W3C

- DRAFT -

XML Security Specifications Maintenance Working Group Teleconference
7 Aug 2007

Agenda

See also: IRC log

Attendees

Present
Thomas Roessler, Ed Simon, Sean Mullan, Konrad Lanz, Robert Miller, Frederick Hirsch, Giles Hogben, Phillip Hallam-Baker (IRC Only)
Regrets
Juan Carlos Cruellas
Chair
Frederick Hirsch
Scribe
Robert Miller

Contents

Administrivia

Next meeting: 14 Aug 2007, Sean to scribe

Info on position papers

http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jul/0056.html

<fjh> we all should be writing position papers. deadline is 14 Aug

<fjh> they need to get done this week

Review and approval of last meeting's minutes

http://www.w3.org/2007/07/31-xmlsec-minutes

RESOLUTION: minutes approved

Action Item Review

ACTION-26: remains open

<klanz2> working on a position paper and should have it done by the deadline

<tlr> there is quite a bit of work that needs to be done once the position papers start coming in

<tlr> early submission is best

<tlr> will discuss more next week

ACTION-50open and should be done by Thomas 14 Aug

ACTION-65open

ACTION-68open, Sean will confirm if it is done

<Sean> we have a test plan

<Sean> need to start implementing the test cases

<Sean> need to assign test cases for implementation

<tlr> I hear Sean saying "we need the test cases as data, as opposed to descriptions".

<tlr> sean, is that accurate?

<Sean> yes

ACTION-70closed, duplicate of 65

ACTION-71open

<tlr> http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Aug/0005.html

<scribe> ACTION: juan carlos add test case for RFC 4514 warning [recorded in http://www.w3..org/2007/08/07-xmlsec-minutes.html#action01]

<trackbot-ng> Created ACTION-75 - Carlos add test case for RFC 4514 warning [on Juan Carlos Cruellas - due 2007-08-14].

ACTION-72open

ACTION-73open

<klanz2> reviewing old and new XPointer, still in progress

<klanz2> discovered wide use of XPointer

<tlr:> need to verify we have comment list, parties in action-73 can use it

<tlr> public-xmlsec-comments@w3.org

<fjh>German Sparkasse?

<tlr> we are not deprecating anything that has not been depricated before

... this may be on the edge of our scope for the workshop

tlr: suggest asking for workshop position paper on XPointer and use cases

<tlr> it is important to understand the non web service use cases

<fjh> we will discuss XPointer later in the agenda

xmldsig-core draft

http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Aug/0007.html

<fjh>In this specification, a 'same-document' reference is defined as a

<fjh>URI-Reference that does not contain a URI. [URI]

<fjh>, in other words a hash sign ('#') followed by a fragment identifier [URI]."

<fjh> It makes perfect sense RFC 2396 , but not for RFC3986

... we may want to add some wording to clarify

<fjh> the hash is not technically part of the fragment so we will need to mention the hash

... should we just say a hash and a fragment identifier?

<klanz2> +1

<fjh>just say - In this specification, a 'same-document' reference is defined as a hash followed by a fragment identifier.

<klanz2> RFC 2396:

<klanz2> URI-reference = [ absoluteURI | relativeURI ] [ "#" fragment ]

<klanz2> absoluteURI = scheme ":" ( hier_part | opaque_part )

<klanz2> relativeURI = ( net_path | abs_path | rel_path ) [ "?" query ]

<tlr> defined as a URI refrence that consists of a hash sign ('#') followed by a fragment.

<tlr> URI-reference = URI / relative-ref

<klanz2> same_document_URI = [ "#" fragment ]

<fjh>In this document same-document reference ="#" fragment

<fjh>URI reference that consists of hash sign ('#') followed by fragment identifier or an empty URI

<tlr> fragment identifier -> fragment

<tlr> ACTION: frederick to make changes to document to (a) clarify same-document URI reference, (b) change reference to URI [recorded in http://www.w3..org/2007/08/07-xmlsec-minutes.html#action02]

<trackbot-ng> Created ACTION-76 - Make changes to document to (a) clarify same-document URI reference, (b) change reference to URI [on Frederick Hirsch - due 2007-08-14].

