See also: IRC log
<trackbot> Date: 02 March 2010
<fjh> ScribeNick: Cynthia
<fjh> No teleconference 16 or 23 March.
Cynthia is scribing today
Everything is on the XMLSec Admin page
Welcome Meiko, Karel- new members
<mjensen> hi all
<KarelWouters> hi all 2
<scribe> New members please send email to the list to introduce yourselves
<mjensen> :)
<fjh> Publications process change; http://lists.w3.org/Archives/Member/member-xmlsec/2010Feb/0021.html
<KarelWouters> done
Change in the publications process, should not impact members
<fjh> Powerbox proposal (DAP): http://lists.w3.org/Archives/Public/public-xmlsec/2010Mar/0004.html
Powerbox proposal: security aspects, if you are interested please review, welcome feedback, not related to this WG
<fjh> epub use of RELAX NG XML Signature schema
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2010Feb/0051.html
Makoto is helping generate the RELAX NG schemas
minutes need to be moved to proper location
<fjh> http://lists.w3.org/Archives/Member/member-xmlsec/2010Mar/att-0000/23-xmlsec-minutes.html
fjh: minor change from Cynthia, needs to be approved
<fjh> 23 February minutes
<fjh> Proposed RESOLUTION: minutes from 23 Feb 2010 approved.
RESOLUTION: minutes from 23 Feb 2010 approved.
<fjh> RNG Schema files updated
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2010Feb/0000.html
fjhd: update editors draft, look at it if you like
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2010Feb/0050.html
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2010Feb/0052.html
fjh: added alternative to key methold
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2010Feb/0047.html
fjh: still need to finish
<fjh> XML Signature 1.1; http://lists.w3.org/Archives/Public/public-xmlsec/2010Mar/0010.html
fjh: Update to XMLDSIG v1.1, last call
... Any questions?
<fjh> Proposal for 5.42, PBKDF2, ISSUE-186, ACTION-515
<fjh> issue-186?
<trackbot> ISSUE-186 -- What is the normative content of section 5.4.2? (PBKDF2) -- CLOSED
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/186
fjh: Proposal for 5.42, PBKDF2, ISSUE-186, ACTION-515
<fjh> action-515?
<trackbot> ACTION-515 -- Aldrin J D'Souza to propose the schema addition for issue-186 -- due 2010-02-23 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/515
<fjh> proposed RESOLUTION: Accept proposed resolution to ISSUE-186 in
<fjh> message 44 as revised by message 53 in the February 2010 archive.
fjh: suggest accepting proposal with modification
... any problems accepting change?
RESOLUTION: Accept proposed resolution to ISSUE-186 in message 44 as revised by message 53 in the February 2010 archive
fjh: Can edit the document, need CVS
aldrin: Could do it but need help with CVS
tlr: expect the publication to be soon, will send aldrin an email to turn the file around quickly
aldrin: I am fine with that, whatever gets it done faster
<fjh> ACTION: aldrin to implement proposed change to XML Encryption 1.1 per proposal to resolve ISSUE-186 [recorded in http://www.w3.org/2010/03/02-xmlsec-minutes.html#action01]
<trackbot> Created ACTION-533 - Implement proposed change to XML Encryption 1.1 per proposal to resolve ISSUE-186 [on Aldrin J D'Souza - due 2010-03-09].
fjh: Submitted action, if adrin cannot do it quickly, let us know as soon as you can
aldrin: how quick is quick-
tlr: when can you do it
aldrin: perhaps by tomorrow am my time
<fjh> Generic Hybrid Cipher - review + suggested updates
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2010Feb/0041.html
fjh: Magnus is not on the call
... the changes seem reasonable, Thomas have you looked at them
tlr: Can sort this out now
fjh: would like to accept this so we can move on
... choices: take another week or accept the changes now, they seem reasonable, feedback came from people who know this work, advise?
RESOLUTION: Accept Generic Hybrid Cipher changes proposed by Magnus in message 0041 in February
<fjh> ACTION: magnus to implement proposed generic hybrid cipher changes [recorded in http://www.w3.org/2010/03/02-xmlsec-minutes.html#action02]
<trackbot> Created ACTION-534 - Implement proposed generic hybrid cipher changes [on Magnus Nystrom - due 2010-03-09].
