Agenda: Distributed meeting #2 2008-08-12

• From: Frederick Hirsch <frederick.hirsch@nokia.com>
• Date: Mon, 11 Aug 2008 11:19:09 -0400
• To: public-xmlsec@w3.org
• Cc: Frederick Hirsch <frederick.hirsch@nokia.com>
• Message-Id: <1377B787-1D1A-45B0-A3EE-87F0533D5750@nokia.com>

Agenda: W3C XML Security WG (XMLSec)
Teleconference 12 August  2008
Distributed Meeting #2

10-12:00 am Eastern Time
Information on meeting times in various time zones:
http://www.w3.org/2008/xmlsec/Group/Overview.html#phone

Zakim Bridge:
        +1.617.761.6200 conference code 965732# ('XMLSEC')
IRC Chat:
      irc.w3.org (port 6665), #xmlsec
Web-based IRC (member-only):
      <http://cgi.w3.org/member-bin/irc/irc.cgi>

Please note that attendance of XMLSEC WG teleconferences is  
restricted to registered WG participants and persons invited by the  
chair.

Chair: Frederick Hirsch

Regrets: Juan Carlos Cruellas, Konrad Lanz, Rob Miller

1) Administrivia: scribe confirmation, next meeting, other

1a)  Subramanian Chidambaram  is scheduled to scribe.

The current scribe list is at the end of this message, will rotate  
through this list.

     Scribe Instructions:
     http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html

1b)   Meeting planning: weekly meetings

This WG meets weekly on Tuesdays 10-12 Eastern unless a meeting is  
cancelled.  Upcoming meeting information is available on the WG  
Administrative page:
http://www.w3.org/2008/xmlsec/Group/Overview.html#upcoming-meetings

Next meeting 19 August. TBD is scheduled to scribe.

1c)  Meeting planning: Technical Plenary / Advisory Committee  
Meetings Week, 20 - 24 October 2008

XML Security scheduled Monday 20 October - Tuesday 21 October, please  
add to your calendar

Schedule: http://www.w3.org/2008/10/TPAC/Schedule

Joint meetings (to be arranged)
XML Core
EXI

1d)  Meeting planning: F2F planning

Updates/discussion on F2F planning?

2) Announcements

2a) XAdES plugfest
http://lists.w3.org/Archives/Public/public-xmlsec/2008Aug/0003.html

3)  Minutes Approval

3a) Minutes from F2F day 1 for approval:
http://www.w3.org/2008/07/16-xmlsec-minutes.html

corrections
http://lists.w3.org/Archives/Member/member-xmlsec/2008Aug/0002.html
(also links for issues as noted in day corrections)

3b) Minutes from F2F day 2 for approval:
http://www.w3.org/2008/07/17-xmlsec-minutes.html

corrections
http://lists.w3.org/Archives/Member/member-xmlsec/2008Aug/0003.html

3c) Minutes from 29 July  for approval:
http://lists.w3.org/Archives/Member/member-xmlsec/2008Jul/att-0041/29- 
xmlsec-minutes.html

4) Action item review

4a) Pending actions - completed, to be closed upon WG review

These actions have been completed (marked as pending review by owner  
of action) and may be closed if WG agrees.

Actions pending review are listed in Tracker at http://www.w3.org/ 
2008/xmlsec/track/actions/pendingreview
[pending review] ACTION-3: Thomas Roessler to RNG Schema: Check on  
status with customer. - due 2008-07-07 [on Schema -XML Signature RNG  
Schema]
http://www.w3.org/2008/xmlsec/track/actions/3
[pending review] ACTION-9: Thomas Roessler to Fix Tracker - due  
2008-07-23 [on WG-Tools]
http://www.w3.org/2008/xmlsec/track/actions/9
[pending review] ACTION-10: Frederick Hirsch to Update wg page to  
include issues link - due 2008-07-23 [on WG-Web Site]
http://www.w3.org/2008/xmlsec/track/actions/10
[pending review] ACTION-11: Frederick Hirsch to Ask for XPath 2.0  
presentation to group - due 2008-07-24 [on WG-Coordination]
http://www.w3.org/2008/xmlsec/track/actions/11

[pending review] ACTION-12: Juan Carlos Cruellas to Review archive  
from maint. group to revisit type issue - due 2008-07-24 [on Rqmts  
(XML Signature and Canonicalization V Next Requirements)]
http://www.w3.org/2008/xmlsec/track/actions/12

what was this action intended to accomplish?


