Draft minutes: XMLsec weekly 2007-11-27 from Thomas Roessler on 2007-11-27 (public-xmlsec-maintwg@w3.org from November 2007)

From: Thomas Roessler <tlr@w3.org>
Date: Tue, 27 Nov 2007 16:26:16 +0100
To: public-xmlsec-maintwg@w3.org
Message-ID: <20071127152616.GA9283@lavazza.does-not-exist.org>

Draft minutes from today's call are available online:

http://www.w3.org/2007/11/27-xmlsec-minutes.html

Text version attached.

Regards,
--
Thomas Roessler, W3C <tlr@w3.org>

[1]W3C

XML Security Specifications Maintenance Working Group Teleconference

27 Nov 2007

[2]Agenda

See also: [3]IRC log

Attendees

Present
Frederick_Hirsch, Thomas Roessler, Konrad Lanz, Sean Mullan, Ed
Simon, Hal Lockhart, Bruce Rich, Phill Hallam-Baker, Pratik
Datta, Shivaram Mysore

Regrets
Juan Carlos Cruellas, Rob Miller

Chair
Frederick Hirsch

Scribe
tlr

Contents

* [4]Topics
1. [5]Administrivia: scribe confirmation, next meeting, other
2. [6]XML Signature update
3. [7]C14N11 red line
4. [8]chartering for follow-up work
5. [9]interop report
6. [10]best practices
7. [11]any other topics?
8. [12]action item review
* [13]Summary of Action Items
_________________________________________________________________

Administrivia: scribe confirmation, next meeting, other

frederick: welcome back

frederick: minutes from October 30 meeting accepted?

RESOLUTION: October 30 minutes approved

[14]http://www.w3.org/2007/10/30-xmlsec-minutes

frederick: face-to-facce minutes accepted?

RESOLUTION: face-tof-ace minutes accepted

[15]http://www.w3.org/2007/11//08-xmlsec-minutes

[16]http://www.w3.org/2007/11/09-xmlsec-minutes

XML Signature update

frederick: updated draft according to discussion at face-to-face ...
... redline is available ...
... hope people had chance to look ...

<shivaram> I am still dialing in ...

<FrederickHirsch>
[17]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Nov/
0018.html

frederick: section that was changed is section 4 ...
... also, removed "Applications must be able to parse URI syntax" ...

<FrederickHirsch> clean
[18]http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/nochanges.html#s
ec-URI

<FrederickHirsch> removed XML signature applications MUST be able to
parse URI syntax.

frederick: clean version shows section without the removed stuff

tlr: where does "a string as" come from?

frederick: believe face-to-face?

<FrederickHirsch> using a string as a URI-Reference - change
introduced at F2F in discussion, konrad?

<klanz2> did people hear what I said ?

<FrederickHirsch> is this better: The URI attribute string value
identifies a data object as a URI-Reference

<FrederickHirsch> see "klanz: should say "using a string as a URI
reference"" in 8 Nov minujt

<FrederickHirsch> sean agrees with tlr

<FrederickHirsch> The URI attribute identifies a data object using as
a URI-Reference

tlr: Don'T think the "as string" helps; more likely to cause
confusion. Underlying concern unfounded, as we sayi n the next
paragraph that there is a mapping.

<FrederickHirsch> choice #1

sean: agree

The URI attribute identifies a data object using a URI-Reference"

<brich> +1

RESOLUTION: revert first sentence in 4.3.3.1 to "The URI attribute
identifies a data object using a URI-Reference"

frederick: any other issues?

PROPOSED RESOLUTION: considering all issues with dsig-core closed

RESOLUTION: considering all issues with dsig-core closed

C14N11 red line

frederick: sent a new redline to xml core

<FrederickHirsch> sent a new redline to xml core reflecting changes
and examples

<FrederickHirsch>
[19]http://www.w3.org/2007/xmlsec/c14n11/07-11-20-redline/

frederick: have people looked at this?

tlr: my browser history says this is what I looked at, and I didn'T
find any issues

frederick: would like to walk through some

<FrederickHirsch> The "Remove Dot Segments" algorithm is modified to
ensure that a combination of two xml:base attribute

<FrederickHirsch> values that include relative path components (i.e.,
path components that do not begin with a '/'

<FrederickHirsch> character) results in an attribute value that is a
relative path component.

<FrederickHirsch> -- added this as bullet

frederick: putting key changes into IRC...
... modifying algorithm to combine relative path components ...
... also, add examples from previous discussion ...
... third change, to +++ATH ...

