- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Mon, 18 Jun 2007 17:07:41 -0400
- To: XMLSec <public-xmlsec-maintwg@w3.org>
- Cc: Hirsch Frederick <frederick.hirsch@nokia.com>
Agenda: W3C XML Security Specifications Maintenance WG (XMLSec) v3
Teleconference 19 June 2007
Distributed Meeting #7
v2: added Hal regrets, Ed Simon next week scribing, update action 36,
update 8c, add 8f to agenda, ask about 3 July teleconference.
v3 no regrets from Ed this time.
6 June, 9-10am Eastern Time
(6-7am Pacific, 1400-1500 Dublin, 1500-1600 CET, 1600-1700 Crete)
See <http://www.w3.org/2007/xmlsec/Group/Overview.html> for time in
other time zones.
Zakim Bridge:
+1.617.761.6200 conference code 965732# ('XMLSEC')
IRC Chat:
irc.w3.org (port 6665), #xmlsec
Web-based IRC (member-only):
<http://cgi.w3.org/member-bin/irc/irc.cgi>
Please note that attendance of XMLSEC WG telecons is restricted to
registered WG participants and persons invited by the chair.
Chair:
Frederick Hirsch
Regrets:
Hal Lockhart
1) Administrivia: scribe confirmation, next meeting
1a) Peter Lipp (Konrad Lanz will do if Peter not available) is
scheduled to scribe.
The current scribe list is at the end of this message.
Scribe Instructions:
http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html
1b) Meeting planning
Next meeting: Tuesday 26 June. Scribe: Ed Simon
Teleconference 3 July? (4 July Holiday in US)
2) Review and approval of last meeting's minutes
http://www.w3.org/2007/06/12-xmlsec-minutes
Draft minutes have been updated with regrets from Ed Simon, removal
of +aaaa, +??P8 from attendee list.
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/
0047.html
3) Action item review
Open actions are listed in Tracker at http://www.w3.org/2007/
xmlsec/Group/track/actions/open
Procedure for closing actions: http://www.w3.org/2007/xmlsec/Group/
Overview.html#closing-actions
[OPEN] ACTION-26: Thomas Roessler to draft CG note draft for
submission to XML CG - due 2007-06-20
[OPEN] ACTION-35: Rich Salz to Review Konrad's message re xml:base by
next call - due 2007-06-05
[OPEN] ACTION-36: Juan Carlos Cruellas to Review Konrad's message re
xml:base by next call - due 2007-06-05
Close, see http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/
2007Jun/0046.html
[OPEN] ACTION-37: Sean Mullan to Review Konrad's message re xml:base
by next call - due 2007-06-05
[OPEN] ACTION-38: Ed Simon to Review Konrad's message re xml:base by
next call - due 2007-06-05
[OPEN] ACTION-48: Juan Carlos Cruellas to Make proposal to resolve
issue on http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/
2007Jun/0010.html - due 2007-06-12
[OPEN] ACTION-49: Konrad Lanz to Illustrate proposed changes by
example - due 2007-06-12
Done see http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/
2007Jun/0028.html
[OPEN] ACTION-50: Phillip Hallam-Baker to Create workshop logistics
page - due 2007-06-19
[OPEN] ACTION-51: Thomas Roessler to See if RFC4514 is consistent
with dsig encoding rules - due 2007-06-19
Done, see http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/
2007Jun/0033.html
Agenda item 8a.
4) Workshop/CFP
W3C approved CFP:
Announcement on web: http://www.w3.org/2007/xmlsec/ws/
Updated CFP:
http://www.w3.org/2007/xmlsec/ws/cfp.html
WG members please solicit position papers.
5) Decryption Transform to Last Call
Current (updated) draft:
http://www.w3.org/2007/xmlsec/Drafts/xmlenc-decrypt.html
WG decision needed on this call to publish and issue Last Call.
6) DSig-Usage note
See http://www.w3.org/TR/DSig-usage/
Move this work to XML Security Specifications Maintenance WG/
7) Interop testing participation and timing
Interop testing expectations questionnaire results:
http://www.w3.org/2002/09/wbs/40279/interop-interest/results
C14N11 - 4 yes, timing - early Q3?
DSig Core - 4 yes, early Q3?
Decrypt Transform - 10 No's. No interop?
Discuss interop scheduling and participation.
Request WG members to send proposals for test cases to list.
8) XML Signature Revision - Errata 01 (Distinguished Name) issue
http://www.w3.org/2001/10/xmldsig-errata#E01
8a) Review and approve updated XML Signature draft section 4.4.4:
http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec-X509Data
First two bullets under item #1 corrected to refer to
X509IssuerSerial element and 509SubjectName elements
as in original, but with change to more specifically recommend
compliance with section 3 of RFC2253.
http://tools.ietf.org/html/rfc2253
Last paragraph updated to specify augmentation of RFC 2253 encoding
rules, eliminate bullet on escaping special characters, and to
revise bullet on space encoding:
"To encode a distinguished name (X509IssuerSerial,X509SubjectName,
and KeyName if approriate), the encoding rules in section 2 of RFC
2253 [LDAP-DN] SHOULD be applied, except that the string encoding
rules in section 2.4 of RFC 2253 [LDAP-DN] should be augmented as
follows:
*Consider the string as consisting of Unicode characters.
