- From: <Frederick.Hirsch@nokia.com>
- Date: Mon, 25 Oct 2010 17:31:55 +0200
- To: <public-xmlsec@w3.org>
- CC: <Frederick.Hirsch@nokia.com>
Agenda: W3C XML Security WG Distributed Meeting #85, 26 October 2010 Distributed Meeting Logistics details and links to information at the bottom of this email. 1) Administrivia: Scribe confirmation, Agenda review, Meeting Planning, Liaisons, Announcements Reminder - F2F next week in conjunction with TPAC, 1- 2 November. DST discrepancy if dialing in - http://lists.w3.org/Archives/Member/member-xmlsec/2010Oct/0001.html No teleconference 9 November, next teleconference 16 November. 2) Minutes Approval Approve 19 October 2010 minutes http://www.w3.org/2010/10/19-xmlsec-minutes.html Proposed RESOLUTION: Minutes from 19 October 2010 approved. 3) F2F Agenda review Please review agenda for F2F: http://lists.w3.org/Archives/Public/public-xmlsec/2010Oct/0036.html 4) Action review Open actions are listed in Tracker at <http://www.w3.org/2008/xmlsec/track/actions/open Procedure for closing actions: <http://www.w3.org/2007/xmlsec/Group/Overview.html#closing-actions Review action list, given below agenda. If any of these can be closed in advance of meeting please indicate that on the list. 5) Issue review <http://www.w3.org/2008/xmlsec/track/issues/open> Review issue list, given below agenda. If any of these can be closed in advance of meeting please indicate that on the list. 6) Roadmap discussion Review status and plans. http://www.w3.org/2008/xmlsec/wiki/Roadmap 7) Interop and performance testing plans Discuss 8) Close Pending actions These will be closed after the meeting unless concern raised before or during meeting. Please review in advance of meeting. None 9) Other Business 10) Adjourn regards, Frederick Frederick Hirsch, Nokia Chair XML Security WG Scribing list ---------------- Bruce Rich, IBM (30 March 2010) Ed Simon, Invited Expert (15 June 2010, 25 January 2010) Cynthia Martin, MITRE (6 July 2010, 2 March 2010) Pratik Datta, Oracle (27 July 2010, 20 October 2009) Gerald Edgar, Boeing (10 August 2010, 22 June 2010, 13 April 2010) Hal Lockhart, Oracle (17 August 2010, 2 February 2010, 27 October 2009) Thomas Roessler (31 August 2010, 4 May, 2010, 20 April 2010) Magnus Nyström, Microsoft (7 Sept 2010, 27 April, 2010, 2 June, 2009) Chris Solc, Adobe (14 Sept 2010, 26 January 2010, 8 December 2009) Meiko Jensen (21 Sept 2010, 11 May, 2010) Shivaram Mysore, Invited Expert (28 Sept 2010, 7 Sept 2010, 6 November 2009 F2F, 23 June 2009) Brian LaMacchia, Microsoft (19 October 2010, 25 May 2010, 6 November 2009 F2F) Scott Cantor, invited expert (19 October 2010, 31 August 2010, 1 June 2010, 24 Nov 2009) Not seen recently: Bradley Hill, Invited Expert (14 July 2009) John Wray, IBM (15 Dec 2009, 1 Sept 2009) Sean Mullan, Oracle (12 January 2010, 6 October 2009) Aldrin d'Souza, EMC (9 Feb 2010) Karel Wouters IBBT, (9 March 2010) Logistics Info: 10-12:00 am Eastern Time Information on meeting times in various time zones: http://www.w3.org/2008/xmlsec/Group/Overview.html#phone Zakim Bridge: +1.617.761.6200 conference code 965732# ('XMLSEC') IRC Chat: irc.w3.org (port 6665), #xmlsec Web-based IRC (member-only): <http://irc.w3.org/?channels=xmlsec> Please note that attendance of XMLSEC WG teleconferences is restricted to registered WG participants and persons invited by the chair. Scribe Instructions: <http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html Liaison information: <http://www.w3.org/2008/xmlsec/Group/Overview.html#coordination Publication Status available at <http://www.w3.org/2008/xmlsec/wiki/PublicationStatus Roadmap at <http://www.w3.org/2008/xmlsec/wiki/Roadmap> --- open actions: ACTION-238: Thomas Roessler to Update the proposal associated with ACTION-222 