Agenda: Distributed Meeting 2010-01-12

Agenda: W3C XML Security WG (XMLSec)
Teleconference  12 January 2010
Distributed Meeting #53

10-12:00 am Eastern Time
Information on meeting times in various time zones:
http://www.w3.org/2008/xmlsec/Group/Overview.html#phone

Zakim Bridge:
+1.617.761.6200 conference code 965732# ('XMLSEC')
IRC Chat:
irc.w3.org (port 6665), #xmlsec
Web-based IRC (member-only):
<http://cgi.w3.org/member-bin/irc/irc.cgi>

Please note that attendance of XMLSEC WG teleconferences is   
restricted  to registered WG participants and persons invited by the  
chair.

Publication Status available at
http://www.w3.org/2008/xmlsec/wiki/PublicationStatus

Chair: Frederick Hirsch

Regrets:

see http://www.w3.org/2008/xmlsec/Group/Overview.html#upcoming-meetings

1) Administrivia: Scribe confirmation, Agenda review, Meeting   
Planning, Liaisons, Announcements

1a)  Scribe selection

The current scribe list is at the end of this message, will rotate   
through this list.

Scribe Instructions:
http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html

1b) Agenda review

Review agenda.

1c) Meeting planning

Next call 19 January

1d) Liaisons and Coordination

See status at members page
http://www.w3.org/2008/xmlsec/Group/Overview.html#coordination

1e) Announcements

new RSA factoring record (768-bit)

http://eprint.iacr.org/2010/006.pdf (Thomas)

2) Minutes Approval

2a) Approve 5 January minutes

http://www.w3.org/2010/01/05-xmlsec-minutes.html

3) Editorial Updates

3a) Signature Properties

http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0018.html  
(Frederick)

3b) Best Practices

http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0022.html  
(Frederick)

4) Open XML Signature 1.1 Issues

ISSUE-82: Should 1.1 spec mandate support for range of RSA key sizes  
(and DSA)?

ISSUE-91: ECC can't be REQUIRED

ISSUE-149: Link requirements to features

Completed with restructuring of Requirements to 1.1 and 2.0  
requirements?

ISSUE-158: Add SHA-1 warnings

http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0004.html  
(Cynthia)

  ISSUE-166 -- RNG schema needed for Signature Properties
http://www.w3.org/2008/xmlsec/track/issues/166
  ISSUE-165 -- Add note that standalone XSD file takes precedence when  
there is XSD schema file, XSD snippets in document and RNG schema - to  
XML Signature 1.1, Signature Properties, XML Encryption 1.1 and  
Generic Hybrid Ciphers -- OPEN

Proposal: http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0017.html 
  (Frederick)

5) Open Actions related to Last Call of XML Signature 1.1 and  
SIgnature Properties

If these are completed please change status to Pending.

ACTION-421: Ed Simon to Look at the 1.1 schema

ACTION-350: Ed Simon to Propose text to align node set result  
treatment for XSLT and XPath in 1.1 spec

ACTION-431: Thomas Roessler to Fix "they" in RFC2119 section  
throughout all documents

ACTION-438: Shivaram Mysore to check 1.1 requirements against enc, sig  
EDs

ACTION-449: Cynthia Martin to Review 1.1 bibliographies (depends on  
ACTION-448)

6) XML Signature 1.1 Readiness to Enter Last Call

7) XML Signature Properties Readiness to Enter Last Call

8) Best Practices - ready for Publication Update

Review comments
http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0019.html  
(Frederick)

ISSUE-156: Threat for signature from use of namespace prefixes with  
corresponding unsigned namespace declarations leading to wrapping like  
attacks

9) XML Security 1.1 Requirements  - ready for Publication Update

ACTION-391: Gerald Edgar to See if ISSUE-131 is covered in  
requirements doc
ISSUE-131 is closed.

