Draft minutes: XMLsec weekly 2007-11-27

Draft minutes from today's call are available online:


Text version attached.

Thomas Roessler, W3C   <tlr@w3.org>


     XML Security Specifications Maintenance Working Group Teleconference

27 Nov 2007


   See also: [3]IRC log


          Frederick_Hirsch, Thomas Roessler, Konrad Lanz, Sean Mullan, Ed
          Simon,  Hal  Lockhart,  Bruce  Rich, Phill Hallam-Baker, Pratik
          Datta, Shivaram Mysore

          Juan Carlos Cruellas, Rob Miller

          Frederick Hirsch



     * [4]Topics
         1. [5]Administrivia: scribe confirmation, next meeting, other
         2. [6]XML Signature update
         3. [7]C14N11 red line
         4. [8]chartering for follow-up work
         5. [9]interop report
         6. [10]best practices
         7. [11]any other topics?
         8. [12]action item review
     * [13]Summary of Action Items

Administrivia: scribe confirmation, next meeting, other

   frederick: welcome back

   frederick: minutes from October 30 meeting accepted?

   RESOLUTION: October 30 minutes approved


   frederick: face-to-facce minutes accepted?

   RESOLUTION: face-tof-ace minutes accepted



XML Signature update

   frederick: updated draft according to discussion at face-to-face ...
   ... redline is available ...
   ... hope people had chance to look ...

   <shivaram> I am still dialing in ...


   frederick: section that was changed is section 4 ...
   ... also, removed "Applications must be able to parse URI syntax" ...

   <FrederickHirsch> clean

   <FrederickHirsch>  removed  XML signature applications MUST be able to
   parse URI syntax.

   frederick: clean version shows section without the removed stuff

   tlr: where does "a string as" come from?

   frederick: believe face-to-face?

   <FrederickHirsch>   using   a  string  as  a  URI-Reference  -  change
   introduced at F2F in discussion, konrad?

   <klanz2> did people hear what I said ?

   <FrederickHirsch>  is  this  better:  The  URI  attribute string value
   identifies a data object as a URI-Reference

   <FrederickHirsch>  see  "klanz:  should  say  "using a string as a URI
   reference"" in 8 Nov minujt

   <FrederickHirsch> sean agrees with tlr

   <FrederickHirsch>  The URI attribute identifies a data object using as
   a URI-Reference

   tlr:  Don'T  think  the  "as  string"  helps;  more  likely  to  cause
   confusion.  Underlying  concern  unfounded,  as  we  sayi  n  the next
   paragraph that there is a mapping.

   <FrederickHirsch> choice #1

   sean: agree

   The URI attribute identifies a data object using a URI-Reference"

   <brich> +1

   RESOLUTION:  revert  first  sentence  in to "The URI attribute
   identifies a data object using a URI-Reference"

   frederick: any other issues?

   PROPOSED RESOLUTION: considering all issues with dsig-core closed

   RESOLUTION: considering all issues with dsig-core closed

C14N11 red line

   frederick: sent a new redline to xml core

   <FrederickHirsch>  sent  a  new redline to xml core reflecting changes
   and examples


   frederick: have people looked at this?

   tlr:  my  browser  history says this is what I looked at, and I didn'T
   find any issues

   frederick: would like to walk through some

   <FrederickHirsch>  The  "Remove Dot Segments" algorithm is modified to
   ensure that a combination of two xml:base attribute

   <FrederickHirsch>  values that include relative path components (i.e.,
   path components that do not begin with a '/'

   <FrederickHirsch>  character)  results in an attribute value that is a
   relative path component.

   <FrederickHirsch> -- added this as bullet

   frederick: putting key changes into IRC...
   ... modifying algorithm to combine relative path components ...
   ... also, add examples from previous discussion ...
   ... third change, to +++ATH ...

   <FrederickHirsch> 1. added bullet, 2. added examples, see document, 3.
   change to xml:id in examples, 4. give link for `appendix A content

   <FrederickHirsch>  Two  questions: (1) any issue with this change from

   <FrederickHirsch> (2) implementations to enable xml core to accept

   bruce: Looking for the examples


   frederick: in the document

   bruce: where?