and send to list. ACTION-411: Pratik Datta to Perform measurement related to transform octet conversion ACTION-426: Pratik Datta to Run performance tests on non-optimized Signature implementation ACTION-476: Frederick Hirsch to Review xml signature 2.0 ACTION-538: Meiko Jensen to Provide proposal related to namespace wrapping attacks once XPath profile available ACTION-548: Ed Simon to Ed to review XPath Profile ACTION-604: Hal Lockhart to Propose change for best practices for ISSUE-170 ACTION-608: Hal Lockhart to Initiate feedback response to Magic Signatures ACTION-609: Ed Simon to Review Magic Signatures and comment ACTION-610: Cynthia Martin to Review magic signatures and comment ACTION-619: Ed Simon to Review Meiko proposal for ACTION-538 ACTION-621: Thomas Roessler to Propose ECC-related refactoring of spec ACTION-638: Scott Cantor to Make proposal for ISSUE-210, see also http://lists.w3.org/Archives/Public/public-xmlsec/2010Aug/0043.html (uncomplicate section) ACTION-647: Pratik Datta to Implement Cantor's proposed text to identify all attributes ACTION-654: Meiko Jensen to Provide some performance data related to implementing entire c14n2 with all options, to influence choices regarding conformance ACTION-659: Pratik Datta to Review newTransformModel URI and does URI need correct? http://www.w3.org/2010/xmldsig2#newTransformModel in Signature 2.0 ACTION-660: Scott Cantor to Propose changes to C14N2 to support enveloped signature ACTION-661: Pratik Datta to Summarize issue related to use of ID without DTD for discussion and resolution ACTION-666: Thomas Roessler to Propose edits to XML Encryption examples wrt EXI response ACTION-667: Pratik Datta to Add text regarding potential 1-pass issues to XPath document, using proposal from Meikohttp://lists.w3.org/Archives/Public/public-xmlsec/2010Sep/0013.html ACTION-672: Thomas Roessler to Answer whether W3 can make formal request for IPR disclosure without creating a PAG, and if so, does this happen when entering CR or earlier ACTION-673: Thomas Roessler to Outline process for starting a PAG and share with WG ACTION-674: Scott Cantor to Update 1.1 with change for X509SerialNumber ACTION-676: Frederick Hirsch to Discuss XPath profile roadmap with tlr ACTION-677: Pratik Datta to Remove .. from XPath subset, http://lists.w3.org/Archives/Public/public-xmlsec/2010Oct/0010.html ACTION-678: Pratik Datta to Add editorial warning about potential future changes to XPath subset ACTION-679: Pratik Datta to Update XPath profile to allow assertion to include all id references utilized by reference ACTION-680: Pratik Datta to Add proposal to document, with clarification regarding double quotes and still allowing approach #3, http://lists.w3.org/Archives/Public/public-xmlsec/2010Oct/0016.html Open issues: [OPEN] ISSUE-211 : Stand alone version of Streaming XPath Profile versus diff, http://lists.w3.org/Archives/Public/public-xmlsec/2010Aug/0055.html http://www.w3.org/2008/xmlsec/track/issues/211 [OPEN] ISSUE-210 : Restructuring of Signature 2.0 "uncomplicate" section 4.4.3 by http://www.w3.org/2008/xmlsec/track/issues/210 [OPEN] ISSUE-208 : List 2.0 algorithms in algorithms cross-reference http://www.w3.org/2008/xmlsec/track/issues/208 [OPEN] ISSUE-202 : How to define parameter sets in document, vs conformance criteria http://www.w3.org/2008/xmlsec/track/issues/202 [OPEN] ISSUE-213 : XML Signature 2.0 needs precise definitions of Included/ExcludedXPath elements http://www.w3.org/2008/xmlsec/track/issues/213 [OPEN] ISSUE-212 : Additional denial of service attack for Best Practices, http://lists.w3.org/Archives/Public/public-xmlsec/2010Aug/0020.html http://www.w3.org/2008/xmlsec/track/issues/212 [OPEN] ISSUE-217 : XML Signature 2.0 needs 2.0 mode examples, e.g. , verification, selection