Agenda: Distributed Meeting 2009-11-17

Agenda: W3C XML Security WG (XMLSec)
Teleconference 17 November 2009
Distributed Meeting #48

10-12:00 am Eastern Time
Information on meeting times in various time zones:
http://www.w3.org/2008/xmlsec/Group/Overview.html#phone

Zakim Bridge:
+1.617.761.6200 conference code 965732# ('XMLSEC')
IRC Chat:
irc.w3.org (port 6665), #xmlsec
Web-based IRC (member-only):
<http://cgi.w3.org/member-bin/irc/irc.cgi>

Please note that attendance of XMLSEC WG teleconferences is  
restricted  to registered WG participants and persons invited by the  
chair.

Publication Status available at
http://www.w3.org/2008/xmlsec/wiki/PublicationStatus

Chair: Frederick Hirsch

Regrets: none

see http://www.w3.org/2008/xmlsec/Group/Overview.html#upcoming-meetings

1) Administrivia: scribe confirmation

1a)  Scribe selection

The current scribe list is at the end of this message, will rotate  
through this list.

Scribe Instructions:
http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html

1b) Liaisons and Coordination

See status at members page
http://www.w3.org/2008/xmlsec/Group/Overview.html#coordination

SAAG 1.1 Last Call warning note
http://lists.w3.org/Archives/Public/public-xmlsec/2009Nov/0028.html  
(Thomas)

1c) Announcements

Publication moratoria
http://lists.w3.org/Archives/Member/member-xmlsec/2009Nov/0011.html

(Deadline 18 Dec 2009,  17 March 2010)

2)   Meeting planning: upcoming meetings

This WG meets weekly on Tuesdays 10-12 Eastern unless a meeting is   
cancelled.

Upcoming meeting information is available on the WG Administrative page:
http://www.w3.org/2008/xmlsec/Group/Overview.html#upcoming-meetings

Upcoming meetings:
24 November 2009 , Chair pro-temp Thomas Roessler,  scribe TBD
1 December 2009 , Chair pro-temp Thomas Roessler,  scribe TBD
8 December
15 December
22 December
29 December

3) Minutes Approval

Please review  F2F minutes, also please indicate corrections in  
attendance.

5 November 2009:
http://www.w3.org/2009/11/05-xmlsec-minutes.html

6 November 2009:
http://www.w3.org/2009/11/06-xmlsec-minutes.html

4) Editorial Updates

(Changes since those made during F2F)

4a) XML Signature 1.1

Added reference to Best practices

http://lists.w3.org/Archives/Public/public-xmlsec/2009Nov/0027.html  
(Frederick)

undated link
http://lists.w3.org/Archives/Public/public-xmlsec/2009Nov/0029.html  
(Cynthia)

4b) XML Encryption 1.1

Explain document updated

http://lists.w3.org/Archives/Public/public-xmlsec/2009Nov/0026.html  
(Frederick)

4c) Requirements

Updated 2.0 requirements per ACTION- 428, ACTION-429 (Frederick)

http://lists.w3.org/Archives/Public/public-xmlsec/2009Nov/0024.html

Updated shortnames

http://lists.w3.org/Archives/Public/public-xmlsec/2009Nov/0025.html  
(Frederick)

4d) Publication status

Updated web page with requirements documents

http://lists.w3.org/Archives/Public/public-xmlsec/2009Nov/0023.html   
(Frederick)

5) 1.1 Last Call

Defer Last Call until remaining actions and issues resolved, also  
requirements review.

5a) ISSUE-155: Add AES-GCM to XML Encryption 1.1

i) Proposal
http://lists.w3.org/Archives/Public/public-xmlsec/2009Nov/0030.html  
(Pratik)

ii) Suggest adding a reference to, e.g. NIST SP 800-38D (there are  
also some details in RFC 5288 on the use of nonces and authentication  
tags)?

http://lists.w3.org/Archives/Public/public-xmlsec/2009Nov/0036.html  
(Magnus)

- need proposal update

iii)  from the NSA Suite B docs, it appears to me that they prefer AES- 
GCM mode over the AES-CBC mode, because they recommend it in TLS.

http://lists.w3.org/Archives/Public/public-xmlsec/2009Nov/0037.html  
(Pratik)

Proposal here?

5b) ISSUE-147 XML Encryption 1.1 table of contents incomplete, some  
headings not numbered correctly in document

ACTION-437, Frederick, Move sig/enc core 1.1 specs to respec; resolve  
ISSUE-147 as side effect

5c) ISSUE-150 Use of XML encryption type encoding in EXI

ACTION-439, Thomas, Draft text for xml encryption 1.1 for handing EXI

5d) ISSUE-154 Links to references need to be updated

Best practice
http://lists.w3.org/Archives/Public/public-xmlsec/2009Nov/0038.html  
(Thomas)

5e) ISSUE-82 Should 1.1 spec mandate support for range of RSA key  
sizes (and DSA)?

