- From: Thomas Roessler <tlr@w3.org>
- Date: Tue, 7 Oct 2008 16:58:29 +0200
- To: public-xmlsec@w3.org
Minutes from our meeting on 2008-09-23 were approved and are available online here: http://www.w3.org/2008/09/23-xmlsec-minutes.html A text version is included below the .signature. -- Thomas Roessler, W3C <tlr@w3.org> [1]W3C XML Security Working Group Teleconference 23 Sep 2008 [2]Agenda See also: [3]IRC log Attendees Present Thomas Roessler, Frederick Hirsch, Chris Solc, John Wray, Magnus Nyström, Scott Cantor, Bruce Rich, Ed Simon, Brian LaMacchia, Sean Mullan, Norm Walsh, Brad Hill, Gerald Edgar, Hal Lockhart, Pratik Datta, Konrad Lanz, Kelvin Yiu, Rob Miller Regrets Pratik, Datta Chair Frederick Hirsch Scribe Thomas Roessler Contents * [4]Topics 1. [5]Administrative 2. [6]Agenda Review 3. [7]Approval of minutes 4. [8]Liaisons and coordination 5. [9]Best Practices 6. [10]RetrievalMethod attack 7. [11]implementation review? 8. [12]Use Cases & Requirements 9. [13]Schedule review 10. [14]RetrievalMethod, second take 11. [15]action items * [16]Summary of Action Items __________________________________________________________________ Agenda Review fjh: Norm Walsh will give intro to xproc <fjh> 30 September 2008 Teleconference cancelled <fjh> Next meeting 7 October. Gerald Edgar is scheduled to scribe. <fjh> 14 October 2008 Teleconference cancelled, <fjh> 20-21 October 2008 F2F at TPAC. Approval of minutes [17]http://www.w3.org/2008/09/16-xmlsec-minutes.html RESOLUTION: 16 September minutes approved Liaisons and coordination <fjh> XForms - 10:30 - noon (tentative) Monday 20 October fjh: Working on face-to-face schedule; will meet xforms on Monday ... ... trying to find a way to have a break that day ... <fjh> EXI - 2-3:30 Monday 20 October (note correction, 1 1/2 hours) fjh: joint session with EXI ... <fjh> WebApps - 11-12 Tuesday 21 October tlr: anything in particular we should review for these meetings? fjh: xforms is mostly going to be a listening thing ... EXI, we had a face-to-face last year's TPAC ... ... will include that in the agenda; linked from administrative page ... [18]http://www.w3.org/2008/xmlsec/Group/ fjh: webapps, haven't gotten anything yet ... but note that widget requirements are in last call ... ... will see that I can put together something for preparation ... ... re WS-Policy, trying to get them to update references to Signature 2nd ed ... webapps has widget requirements in last call ... explicit request for review <fjh> WebApps Widgets 1.0 Requirements Last Call <fjh> [19]http://www.w3.org/TR/2008/WD-widgets-reqs-20080915/ [20]http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0049.html Best Practices <fjh> Resolution to accept Status/Abstract and incorporate into draft <fjh> [21]http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0040.html PROPOSED: To accept revised status and abstract for best practices RESOLUTION: To accept revised status and abstract for best practices <fjh> Proposed revision for section 2.1, Best Practice 2 fjh: Second item from Scott, revision for 2.1 <fjh> [22]http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0044.html fjh: Sean had some input on this ... scott: some tweaking might be needed fjh; sean, any concerns? sean: sent updated e-mail this morning [23]http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0063.html PROPOSED: adopt changes proposed by Sean <fjh> draft [24]http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/ sean: move BP #2 and following paragraph to a later point, combine with BP #5 (which should be #6...) ... basically, move to discussion of RetrievalMethod ... ... and instead of moving stuff, just drop in a sentence PROPOSED: To accept Scott's wording with Sean's additions. RESOLUTION: accept Scott's wording with Sean's additions. <scribe> ACTION: sean to edit best practices to implement Scott's and his own changes; see [25]http://www.w3.org/2008/09/23-xmlsec-irc#T14-20-33 [recorded in [26]http://www.w3.org/2008/09/23-xmlsec-minutes.html#action01] <trackbot> Created ACTION-67 - Edit best practices to implement Scott's and his own changes; see [27]http://www.w3.org/2008/09/23-xmlsec-irc#T14-20-33 [on Sean Mullan - due 2008-09-30]. <fjh> Draft review Section 1, section 2.1.4 <fjh> [28]http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0046.html <fjh> [29]http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0055.html bhill: think there's a legitimate concern here ... ... if you consider using signature in office documents and the like ... ... external references