<FrederickHirsch> 1. added bullet, 2. added examples, see document, 3.
change to xml:id in examples, 4. give link for `appendix A content

<FrederickHirsch> Two questions: (1) any issue with this change from
inspection

<FrederickHirsch> (2) implementations to enable xml core to accept

bruce: Looking for the examples

<FrederickHirsch>
[20]http://www.w3.org/2007/xmlsec/c14n11/07-11-20-redline/

frederick: in the document

bruce: where?

<FrederickHirsch>
[21]http://www.w3.org/2007/xmlsec/c14n11/07-11-20-redline/c14n11-updat
e-clean.pdf

<FrederickHirsch> lines 108 to 128

tlr: lines 119++?

<FrederickHirsch> 3 bullets and removal of b and c from xml example

tlr: 108-111 examples for combining URI references, 119+ XML example

brich: in the original test suite?

tlr: no, discovered at tech plenary

klanz2: similar test cases for appendix a
... can be seen in mail ...
... mentioned "ending in .." problem ...
... should have been exercised in appendix a ...

<FrederickHirsch> Question can we test these 4 cases explicitly, 3
Remove-Dot-Segment test and the one XML input and output

tlr: this occurs while input for appendix a algorithm is prepared

klanz2: ??

<klanz2>
[22]http://www.w3.org/2007/xmlsec/interop/c14n11/appendixa/inputs.txt

<klanz2>
[23]http://www.w3.org/2007/xmlsec/interop/c14n11/appendixa/outputs.txt

tlr: problem is that trailing path segment of left-hand side is
removed in 3986, which is wrong if that left-hand side is relative URI
reference with trailing ..

<klanz2>
[24]http://www.w3.org/2007/xmlsec/interop/xmlsig-interop-doc/testcases
.html#XMLBASE_ANNEXA

klanz2: should have same results now as at the interop

frederick: would like to have this in c14n 1.1 document
... would like to be able to say that we have tested the examples
provided ...
... this seems to be a small, slightly different set ...
... can we test and include with core?

klanz2: Can we use the old examples?

frederick: is this really covered with test suite

tlr: same question, not sure I heard that at the f2f

sean: was under impression we're adding this as new test case
... waiting for tlr ...

<hal> the link near the end of the doc is broken

<hal>
[25]http://lists.w3.org/Archives/Public/public-xml-core-187wg/2007Jun/
att-0050/Apendix_20060625.html

tlr: sorry to have slacked on this

sean: wanted to update some other material in test suite as well

<FrederickHirsch> Sean - do you have list of what else to be updated?

tlr: let's stay on after this call and try to get this test case in
right away.

klanz2: yes, need an integrated test; agree
... had another look at the test cases ...

frederick: rejoining; confused
... do we have remove_dot_segments "unit tests"?

<klanz2>
[26]http://www.w3.org/2007/xmlsec/interop/c14n11/appendixa/outputs.txt

<klanz2>
[27]http://www.w3.org/2007/xmlsec/interop/c14n11/appendixa/inputs.txt

klanz2: confident that we can split these at any forward slash,
combine, and get same results
... but agree that we should have integrated test ...

frederick: 3 tests needed
... 1. example in redline
... 2. bullets in redline
... think we have mechanism to test that as well
... any need for actions?

tlr: umh, no, still have that one

frederick: wait for sean, thomas to come back

tlr: yes, think so

chartering for follow-up work

frederick: worked on this at face-to-face
... thought we reached pretty good point ...
... distribute to wider audience for feed-back ...

<hal> +1

frederick: any problems with sharing this ...

+1 to sharing with -discuss

scribe: and sending heads-up to aC

<FrederickHirsch> tlr: share with workshop participants and send heads
up to AC, before formal team process occurs

<FrederickHirsch> 4 week AC review is later step in process

<FrederickHirsch> now considering AC advanced notice.

tlr: (explains process)

proposed: to share with workshop participants, work with comm team to
send advance notice

RESOLUTION: to share current material with workshop participants, work
with comm team to send advance notice

<scribe> ACTION: thomas to send message to public-xmlsec-discuss to
solicit feed-back [recorded in
[28]http://www.w3.org/2007/11/27-xmlsec-minutes.html#action01]

<trackbot-ng> Created ACTION-118 - Send message to
public-xmlsec-discuss to solicit feed-back [on Thomas Roessler - due
2007-12-04].