   <FrederickHirsch> lines 108 to 128

   tlr: lines 119++?

   <FrederickHirsch> 3 bullets and removal of b and c from xml example

   tlr: 108-111 examples for combining URI references, 119+ XML example

   brich: in the original test suite?

   tlr: no, discovered at tech plenary

   klanz2: similar test cases for appendix a
   ... can be seen in mail ...
   ... mentioned "ending in .." problem ...
   ... should have been exercised in appendix a ...

   <FrederickHirsch>  Question  can  we  test these 4 cases explicitly, 3
   Remove-Dot-Segment test and the one XML input and output

   tlr: this occurs while input for appendix a algorithm is prepared

   klanz2: ??



   tlr:  problem  is  that  trailing  path  segment  of left-hand side is
   removed in 3986, which is wrong if that left-hand side is relative URI
   reference with trailing ..


   klanz2: should have same results now as at the interop

   frederick: would like to have this in c14n 1.1 document
   ...  would  like  to  be  able to say that we have tested the examples
   provided ...
   ... this seems to be a small, slightly different set ...
   ... can we test and include with core?

   klanz2: Can we use the old examples?

   frederick: is this really covered with test suite

   tlr: same question, not sure I heard that at the f2f

   sean: was under impression we're adding this as new test case
   ... waiting for tlr ...

   <hal> the link near the end of the doc is broken


   tlr: sorry to have slacked on this

   sean: wanted to update some other material in test suite as well

   <FrederickHirsch> Sean - do you have list of what else to be updated?

   tlr:  let's  stay  on after this call and try to get this test case in
   right away.

   klanz2: yes, need an integrated test; agree
   ... had another look at the test cases ...

   frederick: rejoining; confused
   ... do we have remove_dot_segments "unit tests"?



   klanz2:  confident  that  we  can  split  these  at any forward slash,
   combine, and get same results
   ... but agree that we should have integrated test ...

   frederick: 3 tests needed
   ... 1. example in redline
   ... 2. bullets in redline
   ... think we have mechanism to test that as well
   ... any need for actions?

   tlr: umh, no, still have that one

   frederick: wait for sean, thomas to come back

   tlr: yes, think so

chartering for follow-up work

   frederick: worked on this at face-to-face
   ... thought we reached pretty good point ...
   ... distribute to wider audience for feed-back ...

   <hal> +1

   frederick: any problems with sharing this ...

   +1 to sharing with -discuss

   scribe: and sending heads-up to aC

   <FrederickHirsch> tlr: share with workshop participants and send heads
   up to AC, before formal team process occurs

   <FrederickHirsch> 4 week AC review is later step in process

   <FrederickHirsch> now considering AC advanced notice.

   tlr: (explains process)

   proposed:  to share with workshop participants, work with comm team to
   send advance notice

   RESOLUTION: to share current material with workshop participants, work
   with comm team to send advance notice

   <scribe>  ACTION:  thomas  to send message to public-xmlsec-discuss to
   solicit feed-back [recorded in

   <trackbot-ng>     Created     ACTION-118    -    Send    message    to
   public-xmlsec-discuss  to  solicit feed-back [on Thomas Roessler - due

   <scribe>  ACTION:  thomas  to work with comm team on AC advance notice
   [recorded in

   <trackbot-ng>  Created  ACTION-119 - Work with comm team on AC advance
   notice [on Thomas Roessler - due 2007-12-04].

interop report

   frederick: think we're ready
   ... next step is template and fill it in

   tlr: yes
   ... another overdue action item, sorry ...

   frederick:  c14n  1 closure is the other action item here, so we don't
   rework stuff

best practices

   frederick: ed, think nobody ever responded
   ... to ASN.1 issue ...

   ed: ?? got back to me, couldn't see security issue
   ... don't have that e-mail in front of me ...
   ... totally swamped last three weeks ...
   ... we can probably close this issue ...
   ... if anything new, will point that out ...

   frederick: anything we need to do as result of this question?

   ed: idea was to consult with ASN.1 expert to take look
   ... still a bit confused as to security considerations in RFC ...
   ... whether they are applicable as security considerations ...
   ... RFC 4514 ...
   ... not sure why it wouldn't affect work we#re doing ...
   ... tend to agree there isn't much of a hole there ...
   ... hard to say anything defnitive right now

   <FrederickHirsch>  Did  we  ever  decide  on which wording of the best
   practice we desired?

   frederick: anything we should record and distill from this?
   ... don't want to just close this ...
   ... other question is hal and who else were interested to look at some
   material ...
   ... Hal and Sean, I think ...

   sean: yes

   <hal> I am interested, may start in Dec

any other topics?

