Agenda - Distributed Meeting 2010-10-26

Agenda: W3C XML Security WG Distributed Meeting #85, 26 October  2010  Distributed Meeting

Logistics details and links to information at the bottom of this email.

1) Administrivia: Scribe confirmation, Agenda review, Meeting  Planning, Liaisons, Announcements

Reminder - F2F next week in conjunction with TPAC, 1- 2 November.
DST discrepancy if dialing in - http://lists.w3.org/Archives/Member/member-xmlsec/2010Oct/0001.html

No teleconference 9 November, next teleconference 16 November.

2) Minutes Approval

Approve 19 October 2010 minutes

http://www.w3.org/2010/10/19-xmlsec-minutes.html

Proposed RESOLUTION: Minutes from 19 October 2010 approved.

3) F2F Agenda review

Please review agenda for F2F:

http://lists.w3.org/Archives/Public/public-xmlsec/2010Oct/0036.html

4) Action review

Open actions are listed in Tracker at <http://www.w3.org/2008/xmlsec/track/actions/open

Procedure for closing actions: <http://www.w3.org/2007/xmlsec/Group/Overview.html#closing-actions

Review action list, given below agenda. If any of these can be closed in advance of meeting please indicate that on the list.

5) Issue review

<http://www.w3.org/2008/xmlsec/track/issues/open>

Review issue list, given below agenda. If any of these can be closed in advance of meeting please indicate that on the list.

6) Roadmap discussion

Review status and plans.

http://www.w3.org/2008/xmlsec/wiki/Roadmap

7) Interop and performance testing plans

Discuss

8)   Close Pending actions

These will be closed after the meeting unless concern raised before  or  during meeting. Please review in advance of meeting.

None

9) Other Business

10) Adjourn

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG

Scribing  list
----------------
Bruce Rich, IBM (30 March 2010)
Ed Simon, Invited Expert (15 June 2010, 25 January 2010)
Cynthia Martin, MITRE (6 July 2010, 2 March 2010)
Pratik Datta, Oracle (27 July 2010, 20 October 2009)
Gerald Edgar, Boeing (10 August 2010, 22 June 2010, 13 April 2010)
Hal Lockhart, Oracle (17 August 2010, 2 February 2010, 27 October 2009)
Thomas Roessler (31 August 2010, 4 May, 2010, 20 April 2010)
Magnus Nyström, Microsoft (7 Sept 2010, 27 April, 2010, 2 June, 2009)
Chris Solc, Adobe (14 Sept 2010, 26 January 2010, 8 December 2009)
Meiko Jensen (21 Sept 2010, 11 May, 2010)
Shivaram Mysore, Invited Expert (28 Sept 2010, 7 Sept 2010, 6 November 2009 F2F, 23 June 2009)
Brian LaMacchia, Microsoft (19 October 2010, 25 May 2010, 6 November 2009 F2F)
Scott Cantor, invited expert (19 October 2010, 31 August 2010, 1 June 2010, 24 Nov 2009)

Not seen recently:
Bradley Hill, Invited Expert (14 July 2009)
John Wray, IBM (15 Dec 2009, 1 Sept 2009)
Sean Mullan, Oracle (12 January 2010, 6 October 2009)
Aldrin d'Souza, EMC (9 Feb 2010)
Karel Wouters IBBT, (9 March 2010)

Logistics Info:

10-12:00 am Eastern Time
Information on meeting times in various time zones:
http://www.w3.org/2008/xmlsec/Group/Overview.html#phone

Zakim Bridge:
+1.617.761.6200 conference code 965732# ('XMLSEC')

IRC Chat: irc.w3.org (port 6665), #xmlsec

Web-based IRC (member-only): <http://irc.w3.org/?channels=xmlsec>

Please note that attendance of XMLSEC WG teleconferences is  
restricted  to registered WG participants and persons invited by the  
chair.

Scribe Instructions: <http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html

Liaison information: <http://www.w3.org/2008/xmlsec/Group/Overview.html#coordination

Publication Status available at <http://www.w3.org/2008/xmlsec/wiki/PublicationStatus

Roadmap at <http://www.w3.org/2008/xmlsec/wiki/Roadmap>
---

open actions:

ACTION-238: Thomas Roessler to Update the proposal associated with ACTION-222 and send to list.