can serve to track who reads documents ... ... there is a privacy concern here ... ... propose to keep this, but flash out text ... fjh: I have some ideas about changes PROPOSED: to accept changes to 2.1.4 proposed by Sean as added to by Frederick RESOLUTION: to accept changes to 2.1.4 proposed by Sean as added to by Frederick fjh: There's also changes to section 1 RESOLUTION: to accept changes to 1 proposed by Sean as added to by Frederick <scribe> ACTION: sean to implement [30]http://www.w3.org/2008/09/23-xmlsec-irc#T14-25-06, [31]http://www.w3.org/2008/09/23-xmlsec-irc#T14-24-47 [recorded in [32]http://www.w3.org/2008/09/23-xmlsec-minutes.html#action02] <trackbot> Created ACTION-68 - Implement [33]http://www.w3.org/2008/09/23-xmlsec-irc#T14-25-06, [34]http://www.w3.org/2008/09/23-xmlsec-irc#T14-24-47 [on Sean Mullan - due 2008-09-30]. <fjh> Draft review - section 2.1.2 (Best Practice 5) <fjh> [35]http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0050.html sean: xpath can have performance issues, need to pay attention, but not every implementation affected <fjh> [36]http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0056.html tlr: how about taking this to e-mail? (Also, don't really like "advanced") <hal> I recommend a general disclaimer something like this hal: I'd like a general sentence saying "These concerns apply to approaches toward implementing the specification; following the best practices is a good idea whether or not implementation is affected by the concern" hal, please correct if the above note is wrong <hal> not really what I said <hal> but I don't object hal, is that better? bal: don't talk about specific implementations; some things might be sane in certain closed environments ... ran into that with fetch-over-web type things ... <fjh> ACTION: Sean to propose text to address concern of non-naive implementations not being vulnerable to attack [recorded in [37]http://www.w3.org/2008/09/23-xmlsec-minutes.html#action03] <trackbot> Created ACTION-69 - Propose text to address concern of non-naive implementations not being vulnerable to attack [on Sean Mullan - due 2008-09-30]. klanz: there are standard tools to do bad things, you don't have a lot of influence on them ... think code execution in XSLT .. ... XSLT and XPath concern ... hal: to respond to the prior comment ... ... these still stand as best practices ... ... there might be reasons not to follow them ... ... but whole idea that somebody doesn't know how something works ... ... and something moves into a new environment, and boom ... ... that is one of the worst risks ... ... would like to highlight these as best practices ... ... it's fair to say "if you know what you're doing, you might not want to do this" bal: Hal, I hear you, I don't think that concern about poorly documented implementations is specific ... have to separate out what best practices are that we've learned ... ... "things you really ought not to do, and we don't see use for them" ... ... and things that ought to be better documented ... ... other concern, to keep scope of BP document to standard itself ... not attacking specific implementations ... ... of course just a BP document ... ... but people might very well run with some of what's in here and not understand trade-off ... ... 1. do not talk about bugs in particular implementations ... 2. be careful on wording ... there is tendency for documents like this to be used as prescriptive bans ... ... say "there might be good reasons for doing the things we discourage, but you really ought to know what you're doing" <hal> +1 <fjh> bal notes concern that someone might take best practices as profile, disallowing things but should be treated as practice bal: we might want to make a hard recommendation on xslt ... that's really a change to the specification ... ... not all recommendations have equal weight ... fjh: bal, can you add something? bal: I think there ought to be a disclaimer in here, not sure where that went ... let's not do something general right now, can do that later tlr: add something general to SOTD? bal: maybe, with caveat that we might want to make stronger statement ... any good boilerplate? tlr: not sure I know of any; note that we can change later fjh: If we want to do normative stuff, not in BP +1 <scribe> ACTION: thomas to propose disclaimer for SOTD [recorded in [38]http://www.w3.org/2008/09/23-xmlsec-minutes.html#action04] <trackbot> Created ACTION-70 - Propose disclaimer for SOTD [on Thomas Roessler - due 2008-09-30]. <fjh> hal notes that best