<fjh> RNG schema for Encryption 1.1 and Generic Hybrid Cipher
http://lists.w3.org/Archives/Public/public-xmlsec/2010Feb/0045.html
<fjh> Encryption 1.1 has pointer to XML Security RNG Schemas document
fjh: Suggestion, take it out of ENCv1.1 for now
<fjh> proposed RESOLUTION: temporarily remove reference to RNG schema from XML Encryption 1.1 until Encryption RNG schema is ready
I agree
who is speaking?
<esimon2> Ed is speaking.
fjh: This is informative, not normative
... Go to the other document for normative RNG Schema, still in the works
tlr: There is a way to squeeze in one publication the week of March 16, will cause some problems, but it is possible
... Agree to temporarily remove the text until Makoto is finished
<fjh> ACTION: fjh to add section on RNG schema to Generic Hybrid Cipher [recorded in http://www.w3.org/2010/03/02-xmlsec-minutes.html#action03]
<trackbot> Created ACTION-535 - Add section on RNG schema to Generic Hybrid Cipher [on Frederick Hirsch - due 2010-03-09].
tlr: Certain descretion from WG about the publication, please speak up now
fjh: Lots of changes based on Scotts review
Scott: Not promising that everything is correct
tlr: Is anyone going to look at this before publication?
<scantor> my exchanges with him were about spec issues, but I have NO knowledge of RNG or plans to look at them
fjh: We can publish something even if something is not completely correct
Scott: The worked looked good, Makota updated the document based on comments
Generic Hybrid Cipher
fjh: Everything has been updated, missing the ENC in the Generic Hybrid Cipher, lot has been done
tlr: Get ready for publication date this week, do not make a decision for another week, wait for the update from Makota
tlf: Choose 2 weeks from now, March 16, after that I will not make changes
fjh: Allow changes before the March 16 date, only that section
<fjh> 16 march publication date, prepare for publication this week, including changes this week. freeze this week, with possible change to rng schema before 16th
fjh: Need a resolution for this decision
<fjh> proposed RESOLUTION: publish updated draft of XML Security RNG schemas on 16th, allowing possible addition of Encryption schemas if possible
RESOLUTION: publish updated draft of XML Security RNG schemas on 16th, allowing possible addition of Encryption schemas if possible
http://lists.w3.org/Archives/Public/public-xmlsec/2010Mar/0010.html
<fjh> issue-188?
<trackbot> ISSUE-188 -- Agreement referenced in XML Signature 1.1 but definition not clear -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/188
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2010Mar/0001.html
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2010Mar/0010.html
fjh: Propose changes and made the changes, any issues/concerns?
<fjh> proposed RESOLUTION: Accept change to XML Signature 1.1 for ISSUE-188 as distributed by Magnus in message 1 of March 2010.
fjh: Tried the last call tracker, did anyone receive a notice on that?
... let me know if you received a last call notice
Accept change to XML Signature 1.1 for ISSUE-188 as distributed by Magnus in message 1 of March 2010.
RESOLUTION: Accept change to XML Signature 1.1 for ISSUE-188 as distributed by Magnus in message 1 of March 2010.
<fjh> Changes from C14N 1.1 and 2.0
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2010Feb/0048.html
fjh: Do we have enough information to publish the draft
pratik: yes, includes copyright information
I can't hear Pratik that well
fjh: Pratik can you help Thomas?
tlr: Don't spend time on the charset issues
fjh: Open Actions
... Enormous amount of work that needs to be available publically
... Will probably publish again in a month
<fjh> ACTION-521?
<trackbot> ACTION-521 -- Thomas Roessler to check with EXI group on Type parameter -- due 2010-03-07 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/521
fjh: Do not want to hold up on this, anything? Should we worry about this?
<fjh> ACTION-525?
<trackbot> ACTION-525 -- Frederick Hirsch to incorporate RNG schema update into RNG schemas draft -- due 2010-03-01 -- PENDINGREVIEW
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/525
fjh: Action Done
<fjh> ACTION-528?
<trackbot> ACTION-528 -- Magnus Nystrom to review issue-188 related to xenc:Agreement referenced from XML Signature 1.1 -- due 2010-03-02 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/528
fjh: Magnus, close this
<fjh> ACTION-528 closed
<trackbot> ACTION-528 Review issue-188 related to xenc:Agreement referenced from XML Signature 1.1 closed
tlr: Some feedback, on their agenda on their call tomorrow, should hear more about it after their meeting
<fjh> action-521 closed
<trackbot> ACTION-521 Check with EXI group on Type parameter closed
tlr: low chance that we made any mistakes
<fjh> ACTION-529?