ACTION-411: Pratik Datta to Perform measurement related to transform octet conversion

ACTION-426: Pratik Datta to Run performance tests on non-optimized Signature implementation

ACTION-476: Frederick Hirsch to Review xml signature 2.0

ACTION-538: Meiko Jensen to Provide proposal related to namespace wrapping attacks once XPath profile available

ACTION-548: Ed Simon to Ed to review XPath Profile

ACTION-604: Hal Lockhart to Propose change for best practices for ISSUE-170

ACTION-608: Hal Lockhart to Initiate feedback response to Magic Signatures

ACTION-609: Ed Simon to Review Magic Signatures and comment

ACTION-610: Cynthia Martin to Review magic signatures and comment

ACTION-619: Ed Simon to Review Meiko proposal for ACTION-538

ACTION-621: Thomas Roessler to Propose ECC-related refactoring of spec

ACTION-638: Scott Cantor to Make proposal for ISSUE-210, see also http://lists.w3.org/Archives/Public/public-xmlsec/2010Aug/0043.html (uncomplicate section)

ACTION-647: Pratik Datta to Implement Cantor's proposed text to identify all attributes

ACTION-654: Meiko Jensen to Provide some performance data related to implementing entire c14n2 with all options, to influence choices regarding conformance

ACTION-659: Pratik Datta to Review newTransformModel URI and does URI need correct? http://www.w3.org/2010/xmldsig2#newTransformModel in Signature 2.0

ACTION-660: Scott Cantor to Propose changes to C14N2 to support enveloped signature

ACTION-661: Pratik Datta to Summarize issue related to use of ID without DTD for discussion and resolution

ACTION-666: Thomas Roessler to Propose edits to XML Encryption examples wrt EXI response

ACTION-667: Pratik Datta to Add text regarding potential 1-pass issues to XPath document, using proposal from Meikohttp://lists.w3.org/Archives/Public/public-xmlsec/2010Sep/0013.html

ACTION-672: Thomas Roessler to Answer whether W3 can make formal request for IPR disclosure without creating a PAG, and if so, does this happen when entering CR or earlier

ACTION-673: Thomas Roessler to Outline process for starting a PAG and share with WG

ACTION-674: Scott Cantor to Update 1.1 with change for X509SerialNumber

ACTION-676: Frederick Hirsch to Discuss XPath profile roadmap with tlr

ACTION-677: Pratik Datta to Remove .. from XPath subset, http://lists.w3.org/Archives/Public/public-xmlsec/2010Oct/0010.html

ACTION-678: Pratik Datta to Add editorial warning about potential future changes to XPath subset

ACTION-679: Pratik Datta to Update XPath profile to allow assertion to include all id references utilized by reference

ACTION-680: Pratik Datta to Add proposal to document, with clarification regarding double quotes and still allowing approach #3, http://lists.w3.org/Archives/Public/public-xmlsec/2010Oct/0016.html


Open issues:

[OPEN] ISSUE-211 : Stand alone version of Streaming XPath Profile versus diff, http://lists.w3.org/Archives/Public/public-xmlsec/2010Aug/0055.html 
http://www.w3.org/2008/xmlsec/track/issues/211 


[OPEN] ISSUE-210 : Restructuring of Signature 2.0 "uncomplicate" section 4.4.3 by 
http://www.w3.org/2008/xmlsec/track/issues/210 


[OPEN] ISSUE-208 : List 2.0 algorithms in algorithms cross-reference 
http://www.w3.org/2008/xmlsec/track/issues/208 


[OPEN] ISSUE-202 : How to define parameter sets in document, vs conformance criteria 
http://www.w3.org/2008/xmlsec/track/issues/202 


[OPEN] ISSUE-213 : XML Signature 2.0 needs precise definitions of Included/ExcludedXPath elements 
http://www.w3.org/2008/xmlsec/track/issues/213 


[OPEN] ISSUE-212 : Additional denial of service attack for Best Practices, http://lists.w3.org/Archives/Public/public-xmlsec/2010Aug/0020.html 
http://www.w3.org/2008/xmlsec/track/issues/212 


[OPEN] ISSUE-217 : XML Signature 2.0 needs 2.0 mode examples, e.g. , verification, selection etc. 
http://www.w3.org/2008/xmlsec/track/issues/217 


[OPEN] ISSUE-215 : C14N2 conformance - optional parameters, profiles, etc 
http://www.w3.org/2008/xmlsec/track/issues/215 