etc. http://www.w3.org/2008/xmlsec/track/issues/217 [OPEN] ISSUE-215 : C14N2 conformance - optional parameters, profiles, etc http://www.w3.org/2008/xmlsec/track/issues/215 [OPEN] ISSUE-216 : Whether and how to test denial of service cases in test suite http://www.w3.org/2008/xmlsec/track/issues/216 [OPEN] ISSUE-214 : XML Signature 2.0 needs precise definitions of Verification element and its children. http://www.w3.org/2008/xmlsec/track/issues/214 [OPEN] ISSUE-204 : Integrated recognition of QName content ; on [Canonical XML Version 2.0] http://www.w3.org/2008/xmlsec/track/issues/204 [OPEN] ISSUE-206 : For c14n20 profile - clarify that conformance implies support, but also changes to xml or what must be explicitly specified ; on [Canonical XML Version 2.0] http://www.w3.org/2008/xmlsec/track/issues/206 [OPEN] ISSUE-198 : How to determine if arbitrary text content contains prefixes? Might need to do a lot of searching because text content can be large ; on[Canonical XML Version 2.0] http://www.w3.org/2008/xmlsec/track/issues/198 [OPEN] ISSUE-199 : Move appendix A and example type material to separate examples document from C14N2 ; on [Canonical XML Version 2.0] http://www.w3.org/2008/xmlsec/track/issues/199 [OPEN] ISSUE-178 : Highlight additional text constraints on XSD schema as such. ; on [XML Encryption 1.1] http://www.w3.org/2008/xmlsec/track/issues/178 [OPEN] ISSUE-91 : ECC can't be REQUIRED ; on [XML Security - General] http://www.w3.org/2008/xmlsec/track/issues/91 [OPEN] ISSUE-138 : What interoperability and security issues arise out of schema validation behavior? ; on [XML Signature 2.0] http://www.w3.org/2008/xmlsec/track/issues/138 [OPEN] ISSUE-132 : Keep 2.0 xenc transform feature in sync with signature 2.0 ; on [XML Signature 2.0] http://www.w3.org/2008/xmlsec/track/issues/132 [OPEN] ISSUE-122 : Explain why peformance improvements and rationale, relationship to earlier work ; on [XML Signature 2.0] http://www.w3.org/2008/xmlsec/track/issues/122 [OPEN] ISSUE-140 : Clarify how XPath is interpreted relative to entire document and ds:Reference ; on [XML Signature 2.0] http://www.w3.org/2008/xmlsec/track/issues/140 [OPEN] ISSUE-86 : Document performance criterial and benchmarks ; on [XML Signature 2.0] http://www.w3.org/2008/xmlsec/track/issues/86 [OPEN] ISSUE-156 : Threat for signature from use of namespace prefixes with corresponding unsigned namespace declarations leading to wrapping like attacks ; on [XML Signature 2.0] http://www.w3.org/2008/xmlsec/track/issues/156 [OPEN] ISSUE-203 : How to tag id-ness of attributes when schema isn't parsed ; on [XML Signature 2.0] http://www.w3.org/2008/xmlsec/track/issues/203 [OPEN] ISSUE-201 : C14N 2.0 handling of DTD-related and Schema-related behaviors ; on [XML Signature 2.0] http://www.w3.org/2008/xmlsec/track/issues/201 [OPEN] ISSUE-43 : Improvements to XML Signature schema ; on [XML Signature 2.0] http://www.w3.org/2008/xmlsec/track/issues/43 [OPEN] ISSUE-160 : Define URI for Canonical XML 2.0, add section to Signature 2.0 defining Canonical XML 2.0 ; on [XML Signature 2.0] http://www.w3.org/2008/xmlsec/track/issues/160 [OPEN] ISSUE-159 : Address/document potential security issues due to mismatch of security and application processing, including wrapping attacks ; on [XML Signature 2.0] http://www.w3.org/2008/xmlsec/track/issues/159 [OPEN] ISSUE-71 : Change section titles in best practices to match practices ; on [XML Signature Best Practices] http://www.w3.org/2008/xmlsec/track/issues/71 [OPEN] ISSUE-170 : Should we recomend signing namespaces as part of Best Practice 12 (dependency on ACTION-538) ; on [XML Signature Best Practices] http://www.w3.org/2008/xmlsec/track/issues/170 ---
Received on Monday, 25 October 2010 15:32:31 UTC