10) XML Security 2.0 Requirements  - ready for Publication Update

11) Open Issues for XML Encryption 1.1

ISSUE-165 -- Add note that standalone XSD file takes precedence when  
there is XSD schema file, XSD snippets in document and RNG schema - to  
XML Signature 1.1, Signature Properties, XML Encryption 1.1 and  
Generic Hybrid Ciphers -- OPEN
discussed above.
ISSUE-150: Use of XML encryption type encoding in EXI

ISSUE-154: Links to references need to be updated from 2000 XML Rec to  
XML 1.0 5th Edition

General review of references

12) Open issues for Generic Hybrid Ciphers

ISSUE-164 -- RNG schema needed for Generic Hybrid Ciphers -- OPEN
http://www.w3.org/2008/xmlsec/track/issues/164
ISSUE-165 -- Add note that standalone XSD file takes precedence when  
there is XSD schema file, XSD snippets in document and RNG schema - to  
XML Signature 1.1, Signature Properties, XML Encryption 1.1 and  
Generic Hybrid Ciphers -- OPEN
discussed above.
13) Action review

13a) Close Pending actions

These will be closed after the meeting unless concern raised before   
or  during meeting. Please review in advance of meeting.
ACTION-468: Thomas Roessler to Confirm whether optional features  
require 2+ implementations or only one.

ACTION-480: Frederick Hirsch to Create issues for 2.0 from 1.1 review

ACTION-482: Thomas Roessler to Update approved minutes from 15  
december, permissions and style - http://www.w3.org/2009/12/15-xmlsec-minutes.html

ACTION-483: Frederick Hirsch to Update HMAC output warning with text  
from Brian: "Signatures must be deemed invalid if the truncation  
length is below the larger of (a) half the underlying hash algorithm's  
output length, and (b) 80 bits"

ACTION-484: Frederick Hirsch to Review Cynthia comments on best  
practices, update best practices

ACTION-486: Frederick Hirsch to Update XML Signature Properties to  
correct schema, add stand-alone schema file

13b) Open Action Review

Open actions are listed in Tracker at http://www.w3.org/2008/xmlsec/track/actions/open

Procedure for closing actions: http://www.w3.org/2007/xmlsec/Group/Overview.html#closing-actions

Please review open action list and update your actions appropriately:

http://www.w3.org/2008/xmlsec/actions-open.html

ACTION-412: Ed Simon to Review ISSUE-115

ISSUE-115 is closed.

ACTION-485 Thomas Roessler to Review actions assigned to Konrad and  
summarize which can be closed and which need further action

14) Issue review

http://www.w3.org/2008/xmlsec/track/issues/open

15) Other Business

16) Adjourn

Scribing  list
----------------
Konrad Lanz, IAIK (24 February 2009, 16 July F2F am)
Juan Carlos Cruellas, Universitat Politècnica de Catalunya (17
February 2009, 16 September 2008)
Magnus Nyström, EMC (2 June, 2009)
Bradley Hill, Invited Expert (14 July 2009)
Thomas Roessler/Ed Simon, Invited Expert (11 August 2009)
Sean Mullan, Sun (6 October 2009, 12 May 2009 F2F am)
Bruce Rich, IBM (13 October 2009, 5 May 2009)
Pratik Datta, Oracle (20 October 2009, 13 May 2009 F2F pm)
Hal Lockhart, Oracle (27 October 2009, 16 June 2009)
Shivaram Mysore, Invited Expert (6 November 2009 F2F, 23 June 2009)
Brian LaMacchia, Microsoft (6 November 2009 F2F, 13 May 2009 F2F am)
Cynthia Martin, MITRE (17 November 2009, 7 July 2009)
Scott Cantor, invited expert (24 Nov 2009, 8 Sept 2009)
Chris Solc, Adobe (8 December 2009)
John Wray, IBM (15 Dec 2009, 1 Sept 2009)
Gerald Edgar, Boeing (5 January 2010, 5 November 2009 F2F)

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG

Received on Friday, 8 January 2010 17:02:51 UTC