[OPEN] ISSUE-216 : Whether and how to test denial of service cases in test suite 
http://www.w3.org/2008/xmlsec/track/issues/216 


[OPEN] ISSUE-214 : XML Signature 2.0 needs precise definitions of Verification element and its children. 
http://www.w3.org/2008/xmlsec/track/issues/214 


[OPEN] ISSUE-204 : Integrated recognition of QName content ; on [Canonical XML Version 2.0] 
http://www.w3.org/2008/xmlsec/track/issues/204 


[OPEN] ISSUE-206 : For c14n20 profile - clarify that conformance implies support, but also changes to xml or what must be explicitly specified ; on [Canonical XML Version 2.0] 
http://www.w3.org/2008/xmlsec/track/issues/206 


[OPEN] ISSUE-198 : How to determine if arbitrary text content contains prefixes? Might need to do a lot of searching because text content can be large ; on[Canonical XML Version 2.0] 
http://www.w3.org/2008/xmlsec/track/issues/198 


[OPEN] ISSUE-199 : Move appendix A and example type material to separate examples document from C14N2 ; on [Canonical XML Version 2.0] 
http://www.w3.org/2008/xmlsec/track/issues/199 


[OPEN] ISSUE-178 : Highlight additional text constraints on XSD schema as such. ; on [XML Encryption 1.1] 
http://www.w3.org/2008/xmlsec/track/issues/178 


[OPEN] ISSUE-91 : ECC can't be REQUIRED ; on [XML Security - General] 
http://www.w3.org/2008/xmlsec/track/issues/91 


[OPEN] ISSUE-138 : What interoperability and security issues arise out of schema validation behavior? ; on [XML Signature 2.0] 
http://www.w3.org/2008/xmlsec/track/issues/138 


[OPEN] ISSUE-132 : Keep 2.0 xenc transform feature in sync with signature 2.0 ; on [XML Signature 2.0] 
http://www.w3.org/2008/xmlsec/track/issues/132 


[OPEN] ISSUE-122 : Explain why peformance improvements and rationale, relationship to earlier work ; on [XML Signature 2.0] 
http://www.w3.org/2008/xmlsec/track/issues/122 


[OPEN] ISSUE-140 : Clarify how XPath is interpreted relative to entire document and ds:Reference ; on [XML Signature 2.0] 
http://www.w3.org/2008/xmlsec/track/issues/140 


[OPEN] ISSUE-86 : Document performance criterial and benchmarks ; on [XML Signature 2.0] 
http://www.w3.org/2008/xmlsec/track/issues/86 


[OPEN] ISSUE-156 : Threat for signature from use of namespace prefixes with corresponding unsigned namespace declarations leading to wrapping like attacks ; on [XML Signature 2.0] 
http://www.w3.org/2008/xmlsec/track/issues/156 


[OPEN] ISSUE-203 : How to tag id-ness of attributes when schema isn't parsed ; on [XML Signature 2.0] 
http://www.w3.org/2008/xmlsec/track/issues/203 


[OPEN] ISSUE-201 : C14N 2.0 handling of DTD-related and Schema-related behaviors ; on [XML Signature 2.0] 
http://www.w3.org/2008/xmlsec/track/issues/201 


[OPEN] ISSUE-43 : Improvements to XML Signature schema ; on [XML Signature 2.0] 
http://www.w3.org/2008/xmlsec/track/issues/43 


[OPEN] ISSUE-160 : Define URI for Canonical XML 2.0, add section to Signature 2.0 defining Canonical XML 2.0 ; on [XML Signature 2.0] 
http://www.w3.org/2008/xmlsec/track/issues/160 


[OPEN] ISSUE-159 : Address/document potential security issues due to mismatch of security and application processing, including wrapping attacks ; on [XML Signature 2.0] 
http://www.w3.org/2008/xmlsec/track/issues/159 


[OPEN] ISSUE-71 : Change section titles in best practices to match practices ; on [XML Signature Best Practices] 
http://www.w3.org/2008/xmlsec/track/issues/71 


[OPEN] ISSUE-170 : Should we recomend signing namespaces as part of Best Practice 12 (dependency on ACTION-538) ; on [XML Signature Best Practices] 
http://www.w3.org/2008/xmlsec/track/issues/170 

---

Received on Monday, 25 October 2010 15:32:31 UTC