- From: ext Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Mon, 9 Jul 2007 09:29:12 -0400
- To: XMLSec <public-xmlsec-maintwg@w3.org>
- Cc: Hirsch Frederick <frederick.hirsch@nokia.com>
Agenda: W3C XML Security Specifications Maintenance WG (XMLSec) v2
Teleconference 10 July 2007
Distributed Meeting #9
v2: updates for ACTION-60 and ACTION-56, re-opened interop
questionnaire, added scribe for 17 July.
9-10am Eastern Time
(6-7am Pacific, 1400-1500 Dublin, 1500-1600 CET, 1600-1700 Crete)
See <http://www.w3.org/2007/xmlsec/Group/Overview.html> for time in
other time zones.
Zakim Bridge:
+1.617.761.6200 conference code 965732# ('XMLSEC')
IRC Chat:
irc.w3.org (port 6665), #xmlsec
Web-based IRC (member-only):
<http://cgi.w3.org/member-bin/irc/irc.cgi>
Please note that attendance of XMLSEC WG telecons is restricted to
registered WG participants and persons invited by the chair.
Chair:
Frederick Hirsch
Regrets:
none
1) Administrivia: scribe confirmation, next meeting, other
1a) Hal Lockhart is scheduled to scribe.
The current scribe list is at the end of this message.
Scribe Instructions:
http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html
1b) Meeting planning
Next meeting: Tuesday 17 July. Scribe: Thomas Roessler
1c) Workshop, please solicit position papers
Announcement: http://www.w3.org/2007/xmlsec/ws/
CFP: http://www.w3.org/2007/xmlsec/ws/cfp.html
1d) Decryption Transform status
Notice of status sent on members only lists
http://lists.w3.org/Archives/Member/member-xmlsec-maintwg/2007Jun/
0022.html
2) Review and approval of last meeting's minutes
http://www.w3.org/2007/06/26-xmlsec-minutes
3) Action item review
Open actions are listed in Tracker at http://www.w3.org/2007/
xmlsec/Group/track/actions/open
Procedure for closing actions: http://www.w3.org/2007/xmlsec/Group/
Overview.html#closing-actions
[OPEN] ACTION-35: Rich Salz to Review Konrad's message re xml:base by
next call - due 2007-06-05
[OPEN] ACTION-50: Phillip Hallam-Baker to Create workshop logistics
page - due 2007-06-19
[OPEN] ACTION-53: Thomas Roessler to Work toward publication of
xmlenc-decrypt11 as Last Call WD - due 2007-06-26
[OPEN] ACTION-56: Thomas Roessler to Give Juan Carlos, Sean, Konrad
access to interop web space in CVS - due 2007-07-03
In progress, see http://lists.w3.org/Archives/Public/public-xmlsec-
maintwg/2007Jul/0004.html
[OPEN] ACTION-57: Juan Carlos Cruellas to Get us started on test
cases - due 2007-07-03
Done - see http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/
2007Jul/0001.html
See agenda item 4b.
[OPEN] ACTION-58: Sean Mullan to Create test re rfc 2253 vs rfc 4514
implementations - due 2007-07-03
[OPEN] ACTION-59: Thomas Roessler to Summarize his comments on the
mailing list to record his detailed thinking about 4514 - due 2007-07-03
Done, see http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/
2007Jun/0080.html
[OPEN] ACTION-60: Juan Carlos Cruellas to Investigate mime types vs
uri for next meeting -due 2007-07-10 - due 2007-07-03
Done see http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/
2007Jul/0005.html
Agenda item 6
4) Interop planning
4a) Questionnaire
8 Attendees, 2 implementations as of 30 June questionnaire.
We have opened the questionnaire through 30 July, please respond
before next week if possible so WG can plan based on results.
Please respond now to: http://www.w3.org/2002/09/wbs/40279/interop-
sched/
Any risks or issues with implementations that WG needs to know about?
http://www.w3.org/2002/09/wbs/40279/interop-sched/results
4b) Test case creation and review
Please review draft from Juan Carlos
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jul/
0001.html
See agenda item 8.
5) XML Signature Draft
5a) Accept current editors draft, with additional changes?
http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec-X509Data
- reference to RFC2253 updated to RFC4515
- "should" to "MAY" at end of 4.4.4
- conversion of last bullet to additional text, since not
augmentation of encoding rules
- replaced "string encoding rules" with "character escaping rules"
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/
0071.html
Comment from Konrad
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/
0074.html
Verify that changing from RFC 2253 to RFC 4514 does not introduce any
problems
Thomas: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/
2007Jun/0075.html
Note: WG members can live with:
Defer removal of \20 rule to next version of Signature, summarize
issue in best practices document
5b) XML escaping
Angle brackets, ampersand, can cause XML to be ill-formed.
