Agenda: Distributed meeting 2009-01-06 v3

Agenda: W3C XML Security WG (XMLSec) v3
Teleconference 6 January 2009
Distributed Meeting #16

Happy New Year.

v2: update regrets, updates re f2f,  added item for transform  
simplification editors update, add local access risks for best  
practices, update pending actions, update new issues

v3: add 1.1 DSAwithSHA1 material, update to Signature Properties  
draft, Expires requirement in discussion

10-12:00 am Eastern Time
Information on meeting times in various time zones:
http://www.w3.org/2008/xmlsec/Group/Overview.html#phone

Zakim Bridge:
+1.617.761.6200 conference code 965732# ('XMLSEC')
IRC Chat:
irc.w3.org (port 6665), #xmlsec
Web-based IRC (member-only):
<http://cgi.w3.org/member-bin/irc/irc.cgi>

Please note that attendance of XMLSEC WG teleconferences is restricted  
to registered WG participants and persons invited by the chair.

Chair: Frederick Hirsch

Regrets:  Konrad Lanz, Ed Simon, Magnus Nyström

see http://www.w3.org/2008/xmlsec/Group/Overview.html#upcoming-meetings

1) Administrivia: scribe confirmation, next meeting, other

1a)  Sean Mullan is scheduled to scribe

The current scribe list is at the end of this message, will rotate  
through this list.

Scribe Instructions:
http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html

1b)   Meeting planning: weekly meetings

This WG meets weekly on Tuesdays 10-12 Eastern unless a meeting is  
cancelled.

Upcoming meeting information is available on the WG Administrative page:
http://www.w3.org/2008/xmlsec/Group/Overview.html#upcoming-meetings

Next meeting is F2F, 13-14 January
Logistics
http://lists.w3.org/Archives/Member/member-xmlsec/2008Nov/0035.html  
(Pratik)

Attendee review
http://www.w3.org/2008/xmlsec/Group/Overview.html#upcoming-meetings

Draft agenda
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0004.html

tentative 5-6 PM PT EXI joint discussion

1c) Liaisons and Coordination

See status at members page
http://www.w3.org/2008/xmlsec/Group/Overview.html#coordination

No new updates.

1d) Announcements

XAdES Plugfest 6 Feb
http://lists.w3.org/Archives/Public/public-xmlsec/2008Dec/0022.html  
(Konrad)

2) Minutes Approval

2a) Minutes from 16 December 2008 for approval:

http://www.w3.org/2008/12/16-xmlsec-minutes.html

3) Issues

ISSUE-78
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0000.html  
(Frederick)
Broken fragments ref-RFC3279, ref-FIPS-186-2

ISSUE-79
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0005.html  
(Frederick)

X509Data and KeyInfo text in XML Signature is silent regarding OCSP  
responses - add support for conveying these in standard manner? Also,  
is clarification needed regarding CRL inclusion, perhaps specific  
element for this purpose?

Request for input regarding extensibility (Thomas)
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0003.html

4) Editorial updates

4a) Updated Requirements draft with Long Term Signature material and  
update to section organization (Frederick)

http://lists.w3.org/Archives/Public/public-xmlsec/2008Dec/0032.html

4b) Home page

"There was an EXI document discussing use of XML Signature and  
Encryption; that might have been a useful link" (Ed)

4c) Update to transform simplification

http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0002.html  
(Pratik)

4d) Update to Signature Properties

http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0008.html  
(Frederick)

5) XML Security 1.1

5a) New Key Value Proposal (Scott)

http://lists.w3.org/Archives/Public/public-xmlsec/2008Dec/0031.html

5b) Signature Properties

Expiration

Longer lifetime of signature than cert or shorter
http://lists.w3.org/Archives/Public/public-xmlsec/2008Dec/0024.html  
(Sean)

data vs signature
http://lists.w3.org/Archives/Public/public-xmlsec/2008Dec/0027.html  
(Scott)

comments related to XAdES
http://lists.w3.org/Archives/Public/public-xmlsec/2008Dec/0013.html

http://lists.w3.org/Archives/Public/public-xmlsec/2008Dec/0015.html

Proposed changes
Open Action (action added)
http://www.w3.org/2008/xmlsec/track/actions/129

Widget Requirement for Expires property
http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0018.html

5c) Generation and validation requirements  DSAwithSHA1

http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0007.html  
(Brian)

5d) Updates for versioning text and references.