<trackbot> ACTION-529 -- Pratik Datta to add KeyInfoReference to Signature 2.0 (ISSUE-182) -- due 2010-03-02 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/529
fjh: Pratik - status
tlr: The more that gets done early this week the better, but it needs to be done by late tomorrow
fjh: Patrik let me know if you need help
<fjh> ACTION-531?
<trackbot> ACTION-531 -- Thomas Roessler to review algorithms cross reference and update the document -- due 2010-03-02 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/531
Pratik: I can do it today
fjh: Thomas this is yours
<fjh> ISSUE-160?
<trackbot> ISSUE-160 -- Define URI for Canonical XML 2.0, add section to Signature 2.0 defining Canonical XML 2.0 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/160
tlr: Dont' worry about it
fjh: Take a look (Pratik)
<fjh> ISSUE-178?
<trackbot> ISSUE-178 -- Highlight additional text constraints on XSD schema as such. -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/178
fjh: Nice to do, but can be done later, defer this one
<fjh> ISSUE-164?
<trackbot> ISSUE-164 -- RNG schema needed for Generic Hybrid Ciphers -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/164
<fjh> ISSUE-189?
<trackbot> ISSUE-189 -- RNG Schemas needed for XML Encryption 1.1 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/189
fjh: Not a showstopper, just keeping track of these
<fjh> proposed RESOLUTION: Publish updated working drafts of XML Encryption 1.1, Generic Hybrid Ciphers, and XML Security RNG Schemas including changes agreed on today's call
<fjh> proposed RESOLUTION: Publish updated working drafts of Canonical XML 2.0 and XML Signature 2.0 including changes agreed on today's call
<esimon2> * Ed back in 10 min.
tlr: We don't have the editors draft for publication, propose to circulate editors draft and move ahead for publication if no objections, largely a clerical document
... Reasonable?
<fjh> proposed RESOLUTION: publish updated working draft XML Security Algorithm Cross-Reference if there is no objection after Thomas shares draft on list
fjh: To make this work, people need to review this fast, else it will not work
I can't hear you...
<fjh> shall we agree on these three proposed resolutions, any objection or concerns?
can you hear me speaking...
<scantor> no
<Gerald_e> I will take notes
yes, I can hear you, but there if feedback
<fjh> unumute cynthia
fjh: Any objections to the three items in the resolution
RESOLUTION: Publish updated working draft XML Security Algorithm Cross-Reference if there is no objection after Thomas shares draft on list
<fjh> 2.0 resolution
RESOLUTION: Publish updated working drafts of Canonical XML 2.0 and XML Signature 2.0 including changes agreed on today's call
fjh: Update on ECC
tlr: Hope we have something this week, initially they are aware they need to give us something by the end of February and last call
<fjh> proposed RESOLUTION: Publish updated working drafts of XML Encryption 1.1, Generic Hybrid Ciphers, and XML Security RNG Schemas including changes agreed on today's call
RESOLUTION: Publish updated working drafts of XML Encryption 1.1, Generic Hybrid Ciphers, and XML Security RNG Schemas including changes agreed on today's call
Cynthia: Thank you for keeping track of the ECC
fjh: Take a look at the URI, can we do something about that, in the XMLDSIG document
<esimon2> I'm back
fjh: Fixing a short URI issue, can be done on the list, add it later, suggestions Pratik/Thomas?
... Need to add URI
<tlr> http://www.w3.org/2010/xml-c14n2
fjh: Concerns using this?
<pdatta> http://www.w3.org/2010/xmlsec/xml-c14n20
fjh: Need to specify which canonicalization we are using in the URI
<pdatta> http://www.w3.org/2008/xmlsec/Drafts/c14n-20/#sec-Use
Pratik: We have this URI in the document in the examples
Scott: It's in section 3
tlr: The URI we mostly use in the document are in the name space for experimental
Scott: You are looking at XMLDSIG
tlr: Need to work with Pratik to use the same canonicalization name space
<fjh> ACTION: tlr to propose revised C14N20 URI (with Pratik) [recorded in http://www.w3.org/2010/03/02-xmlsec-minutes.html#action04]
<trackbot> Created ACTION-536 - Propose revised C14N20 URI (with Pratik) [on Thomas Roessler - due 2010-03-09].