*Escape all occurrences of ASCII control characters (Unicode range
\x00 - \x1f) by replacing them with "\" followed by a two digit hex
number showing its Unicode number.
*Escape any trailing space characters (Unicode \x20) by replacing
them with "\20", instead of using the escape sequence "\ ".
*Since a XML document logically consists of characters, not octets,
the resulting Unicode string is finally encoded according to the
character encoding used for producing the physical representation of
the XML document.
Should rationale for use of "\20" instead of "\ " be mentioned in
"Note"?
relationship to xml:space?, http://lists.w3.org/Archives/Public/
public-xmlsec-maintwg/2007Jun/0050.html Rich
8b) XML escaping
Angle brackets, ampersand, can cause XML to be ill-formed.
Konrad: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/
2007May/0041.html
Thomas: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/
2007May/0048.html
does last bullet in section 4.4.4 (see agenda item 7a) cover this?
Konrad noted it is non-issue:
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/
0004.html
8c) encoding leading space, forgotten? Or remove requirement to
escape trailing space?
Konrad: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/
2007Jun/0004.html
Need to add to bullet list in section 4.4.4. (see agenda item 7a)?
or get rid of item for trailing space, which should be insignificant?
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/
0051.html Konrad
8d) Reference successor to RFC 2253, RFC 4515
Consistent - implementations based on RFC 2253 ok with reference to
RFC 4515?
http://tools.ietf.org/rfc/rfc4515.txt see A.1
8e) Add warning?
warning similar to that of section 7.2 of RFC 2253: http://
www.ietf.org/rfc/rfc2253.txt
Sean: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/
2007Jun/0015.html
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/
0024.html
8f) Reversibility of string to DER/BER encoding not guaranteed
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/
0021.html , Juan Carlos
Issue of reversibility
section 5.2 http://tools.ietf.org/html/rfc4514
and proposed approach:
"state a repertoire of attribute short names that all applications
must know and then strongly
recommend to use the form "dotted oid of the attribute = hex
representation of the BER/DER encoding of the value" for the rest of
not so well-known or even privately defined attributes"
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/
0049.html , Ed Simon
"I agree that XMLSig DName encoding rules should address the last
paragraph of Section 5.2 in RFC 4514:
http://tools.ietf.org/html/rfc4514"
Second point about removing KeyInfo material from DSig out of scope
for charter and for roadmap?
Update wiki?
Ask IETF for DName canonicalization, drop issue?
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/
0052.html , Konrad
9) XML Signature: ds:Reference type as URI versus ds:Object Mime Type
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/
0000.html , Juan-Carlos
10) C14N11 Review
Draft : http://www.w3.org/XML/Group/2007/05/CR-xml-c14n11-20070509.htm
CR transition request: http://lists.w3.org/Archives/Public/public-xml-
core-wg/2007May/0040
10a) merge path, C14N11 Appendix issue
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/
0044.html , Konrad Lanz
Action 35: Review Konrad's message re xml:base by next call, Rich Salz
Action 36 Review Konrad's message re xml:base by next call, Juan
Carlos Cruellas
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/
0041.html
Action 37 Review Konrad's message re xml:base by next call, Sean Mullan
Action 38 Review Konrad's message re xml:base by next call, Ed Simon
Next steps?
11) Interop Test Case review
i) Regression tests
Which original test cases to use for C14N11 and XML Signature
ii) test defined in new C14N11 example (as updated)
<http://www.w3.org/XML/Group/2007/05/CR-xml-c14n11-20070509>
iii) Tests for Errata
Agreed at F2F that no tests needed for E02-E05
Test for E01?
iv) Action to review and summarize test for E06, test for base64
URI? Test exists but not well-defined?
v) Additional tests
- test case for 1.0 as default see if 1.1 by mistake
- test case which checks for correct sig when xml:base is present
- test case which checks for correct sig when xml:id is present
- generate sig over doc subset, must include c14n11 as final transform
- new generators not rely on default c14n
- conversion NodeSetData to OctetStreamData:
- Generate a signature having a reference with some xpath transform
selecting NodeSetData
then we add a XSLT transform that clearly needs OctetStreamData.
Check on verification: if the resulting signature actually made the
use of c14n 1.1 explicit in the chain of transforms
12) Any other business
13) Adjourn
Scribe list
-----------
Elisabetta Carrara
Peter Lipp
Hal Lockhart
Ram Mohan
Anthony Nadalin
Chris Nautiyal
Rich Salz
Daniel Schutzer
Ed Simon
Andrew Sullivan
Panagiotis Trimintzios
Tarun Tyagi
Thomas Roessler (17 Apr 07)
Greg Whitehead (F2F 2 May 07 am)
Rob Miller (F2F 2 May 07 pm)
Gregory Berezowsky (F2F 3 May 07 am)
Sean Mullan (F2F 3 May 07 pm)
Juan Carlos Cruellas (15 May 2007)
Phillip Hallam-Baker (22 May 2007)
Giles Hogben (29 May 2007)
Konrad Lanz (6 June 2007)
Donald Eastlake (12 June 2007)
Received on Monday, 18 June 2007 21:07:59 UTC