Agenda: Distributed meeting 2007-06-19 v3

Agenda: W3C XML Security Specifications Maintenance WG (XMLSec) v3
Teleconference 19 June 2007
Distributed Meeting #7

v2: added Hal regrets, Ed Simon next week scribing, update action 36,  
update 8c, add 8f to agenda, ask about 3 July teleconference.
v3 no regrets from Ed this time.

6 June, 9-10am Eastern Time
(6-7am Pacific, 1400-1500 Dublin, 1500-1600 CET, 1600-1700 Crete)

See <> for time in  
other time zones.

Zakim Bridge:
       +1.617.761.6200 conference code 965732# ('XMLSEC')
IRC Chat: (port 6665), #xmlsec
Web-based IRC (member-only):

Please note that attendance of XMLSEC WG telecons is restricted to  
registered WG participants and persons invited by the chair.

    Frederick Hirsch

    Hal Lockhart

1) Administrivia: scribe confirmation, next meeting

1a)   Peter Lipp (Konrad Lanz will do if Peter not available) is  
scheduled to scribe.

The current scribe list is at the end of this message.

    Scribe Instructions:

1b)   Meeting planning

Next meeting: Tuesday 26 June. Scribe: Ed Simon

Teleconference 3 July? (4 July Holiday in US)

2) Review and approval of last meeting's minutes

Draft minutes have been updated with regrets from Ed Simon, removal  
of +aaaa, +??P8 from attendee list. 

3) Action item review

    Open actions are listed in Tracker at 

Procedure for closing actions: 
[OPEN] ACTION-26: Thomas Roessler to draft CG note draft for  
submission to XML CG - due 2007-06-20

[OPEN] ACTION-35: Rich Salz to Review Konrad's message re xml:base by  
next call - due 2007-06-05

[OPEN] ACTION-36: Juan Carlos Cruellas to Review Konrad's message re  
xml:base by next call - due 2007-06-05

Close, see 

[OPEN] ACTION-37: Sean Mullan to Review Konrad's message re xml:base  
by next call - due 2007-06-05

[OPEN] ACTION-38: Ed Simon to Review Konrad's message re xml:base by  
next call - due 2007-06-05

[OPEN] ACTION-48: Juan Carlos Cruellas to Make proposal to resolve  
issue on 
2007Jun/0010.html - due 2007-06-12

[OPEN] ACTION-49: Konrad Lanz to Illustrate proposed changes by  
example - due 2007-06-12

Done see 

[OPEN] ACTION-50: Phillip Hallam-Baker to Create workshop logistics  
page - due 2007-06-19

[OPEN] ACTION-51: Thomas Roessler to See if RFC4514 is consistent  
with dsig encoding rules - due 2007-06-19

Done, see 

Agenda item 8a.

4) Workshop/CFP

W3C approved CFP:

Announcement on web:

Updated CFP:

WG members please solicit position papers.

5) Decryption Transform to Last Call

Current (updated) draft:

WG decision needed on this call to publish and issue Last Call.

6) DSig-Usage note


Move this work to XML Security Specifications Maintenance WG/

7) Interop testing participation and timing

    Interop testing expectations questionnaire results:

C14N11 - 4 yes, timing - early Q3?
DSig Core - 4 yes, early Q3?
Decrypt Transform - 10 No's. No interop?

Discuss interop scheduling and participation.

Request WG members to send proposals for test cases to list.

8) XML Signature Revision -  Errata 01 (Distinguished Name) issue

8a) Review and approve updated XML Signature draft section 4.4.4:

First two bullets under item #1 corrected to refer to  
X509IssuerSerial element and 509SubjectName elements
as in original, but with change to more specifically recommend  
compliance with section 3 of RFC2253.

Last paragraph updated to specify augmentation of RFC 2253 encoding  
rules,  eliminate bullet on escaping special characters, and to  
revise bullet on space encoding:

"To encode a distinguished name (X509IssuerSerial,X509SubjectName,  
and KeyName if approriate), the encoding rules in section 2 of RFC  
2253 [LDAP-DN] SHOULD be applied, except that the string encoding  
rules in section 2.4 of RFC 2253 [LDAP-DN] should be  augmented as  

*Consider the string as consisting of Unicode characters.
*Escape all occurrences of ASCII control characters (Unicode range  
\x00 - \x1f) by replacing them with "\" followed by a two digit hex  
number showing its Unicode number.
*Escape any trailing space characters (Unicode \x20) by replacing  
them with "\20", instead of using the escape sequence "\ ".
*Since a XML document logically consists of characters, not octets,  
the resulting Unicode string is finally encoded according to the  
character encoding used for producing the physical representation of  
the XML document.