<fjh> http://www.w3.org/2010/xmlsec/xml-c14n20
<tlr> ACTION: pratik and thomas to work out mutually agreeable 2.0 URIs [recorded in http://www.w3.org/2010/03/02-xmlsec-minutes.html#action05]
<trackbot> Created ACTION-537 - And thomas to work out mutually agreeable 2.0 URIs [on Pratik Datta - due 2010-03-09].
fjh: Make sure all the examples use the same URI, would like it before publication date
tlr: Will work with Pratik directly and get it done
fjh: What needs to be done before and/or after publication?
tlr: better before publication
<fjh> ACTION-13?
<trackbot> ACTION-13 -- Konrad Lanz to review streaming using 2nd edition Signature -- due 2008-11-10 -- CLOSED
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/13
<fjh> http://lists.w3.org/Archives/Member/member-xmlsec/2010Feb/0028.html
fjh: already closed
ACTION-508?
<trackbot> ACTION-508 -- Pratik Datta to review Encryption 1.1, including proposed processing model changes -- due 2010-02-02 -- PENDINGREVIEW
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/508
<fjh> ISSUE-162?
<trackbot> ISSUE-162 -- Will reliable determination of Object element type and encoding be possible under 2.0 Transform -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/162
fjh: Look at this later, not going to look at this now, need to deal with this issue
... Any other business
Status on interoperability testing and implementations
tlr: Invited Meiko.Jensen@rub.de to join WG, namespace wrapping issues and streamability topic, review working draft
<mjensen> already started so
tlr: What are the next steps on namespace wrapping? Could come up with a good way to discuss this in the group
speaking?
Ed: Don't have time for this right now with all the standards work
mjensen: namespace work...
Ed: general assessment, requires more detailed work and effort
<fjh> meiko: working on solutions, namespace wrapping attack prevention might require changes to xml processing
mjensen: Problem always requires restrictions on XML documents, but would not like to include it on the specifications, proposed some solutions
... Can propose something in the next week or so
<fjh> ACTION: mjensen to provide proposal related to namespace wrapping attacks [recorded in http://www.w3.org/2010/03/02-xmlsec-minutes.html#action06]
<trackbot> Created ACTION-538 - Provide proposal related to namespace wrapping attacks [on Meiko Jensen - due 2010-03-09].
Pratik: Put in a placeholder for this in the document, can be expanded on this
<fjh> ACTION: mjensen to review C14N20 draft [recorded in http://www.w3.org/2010/03/02-xmlsec-minutes.html#action07]
<trackbot> Created ACTION-539 - Review C14N20 draft [on Meiko Jensen - due 2010-03-09].
mjensen: will review the document and get back to you
<KarelWouters> nope, not at the moment
fjh: anything else on that?
fjh: Have done most of the v1.1 interopreability testing, need additional work on this, some of the mechanisms for keying have not been done
... No v2.0 interopreability testing yet, any change in status?
... Plan on going forward and stay in candidate recommendation until we have implementations
... Anything to add?
Need to find implemenations of v1.1 and v2.0
<fjh> ACTION: fjh to ask Makoto regarding implementations and interop [recorded in http://www.w3.org/2010/03/02-xmlsec-minutes.html#action08]
<trackbot> Created ACTION-540 - Ask Makoto regarding implementations and interop [on Frederick Hirsch - due 2010-03-09].
fjh: Not necessarily enough work to justify a F2F - may need to cancel the F2F
I agree, there is no reason to meet unless we find other implementations
fjh: Do not schedule a F2F until we hear more
<Gerald_e> Where is the technical Plenary this year?
tlr: Suggestion, plan a technical plenary in the fall, right now there should not be a meeting in June, meeting once a year is useful, have the next one at the next technical plenary at TPAC
... Not sure when it will be
... Should be in Europe,
fjh: Good plan, justify a meeting, interop and meeting
<fjh> proposed RESOLUTION: Not have a F2F in June.
tlr: Location will be announced very soon
fjh: Let Juan-Carlos know about the F2F in June
RESOLUTION: Not have a F2F in June.
fjh: I will let Juan-Carlos know
... What else do we have to discuss?
... Any other business?
... We will meet next week, do stuff on the list, review comments
... For those with actions, please do them
<fjh> Scribe: Cynthia_Martin