Agenda: Distributed Meeting 2010-01-12 v2

Agenda: W3C XML Security WG (XMLSec) v2
Teleconference  12 January 2010
Distributed Meeting #53

v2 added editorial updates, xml encryption item 13

10-12:00 am Eastern Time
Information on meeting times in various time zones:
http://www.w3.org/2008/xmlsec/Group/Overview.html#phone

Zakim Bridge:
+1.617.761.6200 conference code 965732# ('XMLSEC')
IRC Chat:
irc.w3.org (port 6665), #xmlsec
Web-based IRC (member-only):
<http://cgi.w3.org/member-bin/irc/irc.cgi>

Please note that attendance of XMLSEC WG teleconferences is
restricted  to registered WG participants and persons invited by the
chair.

Publication Status available at
http://www.w3.org/2008/xmlsec/wiki/PublicationStatus

Chair: Frederick Hirsch

Regrets:

see http://www.w3.org/2008/xmlsec/Group/Overview.html#upcoming-meetings

1) Administrivia: Scribe confirmation, Agenda review, Meeting
Planning, Liaisons, Announcements

1a)  Scribe selection

The current scribe list is at the end of this message, will rotate
through this list.

Scribe Instructions:
http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html

1b) Agenda review

Review agenda.

1c) Meeting planning

Next call 19 January

1d) Liaisons and Coordination

See status at members page
http://www.w3.org/2008/xmlsec/Group/Overview.html#coordination

1e) Announcements

new RSA factoring record (768-bit)

http://eprint.iacr.org/2010/006.pdf (Thomas)

2) Minutes Approval

2a) Approve 5 January minutes

http://www.w3.org/2010/01/05-xmlsec-minutes.html

3) Editorial Updates

3a) Signature Properties

http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0018.html   
(Frederick)

added RNG schema
http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0031.html   
(Frederick)

3b) Best Practices

http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0022.html   
(Frederick)

I've added a note to the Best Practices text related to RFC 3161.  
Please review. See http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/#timestamp-authorities
http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0029.html  
(Frederick)
3c) XML Signature 1.1

Reference updates

http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0038.html  
(Frederick/Thomas)

http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0043.html  
(Frederick)

3d) XML Encryption 1.1

Reference updates

http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0044.html  
(Frederick)

4) Open XML Signature 1.1 Issues

ISSUE-82: Should 1.1 spec mandate support for range of RSA key sizes   
(and DSA)?

ISSUE-91: ECC can't be REQUIRED

ISSUE-149: Link requirements to features

Completed with restructuring of Requirements to 1.1 and 2.0   
requirements?

ISSUE-158: Add SHA-1 warnings

http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0004.html   
(Cynthia)

  ISSUE-166 -- RNG schema needed for Signature Properties
http://www.w3.org/2008/xmlsec/track/issues/166

  ISSUE-165 -- Add note that standalone XSD file takes precedence  
when  there is XSD schema file, XSD snippets in document and RNG  
schema - to  XML Signature 1.1, Signature Properties, XML Encryption  
1.1 and
Generic Hybrid Ciphers -- OPEN

Proposal: http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0017.html 
   (Frederick)

ISSUE-167 Unicode references
http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0032.html
fixed.

ISSUE-168 references
http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0033.html

5) Open Actions related to Last Call of XML Signature 1.1 and   
SIgnature Properties

If these are completed please change status to Pending.

ACTION-421: Ed Simon to Look at the 1.1 schema

ACTION-350: Ed Simon to Propose text to align node set result   
treatment for XSLT and XPath in 1.1 spec

ACTION-431: Thomas Roessler to Fix "they" in RFC2119 section   
throughout all documents

ACTION-438: Shivaram Mysore to check 1.1 requirements against enc,  
sig  EDs

ACTION-449: Cynthia Martin to Review 1.1 bibliographies (depends on   
ACTION-448)

6) XML Signature 1.1 Readiness to Enter Last Call

7) XML Signature Properties Readiness to Enter Last Call

8) Best Practices - ready for Publication Update

Review comments
http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0019.html   
(Frederick)

ISSUE-156: Threat for signature from use of namespace prefixes with   
corresponding unsigned namespace declarations leading to wrapping  
like  attacks

9) XML Security 1.1 Requirements  - ready for Publication Update

ACTION-391: Gerald Edgar to See if ISSUE-131 is covered in   
requirements doc
ISSUE-131 is closed.

