Agenda: F2F 12-13 May 2009 (v2)

Agenda: W3C XML Security WG (XMLSec) v2
F2F 12-13 May 2009
RSA (EMC), Executive Briefing Center, 170 Middlesex Turnpike,  
Bedford,  MA, USA
F2F #4

9-6 ET each day, arrival and setup at 8:30 am
Directions: http://www.rsa.com/node.aspx?id=1059

Information on meeting times in various time zones:
http://www.w3.org/2008/xmlsec/Group/Overview.html#phone

v2 updated editors updates, added Algorithm Cross Reference Update,  
Link to Pratik's performance checkins, add attendance, rearranged Tue  
pm schedule a bit, minor edits.

Zakim Bridge:
+1.617.761.6200 conference code 965732# ('XMLSEC')
IRC Chat:
irc.w3.org (port 6665), #xmlsec
Web-based IRC (member-only):
<http://cgi.w3.org/member-bin/irc/irc.cgi>

Please note that attendance of XMLSEC WG teleconferences is  
restricted  to registered WG participants and persons invited by the  
chair.

Logistics information:
http://lists.w3.org/Archives/Member/member-xmlsec/2009Mar/0015.html

Chair: Frederick Hirsch

Attendance information recorded via questionnaire see
http://www.w3.org/2002/09/wbs/42458/f2fbosrsa2009/results

In Person (10): Scott Cantor, Pratik Datta, Gerald Edgar, Ken Graf,  
Phillip Hallam-Baker, Frederick Hirsch, Brian LaMacchia, Hal Lockhart,  
Sean Mullan, Magnus Nyström

By Phone (6) : Rob Miller, Bruce Rich, Thomas Roessler, Peter Saint- 
Andre, Ed Simon, Chris Solc

Regrets (2) : Shivaram Mysore, Kelvin Yiu

Tuesday 12 May 2009 (9:00 - 18:00 ET with setup at 8:30)

1) Welcome, Introductions,  Administrative items (9:00 am)

1a) Introductions as needed, Local logistics

1b) Scribe confirmation
12 May AM
12 May PM
13 May AM
13 May PM
2 June

The current scribe list is at the end of this message, will rotate   
through this list.
Scribe Instructions:
http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html

1c)   Meeting planning: weekly meetings

This WG meets weekly on Tuesdays 10-12 Eastern unless a meeting is   
cancelled.

Upcoming meeting information is available on the WG Administrative page:
http://www.w3.org/2008/xmlsec/Group/Overview.html#upcoming-meetings

19 May 2009 Teleconference Cancelled
26 May 2009 Teleconference Cancelled

Next meeting: 2 June. Scribe to be determined.

1d) Liaisons and Coordination

See status at members page
http://www.w3.org/2008/xmlsec/Group/Overview.html#coordination

1e) Announcements

None

2) Minutes Approval

Minutes from 5 May 2009, for approval:

http://www.w3.org/2009/05/05-xmlsec-minutes.html

3) Editorial update status (Completed and pending)

Please remember to send note to public list when completing editing,   
indicating what has changed and associated action. Please mark action   
as pending as well.

3a) updated the Best Practices editors draft to complete ACTION-274  
and ACTION-275

add best practices to avoid xslt extensions and to prefer XPath Filter  
2.0, please review change.

http://lists.w3.org/Archives/Public/public-xmlsec/2009May/0008.html  
(Frederick)

3b) Derived key schema

Created and removed schemaLocation attribute

http://www.w3.org/2008/xmlsec/Drafts/derived-key/dkey-schema.xsd

action to update document accordingly?

4) Roadmap and publication planning

Current roadmap and publication status:

http://www.w3.org/2008/xmlsec/wiki/RoadmapandPublicationStatus

updated with XML Signature Properties publication. Added link to  
Widget Signatures (related work). Made Namespace document more obvious.

Please review.

5) Interop review and planning (9:30 - 10:30)

Review interop  - see details and status on wiki page:

http://www.w3.org/2008/xmlsec/wiki/Interop

6) Performance and performance testing (10:30- 11:15)

Discussion of status, plans and test generation.

Performance examples  checked in
http://lists.w3.org/Archives/Public/public-xmlsec/2009May/0007.html  
(Pratik)

7) Break (11:15 - 11:30)

8) Constrained implementation of Canonicalization (11:30 - 12:30)

Proposal (discussed on last call)

http://lists.w3.org/Archives/Public/public-xmlsec/2009May/0004.html  
(Pratik)

description of constrained cases

http://www.w3.org/2008/xmlsec/Drafts/performance/c14n-subtree/constrained-cases-description.pdf

Review status and proposals, decisions.

9) Lunch (12:30- 13:30)

10) Constrained implementation continued (13:30 - 14:30)

11)  Elliptic Curve update and discussion (14:30 - 15:00)

Review feedback to date and considerations for moving forward.