Konrad: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/
2007May/0041.html
Thomas: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/
2007May/0048.html
Proposed Resolution: Agree to close this issue with no change?
5c) encoding leading space, forgotten? Or remove requirement to
escape trailing space?
Konrad: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/
2007Jun/0004.html
Need to add to bullet list in section 4.4.4. (see agenda item 7a)?
or get rid of item for trailing space, which should be insignificant?
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/
0051.html Konrad
Proposed Resolution: Agree to defer to subsequent work on Signature?
5d) Add warning?
warning similar to that of section 7.2 of RFC 2253: http://
www.ietf.org/rfc/rfc2253.txt
Sean: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/
2007Jun/0015.html
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/
0024.html
Proposed resolution: Record as best practice item in wiki?
5e) Reversibility of string to DER/BER encoding not guaranteed
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/
0021.html , Juan Carlos
Issue of reversibility
section 5.2 http://tools.ietf.org/html/rfc4514
and proposed approach:
"state a repertoire of attribute short names that all applications
must know and then strongly
recommend to use the form "dotted oid of the attribute = hex
representation of the BER/DER encoding of the value" for the rest of
not so well-known or even privately defined attributes"
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/
0049.html , Ed Simon
"I agree that XMLSig DName encoding rules should address the last
paragraph of Section 5.2 in RFC 4514:
http://tools.ietf.org/html/rfc4514"
Second point about removing KeyInfo material from DSig out of scope
for charter and for roadmap?
Update wiki?
Ask IETF for DName canonicalization, drop issue?
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/
0052.html , Konrad
Proposed Resolution: Record as issue for next version of Signature
and/or add note to best practice wiki
6) XML Signature: ds:Reference type as URI versus ds:Object Mime Type
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/
0000.html , Juan-Carlos
see http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jul/
0005.html
7) C14N11
7a) Current status
From XML Core public list
http://lists.w3.org/Archives/Public/public-xml-core-wg/2007Jun/0049.html
The C14N 1.1 Candidate Recommendation is published at
http://www.w3.org/TR/2007/CR-xml-c14n11-20070621
Konrad had pointed out some issues with Appendix A at
http://lists.w3.org/Archives/Public/public-xml-core-wg/2007May/0046
7b) Appendix A recommendation
Appendix update: Konrad
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/
0073.html
includes changes from Juan Carlos.
Review actions:
ACTION-35 Rich Salz
ACTION-36 Juan Carlos Cruellas,
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/
0029.html
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/
0041.html
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/
0035.html
ACTION-37 Sean Mullen, closed with:
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/
0065.html
Appendix update: Konrad
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/
0073.html
8) Interop Test Case review
i) Regression tests
Which original test cases to use for C14N11 and XML Signature
ii) test defined in new C14N11 example (as updated)
<http://www.w3.org/XML/Group/2007/05/CR-xml-c14n11-20070509>
iii) Tests for Errata
Agreed at F2F that no tests needed for E02-E05
Test for E01?
iv) Action to review and summarize test for E06, test for base64
URI? Test exists but not well-defined?
v) Additional tests
- test case for 1.0 as default see if 1.1 by mistake
- test case which checks for correct sig when xml:base is present
- test case which checks for correct sig when xml:id is present
- generate sig over doc subset, must include c14n11 as final transform
- new generators not rely on default c14n
- conversion NodeSetData to OctetStreamData:
- Generate a signature having a reference with some xpath transform
selecting NodeSetData
then we add a XSLT transform that clearly needs OctetStreamData.
Check on verification: if the resulting signature actually made the
use of c14n 1.1 explicit in the chain of transforms
9) Any other business
10) Adjourn
Scribe list
-----------
Elisabetta Carrara
Hal Lockhart
Ram Mohan
Anthony Nadalin
Chris Nautiyal
Rich Salz
Daniel Schutzer
Andrew Sullivan
Panagiotis Trimintzios
Tarun Tyagi
Thomas Roessler (17 Apr 07)
Greg Whitehead (F2F 2 May 07 am)
Rob Miller (F2F 2 May 07 pm)
Gregory Berezowsky (F2F 3 May 07 am)
Sean Mullan (F2F 3 May 07 pm)
Juan Carlos Cruellas (15 May 2007)
Phillip Hallam-Baker (22 May 2007)
Giles Hogben (29 May 2007)
Konrad Lanz (6 June 2007)
Donald Eastlake (12 June 2007)
Peter Lipp (Konrad, 19 June 2007)
Ed Simon (26 June 2007)
Received on Monday, 9 July 2007 13:29:26 UTC