[pending review] ACTION-14: Frederick Hirsch to Ask about namespaces/ 
undeclarations in xml coordination group - due 2008-07-24 [on WG- 
Coordination]
http://www.w3.org/2008/xmlsec/track/actions/14
[pending review] ACTION-20: Frederick Hirsch to Draft message about  
XPath 2 presentation to mailing list - due 2008-08-05 [on WG- 
Coordination]
http://www.w3.org/2008/xmlsec/track/actions/20

Draft message to send to XSL WG:
http://lists.w3.org/Archives/Member/member-xmlsec/2008Aug/0001.html


[pending review] ACTION-26: Frederick Hirsch to Define products in  
tracker and associate with actions/issues - due 2008-08-07 [on WG-Tools]
http://www.w3.org/2008/xmlsec/track/actions/26

see http://lists.w3.org/Archives/Public/public-xmlsec/2008Aug/0001.html

4b) Open action status review

Open actions are listed in Tracker at http://www.w3.org/2008/xmlsec/ 
track/actions/open

Procedure for closing actions: http://www.w3.org/2007/xmlsec/Group/ 
Overview.html#closing-actions

Please review open action list and update your actions appropriately:

http://www.w3.org/2008/xmlsec/actions-open.html

5) New Requirements draft

5a) Single document for both Canonicalization and Signature  
requirement, or two?

http://www.w3.org/2008/02/xmlsec-charter.html#deliverables

5b) Template for requirements (using xmlspec)

Is there a W3C template available or should we use older XML Security  
Note, or?

5c) Principles

Review and agree on principles?
http://lists.w3.org/Archives/Public/public-xmlsec/2008Aug/0005.html

5d) Next steps for requirements

Bring forward existing requirements to keep?

6) Algorithm Requirements

Consider separating requirements for Signature generation vs  
verification? For example MUST NOT generate signatures using C14N10  
but MUST implement C14N10 for verification?

Additional follow-up to last week discussion?

7) Best Practices

Best Practices review comments (Brad Hill)
http://lists.w3.org/Archives/Public/public-xmlsec/2008Aug/0000.html

8) IETF - XML Signature, Second Edition

Bring forward as standard without separating normative and  
informative references

9) Issues List

Procedure for creating issues: http://www.w3.org/2008/xmlsec/Group/ 
Overview.html#issues

9a) Raised, Open, Closed

Tracker distinguishes from issues that have been raised and those  
that are agreed as open by WG.

Move all issues to open status?

http://www.w3.org/2008/xmlsec/issues.html

9b) Comment, review of issues.

10) Workshop paper review

http://www.w3.org/2007/xmlsec/ws/report.html

10a) categories

security, performance, features, operational errors

10b) actions/groups to review and summarize papers?

11) WS-I Basic Security Profile review?

1.0 Final material: http://www.ws-i.org/Profiles/ 
BasicSecurityProfile-1.0.html

1.1 Working Group Approval Draft: http://www.ws-i.org/Profiles/ 
BasicSecurityProfile-1.1.html

12)  Review original XML Canonicalization Requirements document

http://www.w3.org/TR/NOTE-xml-canonical-req

13) Any other business

14) Adjourn

Scribing  list
-----------
Juan Carlos Cruellas, Universitat Politècnica de Catalunya ()
Subramanian Chidambaram, Nokia ()
Pratik Datta, Oracle ()
Gerald Edgar, Boeing ()
Bradley Hill, Invited Expert ()
Brian LaMacchia, Microsoft ()
Robert Miller, MITRE ()
Sean Mullan, Sun ()
Shivaram Mysore, Invited Expert ()
Magnus Nyström, EMC ()
Leonard Rosenthol, Adobe ()
Anil Saldhana, Red Hat ()
Ed Simon, Invited Expert ()
John Wray, IBM ()
Kelvin Yiu, Microsoft ()
Konrad Lanz, IAIK (16 July F2F am)
Hal Lockhart, Oracle (16 July F2F pm)
Bruce Rich, IBM (17 July F2F am)
Chris Solc, Adobe (17 July F2F pm)
Scott Cantor, invited expert (29 July 2008)

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG

Received on Monday, 11 August 2008 15:21:37 UTC