practices should reflect multiple applications, not just one hal: no objection against "make sure you know what you're doing", I don't understand problem with saying that more than one implementation has been observed to have the problem... ... don't say "if you think your implementation is fine, don't follow them" ... ... haven't seen the "show me your implementation" effect when mentioning that some implementations have problem smullan: we've made some progress on this ... early versions of BP document had stronger language on things like RetrievalMethod ... <fjh> sean notes now say less strong statements, consider this . smullan: also, most DOS attacks might be less serious when following BP 1 and BP 3 <fjh> sean notes that use of xslt may be appropriate in trusted environment pdatta: namespace node expansions ... ... @@ expands all namespace nodes ... ... there is some dependence on that feature ... ... interop testcase without expanding namespace nodes? fjh: sean noted that document shouldn't use relative namespace URIs <fjh> Change all examples in document to use absolute namespace URIs, not relative klanz: they're prohibited <brich> how about some text that says something like "There is an uneasy tension between security on one hand and utility and performance on the other hand. Circumstances may dictate an implementation must do something that is not the most secure. This needs to be a reasoned tradeoff that can be revisited in later versions of the implementation as necessary to address risk." <fjh> [39]http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0050.html <klanz2> The use of relative URI references, including same-document references, in namespace declarations is deprecated. <klanz2> Note: <klanz2> This deprecation of relative URI references was decided on by a W3C XML Plenary Ballot [Relative URI deprecation]. It also declares that "later specifications such as DOM, XPath, etc. will define no interpretation for them". fjh: sean, you said these should reject relative namespace URIs <fjh> [40]http://www.w3.org/TR/xml-c14n11/#DataModel <klanz2> [41]http://www.w3.org/TR/REC-xml-names/#reluri sean: our implementation rejects all the examples because of relative namespace URIs fjh: @@ <fjh> [42]http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/samples/ dos_xpath.xml <klanz2> ns0 ... relative fjh: In the DOS example files, we have relative namespace URIs <klanz2> let's change ns0 to [43]http://www.example.org/ns0 ... to n <klanz2> let's change ns0 to [44]http://www.example.org/ns0 ... n tlr: I guess my question is whether there is any good reason for having relative namespaces fjh: we could use absolute ones as well <scribe> ACTION: pratik to update examples with absolute namespace URIs and regenerate signatures [recorded in [45]http://www.w3.org/2008/09/23-xmlsec-minutes.html#action05] <trackbot> Created ACTION-71 - Update examples with absolute namespace URIs and regenerate signatures [on Pratik Datta - due 2008-09-30]. fjh: now, links to example files... ... we're keeping these member-visible for the moment ... tlr: The examples become vastly easier to understand in full ... could see us waiting a little longer to accommodate implementers. sean: even if there is an implementation that has a big problem ... doubt anybody will be able to fix this any time soon ... ... think the examples have the relevant text in there ... ... think that's good enough ... <esimon2> back in 10 min. fjh: no decision quite yet, decide next meeting RetrievalMethod attack <fjh> RetrievalMethod attack, section 2.1.3 fjh: long thread whether it can be recursive ... <fjh> [46]http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0059.html <fjh> [47]http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0051.html pdatta: fine with Sean's clarification fjh: what does that mean for document? ... does the attack depend on the KeyInfo concern? pdatta: no longer a denial of service attack fjh: sean, can you take care of this example? <fjh> [48]http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/#id64346 klanz2: I thought RetrievalMethod *is* recursive? <fjh> [49]http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0054.html fjh: deferred <fjh> Add synopsis for each Best Practice <klanz2> ame="Type" type="anyURI" use="optional" <scribe> ACTION: fjh to contribute synopsis for each best practice [recorded in [50]http://www.w3.org/2008/09/23-xmlsec-minutes.html#action06] <trackbot> Created ACTION-72 - Contribute synopsis for each best practice [on Frederick Hirsch - due 2008-09-30]. <fjh> Misc editorial <fjh> Completion of implementer review actions? <fjh> [51]http://www.w3.org/2008/xmlsec/track/products/11 implementation review? fjh: Has anybody has a chance to look through the document -- how's review doing? ... Also, is publication at face-to-face a realistic option? <gedgar> I have to leave unfortunately. smullan: found that relative namespace URIs are a problem ... should make sure that examples are kind of accurate ... fjh: the bar I'm trying to get across is whether publication would cause any harm bal: as long as we talk about the spec itself, it's fine fjh: the document doesn't disclose things about a specific implementation brich: review of document was what I committed ... timing isn't easy ... fjh: trying to understand issue ... want to make sure that BPs are followed? statements about specific implementations? ... oh well, so maybe we can't publish as quickly ... let's at least get pending edits out of the way Use Cases & Requirements <fjh> [52]http://www.w3.org/2008/xmlsec/Drafts/xmlsec-reqs/Overview.html fjh: hal, you had useful material about web services ... how to add that? hal: also, what happens to long-lived documents considerations? ... probably the same thing should happen to that and to my material magnus: also talked about extending scope to not just be about signature and c14n, but also a few other things ... keyInfo e.g. is generic <fjh> proposal - change title to XML Security v.next use cases and requirements tlr: Serious editing hasn't begun yet; some things in Shivaram's court fjh: need to pull things from the list <scribe> ACTION: magnus to provide proposal to adapt Requirements scope [recorded in [53]http://www.w3.org/2008/09/23-xmlsec-minutes.html#action07] <trackbot> Created ACTION-73 - Provide proposal to adapt Requirements scope [on Magnus Nyström - due 2008-09-30]. hal: maybe do "domain specific requirements"? fjh: issues list, try to go through and extract requirements <fjh> issues list requirements extraction <fjh> [54]http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0052.html fjh: gerald categorized requirements here ... volunteers, please! <esimon2> I'm here! <esimon2> unmute me nope ed, you shouldn't be muted yes! esimon2: IRC exceptionally slow again ... EXI review is relevant here. <fjh> [55]http://lists.w3.org/Archives/Member/member-xmlsec/2008Sep/0022.html EdSimon: They aren't addressing EXI needs for signature and encryption ... but based on use cases, there might be native need for signature and encryption ... ... please poke them about answering [56]http://lists.w3.org/Archives/Member/member-xmlsec/2008Sep/0022.html ... ... there is a long conversation to be had about native XML Security for EXI ... Schedule review <fjh> [57]http://www.w3.org/2008/02/xmlsec-charter.html#milestones fjh: would like to get use cases and requirements out in early November ... doesn't give us a whole lot of time to produce something to get us started ... ... focus on requirements soon <esimon2> Specifically what I said was that I have yet to see any discussion on EXI requirements for EXI-native signature and encryption. EXI has published a document discussing how current XML Signature and XML Encryption can be used with EXI but that, to me, does not seem sufficient. Need to find out if the EXI group sees a potential requirement for EXI-native signatures and encryption. RetrievalMethod, second take klanz: recursive retrieval method or not? <klanz2> [58]http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo <klanz2> [59]http://www.w3.org/TR/xmldsig-core/#sec-RetrievalMethod <klanz2> <attribute name="Type" type="anyURI" use="optional"/> tlr: eek, I'm confused. Please send to mailing list <scribe> ACTION: klanz2 to summarize recursive retrievalmethod point [recorded in [60]http://www.w3.org/2008/09/23-xmlsec-minutes.html#action08] <trackbot> Created ACTION-74 - Summarize recursive retrievalmethod point [on Konrad Lanz - due 2008-09-30]. action items fjh: propose bulk closure ACTION-27 closed <trackbot> ACTION-27 contact crypto hardware and suiteB experts in NSA regarding XML Security WG and possible involvement closed ACTION-31? <trackbot> ACTION-31 -- Thomas Roessler to investigate ebXML liaison (see ACTION-6) -- due 2008-08-19 -- PENDINGREVIEW <trackbot> [61]http://www.w3.org/2008/xmlsec/track/actions/31 ACTION-31 closed <trackbot> ACTION-31 Investigate ebXML liaison (see ACTION-6) closed ACTION-39? <trackbot> ACTION-39 -- Hal Lockhart to contribute web service related scenario -- due 2008-08-25 -- PENDINGREVIEW <trackbot> [62]http://www.w3.org/2008/xmlsec/track/actions/39 ACTION-39 closed <trackbot> ACTION-39 Contribute web service related scenario closed ACTION-42 closed <trackbot> ACTION-42 Elaborate on "any document" requirement vs canonicalizing xml:base closed ACTION-47 closed <trackbot> ACTION-47 Add error noted in [63]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2008Jun/0 021.html to c14n 1.1 errata page closed ACTION-66 pending ACTION-66? <trackbot> ACTION-66 -- Frederick Hirsch to follow up with xsl to get documents related to serialization -- due 2008-09-23 -- PENDINGREVIEW <trackbot> [64]http://www.w3.org/2008/xmlsec/track/actions/66 fjh: we have a long list of open actions ... please get the ones done that relate to requirements ... <fjh> [65]http://www.w3.org/2008/xmlsec/actions-open.html <bal> yes ACTION-56? <trackbot> ACTION-56 -- Scott Cantor to propose text for KeyInfo processing in best practices. [66]http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0014.html -- due 2008-09-16 -- OPEN <trackbot> [67]http://www.w3.org/2008/xmlsec/track/actions/56 fjh: any other updates? ... concrete proposals and material on the list, please ... ... priority for requirements document ... tlr: might also be worth talking about the way the process works <esimon2> IRC died on me; was the EXI action (was it Action-25?) closed? ACTION-25 closed <trackbot> ACTION-25 Give feedback on xml schema best practice in xml-cg closed action-25? <trackbot> ACTION-25 -- Frederick Hirsch to give feedback on xml schema best practice in xml-cg -- due 2008-08-19 -- CLOSED <trackbot> [68]http://www.w3.org/2008/xmlsec/track/actions/25 action-19? <trackbot> ACTION-19 -- Gerald Edgar to evaluate Issues and Actions for appropriate placement -- due 2008-08-19 -- PENDINGREVIEW <trackbot> [69]http://www.w3.org/2008/xmlsec/track/actions/19 action-22 closed <trackbot> ACTION-22 Review EXI docs that were published closed action-56? <trackbot> ACTION-56 -- Scott Cantor to propose text for KeyInfo processing in best practices. [70]http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0014.html -- due 2008-09-16 -- PENDINGREVIEW <trackbot> [71]http://www.w3.org/2008/xmlsec/track/actions/56 action-56 closed <trackbot> ACTION-56 Propose text for KeyInfo processing in best practices. [72]http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0014.html closed Summary of Action Items [NEW] ACTION: fjh to contribute synopsis for each best practice [recorded in [73]http://www.w3.org/2008/09/23-xmlsec-minutes.html#action06] [NEW] ACTION: klanz2 to summarize recursive retrievalmethod point [recorded in [74]http://www.w3.org/2008/09/23-xmlsec-minutes.html#action08] [NEW] ACTION: magnus to provide proposal to adapt Requirements scope [recorded in [75]http://www.w3.org/2008/09/23-xmlsec-minutes.html#action07] [NEW] ACTION: pratik to update examples with absolute namespace URIs and regenerate signatures [recorded in [76]http://www.w3.org/2008/09/23-xmlsec-minutes.html#action05] [NEW] ACTION: sean to edit best practices to implement Scott's and his own changes; see [77]http://www.w3.org/2008/09/23-xmlsec-irc#T14-20-33 [recorded in [78]http://www.w3.org/2008/09/23-xmlsec-minutes.html#action01] [NEW] ACTION: sean to implement [79]http://www.w3.org/2008/09/23-xmlsec-irc#T14-25-06, [80]http://www.w3.org/2008/09/23-xmlsec-irc#T14-24-47 [recorded in [81]http://www.w3.org/2008/09/23-xmlsec-minutes.html#action02] [NEW] ACTION: Sean to propose text to address concern of non-naive implementations not being vulnerable to attack [recorded in [82]http://www.w3.org/2008/09/23-xmlsec-minutes.html#action03] [NEW] ACTION: thomas to propose disclaimer for SOTD [recorded in [83]http://www.w3.org/2008/09/23-xmlsec-minutes.html#action04] [End of minutes] __________________________________________________________________ Minutes formatted by David Booth's [84]scribe.perl version 1.133 ([85]CVS log) $Date: 2008/10/07 14:57:43 $ References 1. http://www.w3.org/ 2. http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0061.html 3. http://www.w3.org/2008/09/23-xmlsec-irc 4. http://www.w3.org/2008/09/23-xmlsec-minutes.html#agenda 5. http://www.w3.org/2008/09/23-xmlsec-minutes.html#item01 6. http://www.w3.org/2008/09/23-xmlsec-minutes.html#item02 7. http://www.w3.org/2008/09/23-xmlsec-minutes.html#item03 8. http://www.w3.org/2008/09/23-xmlsec-minutes.html#item04 9. http://www.w3.org/2008/09/23-xmlsec-minutes.html#item05 10. http://www.w3.org/2008/09/23-xmlsec-minutes.html#item06 11. http://www.w3.org/2008/09/23-xmlsec-minutes.html#item07 