ACTION-442 Brian, Propose text for RSA for Issue-82 (DSA already done)

5f) ISSUE-115 XPath Filter Transform and Namespace Declarations for  
Qualified Nodes, see http://lists.w3.org/Archives/Public/public-xmlsec/2009Apr/0025.html

ACTION-412, Ed, Review ISSUE-115

5g) ACTION-421, Ed, look at 1.1 schema

5h) ACTION-431, Thomas, Fix "they" in RFC2119 section throughout all  
documents

6) Issue-91 ECC Status update

Thomas update on W3C Team actions.

7) Requirements publication

7a) ISSUE-63 -- Namespace requirements: undeclarations, QNames, use of  
partial content in new contexts

ACTION-436, Thomas, review for issue-63 requirements

7b) ISSUE-9, BSP requirements

ACTION-386, Hal, Look at WS-I BSP constraints on DSig

ACTION-441, Cynthia, Review BSP 1.1 (http://www.ws-i.org/Profiles/BasicSecurityProfile-1.1.html 
) with respect to Signature 1.1 and Encryption 1.1

7c) ISSUE-149 Link requirements to features

ACTION-438, Shivaram, check 1.1 requirements against enc, sig EDs

8) Update on interop planning

http://lists.w3.org/Archives/Member/member-xmlsec/2009Nov/0010.html  
(Juan Carlos)

9) Performance

9a) http://lists.w3.org/Archives/Member/member-xmlsec/2009Nov/ 
0008.html (Chris)

Share on public list, Next steps?

9b) Performance paper

http://lists.w3.org/Archives/Member/member-xmlsec/2009Nov/0004.html  
(Sean)

10) Wrapping Attack Article review
ACTION-447, Cynthia - Review wrapping attack article
11) Action review
11a) Close Pending actions

These will be closed after the meeting unless concern raised before   
or  during meeting. Please review in advance of meeting.
ACTION-418: Thomas Roessler to Copy draft minutes from http://lists.w3.org/Archives/Member/member-xmlsec/2009Oct/att-0022/27-xmlsec-minutes.html 
  to http://www.w3.org/2009/10/27-xmlsec-minutes.html

ACTION-423: Frederick Hirsch to Add reference to "best practices" to  
XML digial signature 1.1

ACTION-428: Frederick Hirsch to Edit requirements 2.0 removing design  
section and exmples

ACTION-429: Frederick Hirsch to Make change to section 2.1 adding new  
sentence

ACTION-430: Frederick Hirsch to Edit the XML Encryption explanation  
document to make changes identified by Cynthia.

ACTION-443: Thomas Roessler to Glue together the two pieces of today's  
irc log & minutes, and remove his twitter link while he's at it

ACTION-445: Frederick Hirsch to Update shortnames in requirement docs

ACTION-446: Frederick Hirsch to Update publication wiki

11b) Open Action Review

Open actions are listed in Tracker at http://www.w3.org/2008/xmlsec/track/actions/open

Procedure for closing actions: http://www.w3.org/2007/xmlsec/Group/Overview.html#closing-actions

Please review open action list and update your actions appropriately:

http://www.w3.org/2008/xmlsec/actions-open.html

12) Issue review

http://www.w3.org/2008/xmlsec/track/issues/open

13) Other Business

14) Adjourn

Scribing  list
----------------
Konrad Lanz, IAIK (24 February 2009, 16 July F2F am)
Juan Carlos Cruellas, Universitat Politècnica de Catalunya (17  
February 2009, 16 September 2008)
Magnus Nyström, EMC (2 June, 2009)
Cynthia Martin, MITRE (7 July 2009)
Bradley Hill, Invited Expert (14 July 2009,)
Chris Solc, Adobe (21 July 2009)
Thomas Roessler/Ed Simon, Invited Expert (11 August 2009)
John Wray, IBM (1 Sept 2009,)
Scott Cantor, invited expert (8 Sept 2009)
Kelvin Yiu, Microsoft (22 Sept 2009)
Sean Mullan, Sun (6 October 2009, 12 May 2009 F2F am)
Bruce Rich, IBM (13 October 2009, 5 May 2009)
Pratik Datta, Oracle (20 October 2009, 13 May 2009 F2F pm)
Hal Lockhart, Oracle (27 October 2009, 16 June 2009)
Gerald Edgar, Boeing (5 November 2009 F2F, 29 Sept 2009)
Shivaram Mysore, Invited Expert (6 November 2009 F2F, 23 June 2009)
Brian LaMacchia, Microsoft (6 November 2009 F2F, 13 May 2009 F2F am)

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG

Received on Monday, 16 November 2009 16:29:08 UTC