<scribe> ACTION: thomas to work with comm team on AC advance notice
[recorded in
[29]http://www.w3.org/2007/11/27-xmlsec-minutes.html#action02]

<trackbot-ng> Created ACTION-119 - Work with comm team on AC advance
notice [on Thomas Roessler - due 2007-12-04].

interop report

frederick: think we're ready
... next step is template and fill it in

tlr: yes
... another overdue action item, sorry ...

frederick: c14n 1 closure is the other action item here, so we don't
rework stuff

best practices

frederick: ed, think nobody ever responded
... to ASN.1 issue ...

ed: ?? got back to me, couldn't see security issue
... don't have that e-mail in front of me ...
... totally swamped last three weeks ...
... we can probably close this issue ...
... if anything new, will point that out ...

frederick: anything we need to do as result of this question?

ed: idea was to consult with ASN.1 expert to take look
... still a bit confused as to security considerations in RFC ...
... whether they are applicable as security considerations ...
... RFC 4514 ...
... not sure why it wouldn't affect work we#re doing ...
... tend to agree there isn't much of a hole there ...
... hard to say anything defnitive right now

<FrederickHirsch> Did we ever decide on which wording of the best
practice we desired?

frederick: anything we should record and distill from this?
... don't want to just close this ...
... other question is hal and who else were interested to look at some
material ...
... Hal and Sean, I think ...

sean: yes

<hal> I am interested, may start in Dec

any other topics?

<FrederickHirsch> tlr: started team process for extension of this WG
through March

<FrederickHirsch> 2008

tlr: note that this does not imply overlap between this group and the
follow-up group

<FrederickHirsch> next step would be message to AC indicating group
extended, no additional work for WG

tlr: aim of the process is that after director decides, extension
announced to AC ...

action item review

ACTION-74 continued

ACTION-105 continued

frederick: Sean and Hal to work on the Wiki? What's the plan?

ACTION-105?

<trackbot-ng> ACTION-105 -- Frederick Hirsch to start issues list for
best practices -- due 2007-10-30 -- OPEN

<trackbot-ng>
[30]http://www.w3.org/2007/xmlsec/Group/track/actions/105

<sean> wiki is fine for me

ACTION-105 continued; might be overtaken

ACTION-109?

<trackbot-ng> ACTION-109 -- Thomas Roessler to provide example for
"isolated .." case -- due 2007-11-15 -- OPEN

<trackbot-ng>
[31]http://www.w3.org/2007/xmlsec/Group/track/actions/109

ACTION-110?

<trackbot-ng> ACTION-110 -- Frederick Hirsch to update redline and
share with xml:core -- due 2007-11-15 -- OPEN

<trackbot-ng>
[32]http://www.w3.org/2007/xmlsec/Group/track/actions/110

trackbot-ng, close ACTION-110

<trackbot-ng> ACTION-110 Update redline and share with xml:core closed

ACTION-111?

<trackbot-ng> ACTION-111 -- Frederick Hirsch to review examples in
C14N 1.1 and propose detailed changes to use xml:Id -- due 2007-11-15
-- OPEN

<trackbot-ng>
[33]http://www.w3.org/2007/xmlsec/Group/track/actions/111

trackbot-ng, close ACTION-111

<trackbot-ng> ACTION-111 Review examples in C14N 1.1 and propose
detailed changes to use xml:Id closed

ACTION-112?

<trackbot-ng> ACTION-112 -- Thomas Roessler to prepare interop report
template -- due 2007-11-15 -- OPEN

<trackbot-ng>
[34]http://www.w3.org/2007/xmlsec/Group/track/actions/112

ACTION-113?

<trackbot-ng> ACTION-113 -- Sean Mullan to update testcase document --
due 2007-11-15 -- OPEN

<trackbot-ng>
[35]http://www.w3.org/2007/xmlsec/Group/track/actions/113

frederick: sean, waht was that about again?

sean: there's test case that's in suite, not in document
... just generally review document to make sure it's consistent with
test suite

frederick: time line?

sean: this week

ACTION-113 continued

ACTION-114?

<trackbot-ng> ACTION-114 -- Thomas Roessler to ensure that result from
ACTION-109 goes into test suite -- due 2007-11-15 -- OPEN

<trackbot-ng>
[36]http://www.w3.org/2007/xmlsec/Group/track/actions/114

ACTION-115?

<trackbot-ng> ACTION-115 -- Juan Carlos Cruellas to review EXI with
respect to correct XML Security usage -- due 2007-12-10 -- OPEN

<trackbot-ng>
[37]http://www.w3.org/2007/xmlsec/Group/track/actions/115

frederick: Juan Carlos told us he's working on this

ACTION-116?

<trackbot-ng> ACTION-116 -- Frederick Hirsch to remind Donald to
review XML Signature and Encryption home pages for accuracy -- due
2007-11-16 -- OPEN

<trackbot-ng>
[38]http://www.w3.org/2007/xmlsec/Group/track/actions/116

frederick: haven't yet done, should do
... scribe for next meeting?
... ed? ...

<FrederickHirsch> ed - scribed oct 30

ed: can do, but scribed October 30
... would rather not ...

sean: will scribe
... btw, regrets two weeks from now ...