10) XML Security 2.0 Requirements  - ready for Publication Update

11) Open Issues for XML Encryption 1.1

ISSUE-165 -- Add note that standalone XSD file takes precedence when   
there is XSD schema file, XSD snippets in document and RNG schema -  
to  XML Signature 1.1, Signature Properties, XML Encryption 1.1 and   
Generic Hybrid Ciphers -- OPEN
discussed above.
ISSUE-150: Use of XML encryption type encoding in EXI

ISSUE-154: Links to references need to be updated from 2000 XML Rec  
to  XML 1.0 5th Edition

General review of references

12) Open issues for Generic Hybrid Ciphers

ISSUE-164 -- RNG schema needed for Generic Hybrid Ciphers -- OPEN
http://www.w3.org/2008/xmlsec/track/issues/164

ISSUE-165 -- Add note that standalone XSD file takes precedence when   
there is XSD schema file, XSD snippets in document and RNG schema -  
to  XML Signature 1.1, Signature Properties, XML Encryption 1.1 and
Generic Hybrid Ciphers -- OPEN
discussed above.

13) XML Encryption 1.1

http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0030.html  
(Magnus)

14) Action review

14a) Close Pending actions

These will be closed after the meeting unless concern raised before   
or  during meeting. Please review in advance of meeting.
ACTION-451: Magnus Nystrom to Review the Pratik AES-GCM proposal with  
Magnus

ACTION-468: Thomas Roessler to Confirm whether optional features   
require 2+ implementations or only one.

ACTION-480: Frederick Hirsch to Create issues for 2.0 from 1.1 review

ACTION-482: Thomas Roessler to Update approved minutes from 15   
december, permissions and style - http://www.w3.org/2009/12/15-xmlsec-minutes.html

ACTION-483: Frederick Hirsch to Update HMAC output warning with text   
from Brian: "Signatures must be deemed invalid if the truncation
length is below the larger of (a) half the underlying hash  
algorithm's  output length, and (b) 80 bits"

ACTION-484: Frederick Hirsch to Review Cynthia comments on best   
practices, update best practices

ACTION-486: Frederick Hirsch to Update XML Signature Properties to   
correct schema, add stand-alone schema file

14b) Open Action Review

Open actions are listed in Tracker at http://www.w3.org/2008/xmlsec/track/actions/open

Procedure for closing actions: http://www.w3.org/2007/xmlsec/Group/Overview.html#closing-actions

Please review open action list and update your actions appropriately:

http://www.w3.org/2008/xmlsec/actions-open.html

ACTION-412: Ed Simon to Review ISSUE-115

ISSUE-115 is closed.

ACTION-485 Thomas Roessler to Review actions assigned to Konrad and   
summarize which can be closed and which need further action

15) Issue review

http://www.w3.org/2008/xmlsec/track/issues/open

16) Other Business

17) Adjourn

Scribing  list
----------------
Konrad Lanz, IAIK (24 February 2009, 16 July F2F am)
Juan Carlos Cruellas, Universitat Politècnica de Catalunya (17
February 2009, 16 September 2008)
Magnus Nyström, EMC (2 June, 2009)
Bradley Hill, Invited Expert (14 July 2009)
Thomas Roessler/Ed Simon, Invited Expert (11 August 2009)
Sean Mullan, Sun (6 October 2009, 12 May 2009 F2F am)
Bruce Rich, IBM (13 October 2009, 5 May 2009)
Pratik Datta, Oracle (20 October 2009, 13 May 2009 F2F pm)
Hal Lockhart, Oracle (27 October 2009, 16 June 2009)
Shivaram Mysore, Invited Expert (6 November 2009 F2F, 23 June 2009)
Brian LaMacchia, Microsoft (6 November 2009 F2F, 13 May 2009 F2F am)
Cynthia Martin, MITRE (17 November 2009, 7 July 2009)
Scott Cantor, invited expert (24 Nov 2009, 8 Sept 2009)
Chris Solc, Adobe (8 December 2009)
John Wray, IBM (15 Dec 2009, 1 Sept 2009)
Gerald Edgar, Boeing (5 January 2010, 5 November 2009 F2F)

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG

Received on Tuesday, 12 January 2010 14:58:11 UTC