Should rationale for use of "\20" instead of "\ " be mentioned in  

relationship to xml:space?, 
public-xmlsec-maintwg/2007Jun/0050.html Rich

8b) XML escaping

Angle brackets, ampersand, can cause XML to be ill-formed.



does last bullet in section 4.4.4 (see agenda item 7a) cover this?

Konrad noted it is non-issue: 

8c) encoding leading space, forgotten? Or remove requirement to  
escape trailing space?


Need to add to bullet list in section 4.4.4. (see agenda item 7a)?

or get rid of item for trailing space, which should be insignificant? 
0051.html Konrad

8d) Reference successor to  RFC 2253, RFC 4515

Consistent - implementations based on RFC 2253 ok with reference to  
RFC 4515? see A.1

8e) Add warning?

warning similar to that of section 7.2 of RFC 2253: http://

8f) Reversibility of string to DER/BER encoding not guaranteed 
0021.html , Juan Carlos

Issue of reversibility

section 5.2

and proposed approach:
"state a repertoire of attribute short names that all applications  
must know and then strongly
recommend to use the form "dotted oid of the attribute = hex  
representation of the BER/DER encoding of the value" for the rest of  
not so well-known or even privately defined attributes" 
0049.html , Ed Simon
"I agree that XMLSig DName encoding rules should address the last  
paragraph of Section 5.2 in RFC 4514:"

Second point about removing KeyInfo material from DSig out of scope  
for charter and for roadmap?
Update wiki?

Ask IETF for DName canonicalization, drop issue? 
0052.html , Konrad

9) XML Signature: ds:Reference type as URI versus ds:Object Mime Type 
0000.html , Juan-Carlos

10) C14N11 Review

Draft :

CR transition request: 

10a) merge path, C14N11 Appendix issue 
0044.html , Konrad Lanz

Action 35: Review Konrad's message re xml:base by next call, Rich Salz

Action 36 Review Konrad's message re xml:base by next call, Juan  
Carlos Cruellas 

Action 37 Review Konrad's message re xml:base by next call, Sean Mullan

Action 38 Review Konrad's message re xml:base by next call, Ed Simon

Next steps?

11) Interop Test Case review

    i) Regression tests
Which original test cases to use for C14N11 and XML Signature

    ii) test defined in new C14N11 example (as updated)

    iii) Tests for Errata
	Agreed at F2F that no tests needed for E02-E05
Test for E01?

    iv) Action to review and summarize test for E06, test for base64
    URI?  Test exists but not well-defined?

    v) Additional tests
-  test case for 1.0 as default see if 1.1 by mistake
- test case which checks for correct sig when xml:base is present
- test case which checks for correct sig when xml:id is present
- generate sig over doc subset, must include c14n11 as  final transform
- new generators not rely on default c14n
- conversion NodeSetData to OctetStreamData:
- Generate a signature having a reference with some xpath transform  
selecting NodeSetData
then we add a XSLT transform that clearly needs OctetStreamData.  
Check on verification: if the resulting signature actually made the  
use of c14n 1.1 explicit in the chain of transforms

12) Any other business

13) Adjourn

Scribe list

Elisabetta Carrara
Peter Lipp
Hal Lockhart
Ram Mohan
Anthony Nadalin
Chris Nautiyal
Rich Salz
Daniel Schutzer
Ed Simon
Andrew Sullivan
Panagiotis Trimintzios
Tarun Tyagi
Thomas Roessler (17 Apr 07)
Greg Whitehead (F2F 2 May 07 am)
Rob Miller  (F2F 2 May 07 pm)
Gregory Berezowsky (F2F 3 May 07 am)
Sean Mullan (F2F 3 May 07 pm)
Juan Carlos Cruellas (15 May 2007)
Phillip Hallam-Baker (22 May 2007)
Giles Hogben  (29 May 2007)
Konrad Lanz (6 June 2007)
Donald Eastlake (12 June 2007)

Received on Monday, 18 June 2007 21:07:59 UTC