<EdS> I will scribe for Dec. 13

frederick: hope we're in better shape wrt test cases and c14n 1.1
testing
... if we can get impl testing under way, that would be great ...
... will coordinate wiht XML Core ...

ed, there is no meeting on Dec 13. It's Dec 11

frederick: anything else?

shivaram: XML Conf in Boston next week?

<EdS> OK, Dec. 11

shivaram: anybody going? ...

Frederick: won't be there

shivaram: might be interesting to meet up

<klanz2> no

frederick: if people get together, that's of course great
... shivaram, why don't you post to the list ...

-- adjourned --

Summary of Action Items

[NEW] ACTION: thomas to send message to public-xmlsec-discuss to
solicit feed-back [recorded in
[39]http://www.w3.org/2007/11/27-xmlsec-minutes.html#action01]
[NEW] ACTION: thomas to work with comm team on AC advance notice
[recorded in
[40]http://www.w3.org/2007/11/27-xmlsec-minutes.html#action02]

[End of minutes]
_________________________________________________________________

Minutes formatted by David Booth's [41]scribe.perl version 1.128
([42]CVS log)
$Date: 2007/11/27 15:25:15 $

References

1. http://www.w3.org/
2. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Nov/0024.html
3. http://www.w3.org/2007/11/27-xmlsec-irc
4. file://localhost/home/roessler/W3C/WWW/2007/11/27-xmlsec-minutes.html#agenda
5. file://localhost/home/roessler/W3C/WWW/2007/11/27-xmlsec-minutes.html#item01
6. file://localhost/home/roessler/W3C/WWW/2007/11/27-xmlsec-minutes.html#item02
7. file://localhost/home/roessler/W3C/WWW/2007/11/27-xmlsec-minutes.html#item03
8. file://localhost/home/roessler/W3C/WWW/2007/11/27-xmlsec-minutes.html#item04
9. file://localhost/home/roessler/W3C/WWW/2007/11/27-xmlsec-minutes.html#item05
10. file://localhost/home/roessler/W3C/WWW/2007/11/27-xmlsec-minutes.html#item06
11. file://localhost/home/roessler/W3C/WWW/2007/11/27-xmlsec-minutes.html#item07
12. file://localhost/home/roessler/W3C/WWW/2007/11/27-xmlsec-minutes.html#item08
13. file://localhost/home/roessler/W3C/WWW/2007/11/27-xmlsec-minutes.html#ActionSummary
14. http://www.w3.org/2007/10/30-xmlsec-minutes
15. http://www.w3.org/2007/11//08-xmlsec-minutes
16. http://www.w3.org/2007/11/09-xmlsec-minutes
17. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Nov/0018.html
18. http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/nochanges.html#sec-URI
19. http://www.w3.org/2007/xmlsec/c14n11/07-11-20-redline/
20. http://www.w3.org/2007/xmlsec/c14n11/07-11-20-redline/
21. http://www.w3.org/2007/xmlsec/c14n11/07-11-20-redline/c14n11-update-clean.pdf
22. http://www.w3.org/2007/xmlsec/interop/c14n11/appendixa/inputs.txt
23. http://www.w3.org/2007/xmlsec/interop/c14n11/appendixa/outputs.txt
24. http://www.w3.org/2007/xmlsec/interop/xmlsig-interop-doc/testcases.html#XMLBASE_ANNEXA
25. http://lists.w3.org/Archives/Public/public-xml-core-187wg/2007Jun/att-0050/Apendix_20060625.html
26. http://www.w3.org/2007/xmlsec/interop/c14n11/appendixa/outputs.txt
27. http://www.w3.org/2007/xmlsec/interop/c14n11/appendixa/inputs.txt
28. http://www.w3.org/2007/11/27-xmlsec-minutes.html#action01
29. http://www.w3.org/2007/11/27-xmlsec-minutes.html#action02
30. http://www.w3.org/2007/xmlsec/Group/track/actions/105
31. http://www.w3.org/2007/xmlsec/Group/track/actions/109
32. http://www.w3.org/2007/xmlsec/Group/track/actions/110
33. http://www.w3.org/2007/xmlsec/Group/track/actions/111
34. http://www.w3.org/2007/xmlsec/Group/track/actions/112
35. http://www.w3.org/2007/xmlsec/Group/track/actions/113
36. http://www.w3.org/2007/xmlsec/Group/track/actions/114
37. http://www.w3.org/2007/xmlsec/Group/track/actions/115
38. http://www.w3.org/2007/xmlsec/Group/track/actions/116
39. http://www.w3.org/2007/11/27-xmlsec-minutes.html#action01
40. http://www.w3.org/2007/11/27-xmlsec-minutes.html#action02
41. http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
42. http://dev.w3.org/cvsweb/2002/scribe/

Received on Tuesday, 27 November 2007 15:26:24 UTC