12. http://www.w3.org/2008/09/23-xmlsec-minutes.html#item08 13. http://www.w3.org/2008/09/23-xmlsec-minutes.html#item09 14. http://www.w3.org/2008/09/23-xmlsec-minutes.html#item10 15. http://www.w3.org/2008/09/23-xmlsec-minutes.html#item11 16. http://www.w3.org/2008/09/23-xmlsec-minutes.html#ActionSummary 17. http://www.w3.org/2008/09/16-xmlsec-minutes.html 18. http://www.w3.org/2008/xmlsec/Group/ 19. http://www.w3.org/TR/2008/WD-widgets-reqs-20080915/ 20. http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0049.html 21. http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0040.html 22. http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0044.html 23. http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0063.html 24. http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/ 25. http://www.w3.org/2008/09/23-xmlsec-irc#T14-20-33 26. http://www.w3.org/2008/09/23-xmlsec-minutes.html#action01 27. http://www.w3.org/2008/09/23-xmlsec-irc#T14-20-33 28. http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0046.html 29. http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0055.html 30. http://www.w3.org/2008/09/23-xmlsec-irc#T14-25-06 31. http://www.w3.org/2008/09/23-xmlsec-irc#T14-24-47 32. http://www.w3.org/2008/09/23-xmlsec-minutes.html#action02 33. http://www.w3.org/2008/09/23-xmlsec-irc#T14-25-06 34. http://www.w3.org/2008/09/23-xmlsec-irc#T14-24-47 35. http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0050.html 36. http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0056.html 37. http://www.w3.org/2008/09/23-xmlsec-minutes.html#action03 38. http://www.w3.org/2008/09/23-xmlsec-minutes.html#action04 39. http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0050.html 40. http://www.w3.org/TR/xml-c14n11/#DataModel 41. http://www.w3.org/TR/REC-xml-names/#reluri 42. http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/samples/dos_xpath.xml 43. http://www.example.org/ns0 44. http://www.example.org/ns0 45. http://www.w3.org/2008/09/23-xmlsec-minutes.html#action05 46. http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0059.html 47. http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0051.html 48. http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/#id64346 49. http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0054.html 50. http://www.w3.org/2008/09/23-xmlsec-minutes.html#action06 51. http://www.w3.org/2008/xmlsec/track/products/11 52. http://www.w3.org/2008/xmlsec/Drafts/xmlsec-reqs/Overview.html 53. http://www.w3.org/2008/09/23-xmlsec-minutes.html#action07 54. http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0052.html 55. http://lists.w3.org/Archives/Member/member-xmlsec/2008Sep/0022.html 56. http://lists.w3.org/Archives/Member/member-xmlsec/2008Sep/0022.html 57. http://www.w3.org/2008/02/xmlsec-charter.html#milestones 58. http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo 59. http://www.w3.org/TR/xmldsig-core/#sec-RetrievalMethod 60. http://www.w3.org/2008/09/23-xmlsec-minutes.html#action08 61. http://www.w3.org/2008/xmlsec/track/actions/31 62. http://www.w3.org/2008/xmlsec/track/actions/39 63. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2008Jun/0021.html 64. http://www.w3.org/2008/xmlsec/track/actions/66 65. http://www.w3.org/2008/xmlsec/actions-open.html 66. http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0014.html 67. http://www.w3.org/2008/xmlsec/track/actions/56 68. http://www.w3.org/2008/xmlsec/track/actions/25 69. http://www.w3.org/2008/xmlsec/track/actions/19 70. http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0014.html 71. http://www.w3.org/2008/xmlsec/track/actions/56 72. http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0014.html 73. http://www.w3.org/2008/09/23-xmlsec-minutes.html#action06 74. http://www.w3.org/2008/09/23-xmlsec-minutes.html#action08 75. http://www.w3.org/2008/09/23-xmlsec-minutes.html#action07 76. http://www.w3.org/2008/09/23-xmlsec-minutes.html#action05 77. http://www.w3.org/2008/09/23-xmlsec-irc#T14-20-33 78. http://www.w3.org/2008/09/23-xmlsec-minutes.html#action01 79. http://www.w3.org/2008/09/23-xmlsec-irc#T14-25-06, 80. http://www.w3.org/2008/09/23-xmlsec-irc#T14-24-47 81. http://www.w3.org/2008/09/23-xmlsec-minutes.html#action02 82. http://www.w3.org/2008/09/23-xmlsec-minutes.html#action03 83. http://www.w3.org/2008/09/23-xmlsec-minutes.html#action04 84. http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm 85. http://dev.w3.org/cvsweb/2002/scribe/
Received on Tuesday, 7 October 2008 14:59:08 UTC