Open Action - f2f

5e) Algorithm update for XML Encryption for 1.1

Open Action - f2f

6) Transform Simplification

6a) Review and updates

Open Action

7) Requirements

7a)  Revising Canonicalization Requirements

http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0006.html  
(Juan Carlos)

8) Best Practices

8a) Proposed edits related to Timestamps

http://lists.w3.org/Archives/Public/public-xmlsec/2008Dec/0033.html  
(Frederick)

8b) local access risks

http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0001.html  
(Ken Graf)


8b) Comments from Juan Carlos

http://www.w3.org/2008/xmlsec/Drafts/best-practices/comments-bhill-jcc.html 
  (Edited document)

http://lists.w3.org/Archives/Public/public-xmlsec/2008Oct/0020.html  
(Frederick)

http://lists.w3.org/Archives/Public/public-xmlsec/2008Oct/0030.html  
(Juan Carlos)

8c) NVDL ordering constraints

http://lists.w3.org/Archives/Public/public-xmlsec/2008Dec/0010.html  
(Rob)


8d) XSLT additions to best practices

http://www.w3.org/2008/12/16-xmlsec-minutes.html#item09

Need proposal for text to add to best practices - volunteer?

9) Action Item and Issue Review

9a) Close Pending actions

[pending review] ACTION-107: Pratik Datta to Look at XSL streaming -  
due 2008-11-18 [on v.next (Design for XML Signature V Next)]
http://www.w3.org/2008/xmlsec/track/actions/107

[pending review] ACTION-117: Scott Cantor to Propose a schema and  
language for bare key encoding in KeyInfo - due 2008-12-23 [on v11]
http://www.w3.org/2008/xmlsec/track/actions/117

[pending review] ACTION-123: Frederick Hirsch to Add Juan Carlos  
material on long term sigs to Requirements Document - due 2008-12-16  
[on Rqmts (XML Signature and Canonicalization V Next Requirements)]
http://www.w3.org/2008/xmlsec/track/actions/123

[pending review] ACTION-124: Frederick Hirsch to Follow up with Juan  
Carlos on ISSUE-56 - due 2008-12-16 [on ]
http://www.w3.org/2008/xmlsec/track/actions/124

[pending review] ACTION-126: Ken Graf to Call out local system access  
risks regarding XSLT - due 2008-12-23 [on v.next (Design for XML  
Signature V Next)]
http://www.w3.org/2008/xmlsec/track/actions/126

9b) Open Action Review

Open actions are listed in Tracker at http://www.w3.org/2008/xmlsec/track/actions/open

Procedure for closing actions: http://www.w3.org/2007/xmlsec/Group/Overview.html#closing-actions

Please review open action list and update your actions appropriately:

http://www.w3.org/2008/xmlsec/actions-open.html

10) Other Business

11) Adjourn

Scribing  list
----------------
Konrad Lanz, IAIK (16 July F2F am)
Sean Mullan, Sun (12 August 2008)
Pratik Datta, Oracle (19 August 2008)
Subramanian Chidambaram, Nokia (26 August)
Brian LaMacchia, Microsoft (2 September 2008)
Bradley Hill, Invited Expert (9 September 2008)
Juan Carlos Cruellas, Universitat Politècnica de Catalunya (16  
September 2008)
Gerald Edgar, Boeing (7 October 2008)
Chris Solc, Adobe (20 October 2008 F2F am)
Robert Miller, MITRE (20 October 2008 F2F pm)
Bruce Rich, IBM (17 July F2F am, 21 October 2008 F2F am)
Kelvin Yiu, Microsoft (21 October 2008 F2F, pm)
Shivaram Mysore, Invited Expert (4 November 2008)
Magnus Nyström, EMC (11 November 2008)
Ed Simon, Invited Expert (18 November 2008)
Scott Cantor, invited expert (29 July 2008, 2 December 2008)
Hal Lockhart, Oracle (9 December 2008)
John Wray, IBM (16 December 2008)

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG

Received on Tuesday, 6 January 2009 14:39:46 UTC