- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Mon, 12 Jan 2009 10:06:35 -0500
- To: XMLSec WG Public List <public-xmlsec@w3.org>
- Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, ext Taki Kamiya <tkamiya@us.fujitsu.com>, John Schneider <john.schneider@agiledelta.com>
- Message-Id: <1E98A118-C23D-4884-9E48-E43D067EF21C@nokia.com>
Agenda: W3C XML Security WG (XMLSec) v3
F2F 13-14 January 2009
Oracle Conference center, Room 104, 350 Oracle Parkway, Redwood City,
CA, USA
F2F #3
v3 added links for material associated with actions, expanded and
updated agenda items. Separated Security 1.1 agenda items. EXI remains
at same time. added break at 4:15 on day 1.
9-6 PT each day, arrival and setup at 8:30 am
Information on meeting times in various time zones:
http://www.w3.org/2008/xmlsec/Group/Overview.html#phone
Zakim Bridge:
+1.617.761.6200 conference code 965732# ('XMLSEC')
IRC Chat:
irc.w3.org (port 6665), #xmlsec
Web-based IRC (member-only):
<http://cgi.w3.org/member-bin/irc/irc.cgi>
F2F logistics
http://lists.w3.org/Archives/Member/member-xmlsec/2008Nov/0035.html
map and directions
http://lists.w3.org/Archives/Member/member-xmlsec/2009Jan/att-0001/00-part
Please note that attendance of XMLSEC WG teleconferences is restricted
to registered WG participants and persons invited by the chair.
Chair: Frederick Hirsch
Attendees, Dial-in Attendees and Regrets listed on admin page at
http://www.w3.org/2008/xmlsec/Group/Overview.html#f2f3
Tuesday 13 January
1) Welcome, Introductions, Administrivia (9 - 9:30 am PT)
1a) Introductions as needed, Local logistics
1b) Scribe confirmation
13 January AM
13 January PM
14 January AM
14 January PM
The current scribe list is at the end of this message, will rotate
through this list.
Scribe Instructions:
http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html
1c) Meeting planning: weekly meetings
This WG meets weekly on Tuesdays 10-12 Eastern unless a meeting is
cancelled.
Upcoming meeting information is available on the WG Administrative page:
http://www.w3.org/2008/xmlsec/Group/Overview.html#upcoming-meetings
20 January 2009 Teleconference cancelled
27 January 2009 Teleconference #17, 10-12 Eastern
1d) Liaisons and Coordination
See status at members page
http://www.w3.org/2008/xmlsec/Group/Overview.html#coordination
No new updates.
1e) Announcements
Verisign has joined the WG.
2) Minutes Approval
2a) Minutes from 6 January 2009 for approval:
http://www.w3.org/2009/01/06-xmlsec-minutes.html
3) Issues
XML Signature and PDF (Juan Carlos)
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0018.html
4) Editorial updates (discuss later in agenda)
4a) Update to XML Signature 1.1
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0021.html
4b) Initial draft of XML Encryption 1.1
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0021.html
4c) Initial draft of Security Algorithms
http://www.w3.org/2008/xmlsec/Drafts/xmlsec-algorithms/Overview.html
4d) Updated Signature Properties
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0014.html
4e) Widgets 1.0 Digital Signature
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0022.html
5) XML Signature 1.1 (9:30 - 10:45 am PT)
5a) XML Signature 1.1 updated
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0021.html
(Kelvin, Brian)
http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview_diff.htm
(redline)
5b) Versioning text
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0024.html
(Thomas)
5c) SHA-1, MD5 text
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0023.html
(Thomas)
5d) Errata incorporation
http://www.w3.org/2008/06/xmldsigcore-errata.html
5e) RFC reference changes, separate normative and informative references
Editorial fixes (references)
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0000.html
5f) Other changes needed?
Algorithms - review and agreement
NIST re key lengths - update?
Container for OCSP in KeyInfo?
5g) Next steps
OK to publish before requirements document?
First public working draft?