12) Algorithm Cross Reference Update

12a) Add ECDSA-RIPEMD160, ECDSA-WHIRLPOOL

http://lists.w3.org/Archives/Public/public-xmlsec/2009Apr/0062.html  
(Thomas)

plain, non-plain feedback
http://lists.w3.org/Archives/Public/public-xmlsec/2009May/0009.html  
(Thomas)

http://lists.w3.org/Archives/Public/public-xmlsec/2009May/0010.html  
(Konrad)

Poll for new information and additional discussion.

12) Break (15:00 - 15:30)

13)   New Algorithm RFC review (15:30 - 16:00)

ACTION-248 (Thomas)

14) Test cases for Canonicalization Simplification (16:00 - 17:30)

Which are the same for C14N11 and New, which old cases fail for New,
which differ? Which new cases are needed?

15)  Action Item and Issue Review (17:30 - 18:00)

15a) Close Pending actions
[pending review] ACTION-274: Frederick Hirsch to Update best practices  
with proposal from Ken Graf, to call out local system access risks  
regarding XSLT - due 2009-05-12 [on ]
http://www.w3.org/2008/xmlsec/track/actions/274

[pending review] ACTION-275: Frederick Hirsch to Update Best Practices  
doc with Best practice on XPath Filter 2.0 preference, if available to  
1.0 implementation. - due 2009-05-12 [on ]
http://www.w3.org/2008/xmlsec/track/actions/275

15b) Open Action Review

Open actions are listed in Tracker at http://www.w3.org/2008/xmlsec/track/actions/open

Procedure for closing actions: http://www.w3.org/2007/xmlsec/Group/Overview.html#closing-actions

Please review open action list and update your actions appropriately:

http://www.w3.org/2008/xmlsec/actions-open.html

15c) Issues review

http://www.w3.org/2008/xmlsec/track/issues/open

16) Recess

Wednesday 13 May 2009 (9:00 - 18:00 ET with setup at 8:30)

17) Welcome, Administrative

18) Transform compatibility discussion (9:00 -10:00)

Constrain existing transform model/transforms or new model?
Declarative layer above this lower layer?

19) Extensibility and other Compatibility issues for Canonicalization
and Transforms (10:00 - 10:45)

References. Other issues.

20) Break (10:45 - 11:00)

21) New key encryption (wrap) mechanism (KEM). (11:00 - 11:30)

Magnus

22) Derived Key review and Next Steps (11:30 - 12:00)

23) Next steps for XML Security 1.1 model (12:00 - 12:30)

24)  Lunch (12:30 - 13:30)

25)  Requirements update (13:30 - 14:00)

Update requirements with new requirements, requirements realized in
technical discussions, issues associated with requirements.

26) XML Schema changes, RNG Schema (14:00 - 14:30)

http://lists.w3.org/Archives/Public/public-xmlsec/2009May/0014.html

27) EXI and 2.0 and F2F planning (14:30 - 15:15)

28) Break (15:15 - 15:30)

29)  Errata and Second Edition discussion (15:30 - 15:45)

30) Issue review and resolution (15:45 - 17:00)

31) Meeting Action Review (17:00 - 17:15)

32) Other Business (17:15 - 18:00)

33) Adjourn (18:00)

Scribing  list
----------------
Hal Lockhart, Oracle (9 December 2008)
Phillip Hallam-Baker, Verisign (F2F 13 January 2009, am)
Shivaram Mysore, Invited Expert ( F2F 14 January 2009, pm)
Brian LaMacchia, Microsoft ( F2F 14 January 2009, pm)
Bradley Hill, Invited Expert (27 January 2009)
Sean Mullan, Sun (3 February 2009)
Pratik Datta, Oracle ( F2F 14 January 2009, pm, 10 February 2009)
Konrad Lanz, IAIK (24 February 2009, 16 July F2F am)
Juan Carlos Cruellas, Universitat Politècnica de Catalunya (17
February 2009, 16 September 2008)
Chris Solc, Adobe (3 March 2009, 20 October 2008 F2F am)
Robert Miller, MITRE (10 March 2009, 20 October 2008 F2F pm)
Magnus Nyström, EMC (17 March 2009, 11 November 2008)
Scott Cantor, invited expert (24 March 2009, 29 July 2008, 2 December
2008)
Ed Simon, Invited Expert (31 March 2009, 18 November 2008)
Gerald Edgar, Boeing (7 April 2009, F2F 13 January 2009, pm)
John Wray, IBM (21 April 2009, 16 December 2008)
Kelvin Yiu, Microsoft (28 May 2009, 21 October 2008 F2F, pm)
Bruce Rich, IBM (planned 5 May 2009, 17 July F2F am, 21 October 2008
F2F am)

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG

Received on Monday, 11 May 2009 13:55:55 UTC