.org/2007/08/07-xmlsec-minutes
3) Action item review
Open actions are listed in Tracker at http://www.w3.org/2007/
xmlsec/Group/track/actions/open
Text list: http://www.w3.org/2007/xmlsec/actions-open.html
Procedure for closing actions: http://www.w3.org/2007/xmlsec/Group/
Overview.html#closing-actions
[OPEN] ACTION-26: Thomas Roessler to draft CG note draft for
submission to XML CG - due 2007-08-30
[OPEN] ACTION-50: Thomas Roessler to Create workshop logistics page -
due 2007-08-15
[OPEN] ACTION-65: Juan Carlos Cruellas to develop/retrieve test cases
for C14N with comments, scheme-based xpointers - due 2007-07-24
New content in latest draft for Scheme Based XPointers
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Aug/
0004.html
Keep open - additional information: http://lists.w3.org/Archives/
Public/public-xmlsec-maintwg/2007Jul/0054.html
[OPEN] ACTION-68: Sean Mullan to Develop RFC 4514 / RFC 2253 test
cases - due 2007-07-24
see http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jul/
0024.html and Juan Carlos message http://lists.w3.org/Archives/Public/
public-xmlsec-maintwg/2007Aug/0004.html
[OPEN] ACTION-71: Sean Mullan to Send e-mail to list on UTF-8 and
printable UTF-8 strings - due 2007-08-07
See agenda item 6.
[OPEN] ACTION-72: Konrad Lanz to Review existing use of XML Signature
and Xpointer with respect to new redline - due 2007-08-07
[OPEN] ACTION-73: Konrad Lanz to Check which xpointers are used and
where, contact ebics etc - due 2007-08-07
Note opened additional ACTION-79 based on Konrad's issue, see agenda
item 4d.
[OPEN] ACTION-74: Thomas Roessler to Update Acknowledgements section
in XML SIgnature 2nd edition - due 2007-10-09
[OPEN] ACTION-75: Juan Carlos Cruellas to Carlos add test case for
RFC 4514 warning - due 2007-08-14
[OPEN] ACTION-76: Frederick Hirsch to Make changes to document to (a)
clarify same-document URI reference, (b) change reference to URI -
due 2007-08-14
Done see agenda item 4b.
[OPEN] ACTION-77: Frederick Hirsch to Update algorithm URIs for
c14n11 - due 2007-08-14
Done see agenda item 4a.
[OPEN] ACTION-78: Frederick Hirsch to Put note about corrected
appendix A all over the place, including editor's note in xmldsig-
core editor's draft - due 2007-08-14
Done see agenda item 4c.
[OPEN] ACTION-79: Frederick Hirsch to Update [XML Signature] since
URI-Literal/ RFC 2732 obsoleted by 3986.
Open, see agenda item 4d for proposal.
4) XML Signature Editors Draft - Wrap up changes
http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/
4a) ACTION-77 done, Update C14N11 algorithm URIs
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Aug/
0010.html
4b) ACTION-76 done, (a) clarify same-document URI reference, (b)
change reference to URI
see http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Aug/
0011.html
and red-lining correction http://lists.w3.org/Archives/Public/public-
xmlsec-maintwg/2007Aug/0020.html
Comment on change in 4.3.3.1 http://lists.w3.org/Archives/Public/
public-xmlsec-maintwg/2007Aug/0013.html
4c) ACTION-78 done, put note about corrected appendix A all over the
place, including editor's note in xmldsig-core editor's draft
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Aug/
0017.html
4d) URI-Literal/RFC 2732 fix: ACTION-79 - proposal made, Update [XML
Signature] since URI-Literal/ RFC 2732 obsoleted by 3986.
see http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Aug/
0023.html
Thomas: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/
2007Aug/0036.html
Revised proposed changes:
1. Remove from Section 4.3.3.1, "The URI Attribute, the following text:
"However, some Unicode characters are disallowed from URI references
including all non-ASCII characters and the excluded characters listed
in RFC3986 [URI, section 2.4]. However, the number sign (#), percent
sign (%), and square bracket characters re-allowed in RFC 2732 [URI-
Literal] are permitted."