6) XML Encryption 1.1
6a) Updated draft
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0021.html
(Kelvin)
http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview_diff.htm
(redline)
6b) Versioning
same text as signature
6c) Errata
http://www.w3.org/Encryption/2002/12-xmlenc-errata
6d) References
same issue as signature
6e) Next steps?
First public working draft?
7) XML Security 1.1 test cases and interop
7a) Actions to draft test cases
7b) Interop planning - distributed interop?
8) Break (15 min, 10:45 - 11)
9) Algorithm Note (11:00 - 11:30)
9a) Review updated draft note of Algorithms, URIs and references for
those algorithms
http://www.w3.org/2008/xmlsec/Drafts/xmlsec-algorithms/Overview.html
Exclusive C14N
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0012.html
(Sean)
CMAC-AES
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0013.html
(Phill)
9b) Next steps
First Public working draft?
10) Widget Signature review and Signature Properties (11:30 - 12:30)
10a) Review update of Signature Properties
http://www.w3.org/2008/xmlsec/Drafts/xmldsig-properties/Overview.html
updated
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0014.html
(Frederick)
10b) Next steps for Signature Properties?
First public working draft?
10c) Walk through latest draft of Widget Signature
http://dev.w3.org/2006/waf/widgets-digsig/
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0022.html
(Frederick)
Issue of DSAwithSHA256 ?
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0017.html
10d) Next steps for Widget Signature?
Profile X.509 Certs, CRL and OCSP -Web Applications WG
11) Lunch 12:30 - 1:30
12) RELAX NG Schema Note (1:30 - 1:45)
http://www.w3.org/2007/xmlsec/Drafts/xmldsig-rngschema/
Next step?
13) XML Security 2.0 (1:45 - 3:00)
13a) Review Transform Simplification update
Add explicit "see what you sign" stage? (Frederick)
13b) Next step for Transform Simplification note
Publish First Public Working Draft?
13c) Additional streaming discussion
13d) Simple Signing next steps, requirements, PI use
requirements
http://lists.w3.org/Archives/Public/public-xmlsec/2008Oct/0032.html
(Kelvin)
original proposal
http://lists.w3.org/Archives/Public/public-xmlsec/2008Aug/0007.html
(Kelvin)
http://lists.w3.org/Archives/Public/public-xmlsec/2008Aug/0049.html
13e) Backward compatibility, profiles/levels, interoperability,
extensibility mechanisms
13f) KeyInfo discussion
OCSP container?
Clarifications and other requirements?
14) Break (15 min, 3:00 - 3:15)
15) Canonicalization simplification and next steps, QNames,Namespaces,
Infoset (3:15 - 4:15)
Review and work through issues and technical approaches, requirements.
16) Break (4:15 - 4:30)
17) EXI Discussion (4:30 - 5:30)
Use Case review
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0025.html (Ed)
18) Review of day, new actions and agenda (5:30 - 5:45)
19) Other Business Day 1
20) Recess (6 pm)
Wednesday 14 January (9 am - 6 pm)
21) Welcome, Administrative
22) Requirements Review (9:00 - 11:00)
22a) Charter milestones
http://www.w3.org/2008/02/xmlsec-charter.html#milestones
22b) Canonicalization Requirement discussion
http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0006.html
(Juan Carlos)
22c) Requirements document walkthrough
http://www.w3.org/2008/xmlsec/Drafts/xmlsec-reqs/Overview.html
22d) Additional requirements - working session
List additional requirements associated with approaches taken, reflect
1.1 and 2.0
Also list non-requirements
e.g., for discussion
"is an XML only serialization required for KeyInfo, maybe we do not
want this requirement"
23) Break (15 min, 10:30 - 10:45)
24) Review Open Actions and Issues associated with requirements, Next
steps for requirements (10:45 - 11:15)
Publish First Public Working Draft?