   <FrederickHirsch>  tlr:  started team process for extension of this WG
   through March

   <FrederickHirsch> 2008

   tlr:  note that this does not imply overlap between this group and the
   follow-up group

   <FrederickHirsch>  next  step  would be message to AC indicating group
   extended, no additional work for WG

   tlr:  aim  of  the  process  is that after director decides, extension
   announced to AC ...

action item review

   ACTION-74 continued

   ACTION-105 continued

   frederick: Sean and Hal to work on the Wiki? What's the plan?


   <trackbot-ng>  ACTION-105 -- Frederick Hirsch to start issues list for
   best practices -- due 2007-10-30 -- OPEN


   <sean> wiki is fine for me

   ACTION-105 continued; might be overtaken


   <trackbot-ng>  ACTION-109  --  Thomas  Roessler to provide example for
   "isolated .." case -- due 2007-11-15 -- OPEN



   <trackbot-ng>  ACTION-110  --  Frederick  Hirsch to update redline and
   share with xml:core -- due 2007-11-15 -- OPEN


   trackbot-ng, close ACTION-110

   <trackbot-ng> ACTION-110 Update redline and share with xml:core closed


   <trackbot-ng>  ACTION-111  --  Frederick  Hirsch to review examples in
   C14N  1.1 and propose detailed changes to use xml:Id -- due 2007-11-15
   -- OPEN


   trackbot-ng, close ACTION-111

   <trackbot-ng>  ACTION-111  Review  examples  in  C14N  1.1 and propose
   detailed changes to use xml:Id closed


   <trackbot-ng>  ACTION-112 -- Thomas Roessler to prepare interop report
   template -- due 2007-11-15 -- OPEN



   <trackbot-ng> ACTION-113 -- Sean Mullan to update testcase document --
   due 2007-11-15 -- OPEN


   frederick: sean, waht was that about again?

   sean: there's test case that's in suite, not in document
   ...  just  generally review document to make sure it's consistent with
   test suite

   frederick: time line?

   sean: this week

   ACTION-113 continued


   <trackbot-ng> ACTION-114 -- Thomas Roessler to ensure that result from
   ACTION-109 goes into test suite -- due 2007-11-15 -- OPEN



   <trackbot-ng>  ACTION-115  --  Juan Carlos Cruellas to review EXI with
   respect to correct XML Security usage -- due 2007-12-10 -- OPEN


   frederick: Juan Carlos told us he's working on this


   <trackbot-ng>  ACTION-116  --  Frederick  Hirsch  to  remind Donald to
   review  XML  Signature  and  Encryption home pages for accuracy -- due
   2007-11-16 -- OPEN


   frederick: haven't yet done, should do
   ... scribe for next meeting?
   ... ed? ...

   <FrederickHirsch> ed - scribed oct 30

   ed: can do, but scribed October 30
   ... would rather not ...

   sean: will scribe
   ... btw, regrets two weeks from now ...

   <EdS> I will scribe for Dec. 13

   frederick:  hope  we're  in  better  shape wrt test cases and c14n 1.1
   ... if we can get impl testing under way, that would be great ...
   ... will coordinate wiht XML Core ...

   ed, there is no meeting on Dec 13. It's Dec 11

   frederick: anything else?

   shivaram: XML Conf in Boston next week?

   <EdS> OK, Dec. 11

   shivaram: anybody going? ...

   Frederick: won't be there

   shivaram: might be interesting to meet up

   <klanz2> no

   frederick: if people get together, that's of course great
   ... shivaram, why don't you post to the list ...