<tlr> http://www.w3.org/2006/12/xml-c14n11

<tlr:> need to define URI

<fjh>to replace @@ in draft

<fjh>use this through interop testing, at C14N11 to PR might change, use this until then

http://www.w3.org/TR/2007/CR-xml-c14n11-20070621/

<klanz2> it may be worth for the interop participants to be aware of comments in appendix A

<klanz2> should include changes in Appendix A in testing (in CR draft)

<fjh> we need to decide what to do about the URI

... any issues using the URI that Thomas has suggested?

<tlr> ACTION: frederick to update algorithm URIs for c14n11 [recorded in http://www.w3..org/2007/08/07-xmlsec-minutes.html#action03]

<trackbot-ng> Created ACTION-77 - Update algorithm URIs for c14n11 [on Frederick Hirsch - due 2007-08-14].

RESOLUTION: agree to use http://www.w3.org/2006/12/xml-c14n11 for c14n11 through interop (at least)

<fjh>are you saying that there are corrections to the C14N11 CR draft Appendix A that need to be considered?

<klanz2> http://lists.w3.org/Archives/Public/public-xml-core-wg/2007Jun/0050.html

<fjh>answer is yes, corrections to Appendix A in CR draft are not listed in CR draft but should be considered in our testing

<tlr> http://www.w3.org/TR/2007/CR-xml-c14n11-20070621

<tlr> http://lists.w3.org/Archives/Public/public-xml-core-wg/2007Jun/att-0050/Apendix_20060625.html

klanz2: The correct Appendix A for C14N11 is reflected in http://lists.w3.org/Archives/Public/public-xml-core-wg/2007Jun/att-0050/Apendix_20060625.html

<klanz2> http://lists.w3.org/Archives/Public/public-xml-core-wg/2007Jun/att-0050/Apendix_20060625.html

<fjh> we want to use the one that has been corrected by Konrad

<tlr> +1

<fjh>Need to have note that we are using update to CR

<fjh>+1

<fjh>Note needs to be in interop test document and interop event notes

<tlr> ACTION: frederick to put note about corrected appendix A all over the place, including editor's note in xmldsig-core editor's draft [recorded in http://www.w3..org/2007/08/07-xmlsec-minutes.html#action04]

<trackbot-ng> Created ACTION-78 - Put note about corrected appendix A all over the place, including editor's note in xmldsig-core editor's draft [on Frederick Hirsch - due 2007-08-14].

klanz2: concerned about strong discourage of XPointer, since have been available since 2002 and used

... should warn rather than discourage

<klanz2> Now: Support of the xpointer() scheme [XPointer-xpointer] beyond the minimal usage discussed in this section is discouraged.

<fjh>discouraged for future signature generation (?)

tlr: Those who use full XPointer should lobby for Xpointer advancement

<EdS> +1 to tlr

<klanz2> concerned that we are working on and not a revision

klanz2: addition binds all implementations, and this edition of XML Sig is an edition not revision

<EdS> Sounds like we are stuck; Let's think about this over next week.

<fjh> adjourned

Summary of Action Items

[NEW] ACTION: frederick to make changes to document to (a) clarify same-document URI reference, (b) change reference to URI [recorded in http://www.w3..org/2007/08/07-xmlsec-minutes.html#action02]
[NEW] ACTION: frederick to put note about corrected appendix A all over the place, including editor's note in xmldsig-core editor's draft [recorded in http://www.w3.org/2007/08/07-xmlsec-minutes.html#action04]
[NEW] ACTION: frederick to update algorithm URIs for c14n11 [recorded in http://www.w3..org/2007/08/07-xmlsec-minutes.html#action03]
[NEW] ACTION: juan carlos add test case for RFC 4514 warning [recorded in http://www.w3..org/2007/08/07-xmlsec-minutes.html#action01]
 
[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.128 (CVS log)
$Date: 2007/08/07 14:02:19 $