25) XML Security 2.0 Technical Discussion (11:15 - 12:30)
Additional technical discussion based on previous discussions
26) Lunch (12:30 - 1:30)
27) Best Practices (1:30 - 2:30)
http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/ [Draft]
28a) review open issues and actions associated with best practices
ACTION-77 Update best practices document for section titles
Sean Mullan
ACTION-103 Provide updated email on best practices issue
Juan Carlos Cruellas
ACTION-125 draft best practice around xpath filter 2
Sean
ACTION-127 draft text on trade-off between different extensibility
mechanisms, for BP draft,
Thomas
ISSUE-52, Rules for syntax of KeyInfo child elements should be
unambiguous
ISSUE-56 Add references related to timestamping
ISSUE-62 Clarify best practice related to order of schema validation
and xml security processing for 2nd Edition
ISSUE-64 How to use XML Signature for various applications, e.g. Mail,
unstructured content
ISSUE-69 Update example file to avoid empty XPath result
28b) Comments received from public working draft?
28c) Next steps for Best Practices
Publish revision?
29) Schema and DTD for 2.0 (2:30 - 3:00)
Schema changes needed. Continue to provide DTDs?
30) Additional KeyInfo and other 2.0 technical discussion (3:00 - 4:00)
31) Action Item and Issue Review (4:00 - 4:30)
31a) Close Pending actions
http://www.w3.org/2008/xmlsec/actions-pending.html
[pending review] ACTION-113: Thomas Roessler to Suggest text re
versioning and namespaces for XML Signature - due 2008-12-22 [on v11]
http://www.w3.org/2008/xmlsec/track/actions/113
[pending review] ACTION-129: Frederick Hirsch to Update signature
properties based on feedback - due 2009-01-06 [on ]
http://www.w3.org/2008/xmlsec/track/actions/129
[pending review] ACTION-130: Frederick Hirsch to Create template for
algorithm note - due 2009-01-13 [on ]
http://www.w3.org/2008/xmlsec/track/actions/130
[pending review] ACTION-136: Thomas Roessler to Propose stronger
language on MD5 for 6.2 - due 2009-01-13 [on ]
http://www.w3.org/2008/xmlsec/track/actions/136
31b) Open Action Review
Open actions are listed in Tracker at http://www.w3.org/2008/xmlsec/track/actions/open
Procedure for closing actions: http://www.w3.org/2007/xmlsec/Group/Overview.html#closing-actions
Please review open action list and update your actions appropriately:
http://www.w3.org/2008/xmlsec/actions-open.html
32) Meeting summary, lessons learned, new issues and actions, future
meetings and planning (4:30 - 5:15)
http://www.w3.org/2008/xmlsec/Group/Overview.html#upcoming-meetings
F2F discussion
33) Other Business (5:15 - 6:00)
34) Adjourn (6:00)
Scribing list
----------------
Phillip Hallam-Baker, Verisign ()
Konrad Lanz, IAIK (16 July F2F am)
Pratik Datta, Oracle (19 August 2008)
Subramanian Chidambaram, Nokia (26 August)
Brian LaMacchia, Microsoft (2 September 2008)
Bradley Hill, Invited Expert (9 September 2008)
Juan Carlos Cruellas, Universitat Politècnica de Catalunya (16
September 2008)
Gerald Edgar, Boeing (7 October 2008)
Chris Solc, Adobe (20 October 2008 F2F am)
Robert Miller, MITRE (20 October 2008 F2F pm)
Bruce Rich, IBM (17 July F2F am, 21 October 2008 F2F am)
Kelvin Yiu, Microsoft (21 October 2008 F2F, pm)
Shivaram Mysore, Invited Expert (4 November 2008)
Magnus Nyström, EMC (11 November 2008)
Ed Simon, Invited Expert (18 November 2008)
Scott Cantor, invited expert (29 July 2008, 2 December 2008)
Hal Lockhart, Oracle (9 December 2008)
John Wray, IBM (16 December 2008)
Sean Mullan, Sun (6 January 2009)
regards, Frederick
Frederick Hirsch, Nokia
Chair XML Security WG
Received on Monday, 12 January 2009 15:21:10 UTC