   -- adjourned --

Summary of Action Items

   [NEW]  ACTION:  thomas  to  send  message  to public-xmlsec-discuss to
   solicit feed-back [recorded in
   [NEW]  ACTION:  thomas  to  work  with  comm team on AC advance notice
   [recorded in

   [End of minutes]

    Minutes  formatted  by  David  Booth's [41]scribe.perl version 1.128
    ([42]CVS log)
    $Date: 2007/11/27 15:25:15 $


   1. http://www.w3.org/
   2. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Nov/0024.html
   3. http://www.w3.org/2007/11/27-xmlsec-irc
   4. file://localhost/home/roessler/W3C/WWW/2007/11/27-xmlsec-minutes.html#agenda
   5. file://localhost/home/roessler/W3C/WWW/2007/11/27-xmlsec-minutes.html#item01
   6. file://localhost/home/roessler/W3C/WWW/2007/11/27-xmlsec-minutes.html#item02
   7. file://localhost/home/roessler/W3C/WWW/2007/11/27-xmlsec-minutes.html#item03
   8. file://localhost/home/roessler/W3C/WWW/2007/11/27-xmlsec-minutes.html#item04
   9. file://localhost/home/roessler/W3C/WWW/2007/11/27-xmlsec-minutes.html#item05
  10. file://localhost/home/roessler/W3C/WWW/2007/11/27-xmlsec-minutes.html#item06
  11. file://localhost/home/roessler/W3C/WWW/2007/11/27-xmlsec-minutes.html#item07
  12. file://localhost/home/roessler/W3C/WWW/2007/11/27-xmlsec-minutes.html#item08
  13. file://localhost/home/roessler/W3C/WWW/2007/11/27-xmlsec-minutes.html#ActionSummary
  14. http://www.w3.org/2007/10/30-xmlsec-minutes
  15. http://www.w3.org/2007/11//08-xmlsec-minutes
  16. http://www.w3.org/2007/11/09-xmlsec-minutes
  17. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Nov/0018.html
  18. http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/nochanges.html#sec-URI
  19. http://www.w3.org/2007/xmlsec/c14n11/07-11-20-redline/
  20. http://www.w3.org/2007/xmlsec/c14n11/07-11-20-redline/
  21. http://www.w3.org/2007/xmlsec/c14n11/07-11-20-redline/c14n11-update-clean.pdf
  22. http://www.w3.org/2007/xmlsec/interop/c14n11/appendixa/inputs.txt
  23. http://www.w3.org/2007/xmlsec/interop/c14n11/appendixa/outputs.txt
  24. http://www.w3.org/2007/xmlsec/interop/xmlsig-interop-doc/testcases.html#XMLBASE_ANNEXA
  25. http://lists.w3.org/Archives/Public/public-xml-core-187wg/2007Jun/att-0050/Apendix_20060625.html
  26. http://www.w3.org/2007/xmlsec/interop/c14n11/appendixa/outputs.txt
  27. http://www.w3.org/2007/xmlsec/interop/c14n11/appendixa/inputs.txt
  28. http://www.w3.org/2007/11/27-xmlsec-minutes.html#action01
  29. http://www.w3.org/2007/11/27-xmlsec-minutes.html#action02
  30. http://www.w3.org/2007/xmlsec/Group/track/actions/105
  31. http://www.w3.org/2007/xmlsec/Group/track/actions/109
  32. http://www.w3.org/2007/xmlsec/Group/track/actions/110
  33. http://www.w3.org/2007/xmlsec/Group/track/actions/111
  34. http://www.w3.org/2007/xmlsec/Group/track/actions/112
  35. http://www.w3.org/2007/xmlsec/Group/track/actions/113
  36. http://www.w3.org/2007/xmlsec/Group/track/actions/114
  37. http://www.w3.org/2007/xmlsec/Group/track/actions/115
  38. http://www.w3.org/2007/xmlsec/Group/track/actions/116
  39. http://www.w3.org/2007/11/27-xmlsec-minutes.html#action01
  40. http://www.w3.org/2007/11/27-xmlsec-minutes.html#action02
  41. http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
  42. http://dev.w3.org/cvsweb/2002/scribe/

Received on Tuesday, 27 November 2007 15:26:24 UTC