http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec-URI
2. Change "Disallowed characters must be escaped as follows:"
to
"Characters disallowed in URI references by [URI] MUST be escaped as
specified in [URI]:"
3. Remove URI-Literal from list of references, i.e. remove:
"URI-Literal
RFC 2732. Format for Literal IPv6 Addresses in URL's. R. Hinden,
B. Carpenter, L. Masinter. December 1999.
http://www.ietf.org/rfc/rfc2732.txt"
Change consistent with Konrad's message -
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Aug/
0008.html
4e) Deprecating XPointer decision
Frederick: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/
2007Aug/0018.html
Thomas: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/
2007Aug/0037.html
Proposal: In section 4.3.3.2 The Reference Processing Model,
Replace "Support of the xpointer() scheme [XPointer-xpointer] beyond
the minimal usage discussed in this section is discouraged." with
"[XPointer-xpointer] is in Working Draft status as of publication of
this edition of XML Signature. Therefore, support of the xpointer()
scheme beyond the minimal usage discussed in this section is
discouraged."
http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec-
ReferenceProcessingModel
4f) Record WG resolution *not* to list Exclusive algorithms explicitly.
http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec-c14nAlg
Note that exclusive canonicalization is explicitly mentioned in
Section 6.5.
There has been no discussion of this item on the list or call since
31 July, http://www.w3.org/2007/07/31-xmlsec-minutes .
5) Test case document
Warning: Source, xslt, and html are now in CVS. Please only edit
version from CVS.
Editors Draft link: http://www.w3.org/2007/xmlsec/interop/xmlsig-
interop-doc/testcases.html
5a) ACTION-78 done, put note about corrected appendix A all over the
place, including editor's note in xmldsig-core editor's draft
note added to test cases document
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Aug/
0017.html
5b) Stand-alone executable files for each test case needed.
Input, output, possibly context.
5c) Review comments:
Frederick: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/
2007Aug/0031.html
Note: use signatures even for C14N is twofold, automated testing,
universable usability by implementations, HMAC-SHA-1
6) Best Practices - reversibility warning
Request for ASN.1 expert review - Ed, http://lists.w3.org/Archives/
Public/public-xmlsec-maintwg/2007Aug/0035.html
Put latest draft text on wiki?
- additional review for warning
- add item to interop test draft
7) Test case process outline on wiki
see http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jul/
0025.html
8) Decryption Transform
8a) Change to correspond to Signature change regarding fragments
(ACTION-76)
Proposal: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/
2007Aug/0012.html
8b) In general, more changes needed related to XPointer issues
9) C14N11 - Appendix A
Konrad had pointed out some issues with Appendix A at
http://lists.w3.org/Archives/Public/public-xml-core-wg/2007May/0046
Appendix update: Konrad
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/
0073.html
includes changes from Juan Carlos.
10) Any other business
11) Adjourn
Scribe list
-----------
Elisabetta Carrara
Ram Mohan
Chris Nautiyal
Rich Salz
Daniel Schutzer
Andrew Sullivan
Panagiotis Trimintzios
Tarun Tyagi
Gregory Berezowsky (F2F 3 May 07 am)
Sean Mullan (F2F 3 May 07 pm)
Juan Carlos Cruellas (15 May 2007)
Phillip Hallam-Baker (22 May 2007)
Giles Hogben (29 May 2007)
Konrad Lanz (6 June 2007)
Donald Eastlake (12 June 2007)
Peter Lipp (Konrad, 19 June 2007)
Ed Simon (26 June 2007)
Hal Lockhart (10 July 2007)
Thomas Roessler (17 July 2007, 17 Apr 07)
Anthony Nadalin (31 July 2007)
Rob Miller (F2F 2 May 07 pm, 7 Aug 07)
Received on Monday, 13 August 2007 15:33:23 UTC