W3C

XML Security Working Group Teleconference

12 Apr 2011

Agenda

See also: IRC log

Attendees

Present
Frederick_Hirsch, Ed_Simon, Scott_Cantor, Thomas_Roessler, Cynthia_Martin, Chris_Solc, Bruce_Rich, Gerald_Edgar, Pratik_Datta, Brian_LaMacchia
Regrets
Chair
Frederick_Hirsch
Scribe
Gerald-E

Contents


<trackbot> Date: 12 April 2011

Administrative

<scribe> Scribenick: Gerald-E

fjh: No announcements. Meeting next week. Not meeting 26 April, 3 May, 10 May. Meeting again 17 May.

Minutes Approval

<fjh> Approve minutes, 5 April 2011 (revised)

<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2011Apr/att-0022/minutes-2011-04-05.html

RESOLUTION: Minutes from 5 April are approved.

PAG

tlr: Organizing PAG call, expect first teleconference next week

Security 2.0 publication

fjh: asked for review in XML Coordination Group, commitment to review XML Signature 2.0 and Canonical XML 2.0 from XML Core, action to XSL to review XPath profile, Norm also agreed to review specs in May
... Thomas to help with publication

tlr: opportunity to organize an external group to review 2.0
... it would very good to have an external group review this before last call.

fjh: external review will increase confidence in the standards
... WG decision needed, choices a) publish and have review of a working draft or b) reaffirm decision to last call

<Cynthia> I would like more external review, especially from the IETF

pdatta: it is hard to collect information from people outside the group, Last Call helps to get attention and review

fjh: do people understand that 2.0 is backwards compatable?

tlr: a question to ask of the group, how likely is it that we will have at least two independent implementations of this?
... if we have a review from an implementor then we can have more confidence in the specification

<fjh> ACTION: fjh to contact Juan Carlos re XML Security 2.0 review [recorded in http://www.w3.org/2011/04/12-xmlsec-minutes.html#action01]

<trackbot> Created ACTION-788 - Contact Juan Carlos re XML Security 2.0 review [on Frederick Hirsch - due 2011-04-19].

tlr: if others will adopt this specification

<fjh> ACTION: fjh to follow up with XML Coordination WG re XML Security 2.0 review [recorded in http://www.w3.org/2011/04/12-xmlsec-minutes.html#action02]

<trackbot> Created ACTION-789 - Follow up with XML Coordination WG re XML Security 2.0 review [on Frederick Hirsch - due 2011-04-19].

fjh: if we go directly to last call, what is the effect?

tlr: last call is a working group decision.

scantor: until the spec is done, or in a final state it would be difficult to reference the spec in the implementation.

fjh: the coordination group will review this, and we may be going to last call in May.
... we would not go to CR if we did not have at least 2 implimentations

<fjh> ACTION: fjh to ask Makoto re XML Security 2.0 security review, with ePub consideration [recorded in http://www.w3.org/2011/04/12-xmlsec-minutes.html#action03]

<trackbot> Created ACTION-790 - Ask Makoto re XML Security 2.0 security review, with ePub consideration [on Frederick Hirsch - due 2011-04-19].

<fjh> would not want to enter CR without having expectation of exiting CR with at least two implementations

<fjh> question, do we go to Last Call now, as a call for review, or seek more informal review before doing so

<Ed_Simon> +1 to not entering CR until there are at least two implementations showing interoperability

tlr: it is the working group's decision

Brian: it is surprising this issue is coming up now

<fjh> Last Call sends stronger signal for review, the reason we made this decision on earlier call

Bruce: we need to do something to trigger implementations

pdatta: leaning toward last call

Scott: leaning to LC, the implementation story is not going to change in the next few months

fjh: we need to make it clear that 1.1 is not going away.

<tlr> ACTION: thomas to request SAAG review of XML Sec 2.0 once spec is in LC [recorded in http://www.w3.org/2011/04/12-xmlsec-minutes.html#action04]

<trackbot> Created ACTION-791 - Request SAAG review of XML Sec 2.0 once spec is in LC [on Thomas Roessler - due 2011-04-19].

tlr: what is the timing?
... the last call period could be until late May.

fjh: if we do not have things lined up for LC, we might want to give people time for more review.

tlr: we do not have to be limited to one month.

fjh: the earliest would be the end of may.

RESOLUTION: The last call will be until May 31

fjh: do we want to make an agreement that we need two implementations before CR

PROPOSED RESOLUTION: we will not entger CR until we have two implementations in work, if not completed

<fjh> proposed RESOLUTION: WG will enter CR once it has confirmed two or more implementation in progress and resolved Last Call comments

RESOLUTION: WG will enter CR once it has confirmed two or more implementation in progress and resolved Last Call comments

fjh: tlr will deal with publication

<fjh> ACTION: tlr to prepare Last Call publication, for publication by next week [recorded in http://www.w3.org/2011/04/12-xmlsec-minutes.html#action05]

<trackbot> Created ACTION-792 - Prepare Last Call publication, for publication by next week [on Thomas Roessler - due 2011-04-19].

Editorial Update

<fjh> RELAX NG Schemas

<fjh> Incorporated corrections from Makoto, http://lists.w3.org/Archives/Public/public-xmlsec/2011Apr/0018.html

<fjh> Algorithms Cross-Reference

<fjh> I updated, see, http://lists.w3.org/Archives/Public/public-xmlsec/2011Apr/0024.html

fjh: checking correctness of references into other documents, will notify when done.

Interop and Test Cases

<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2011Apr/0023.html

fjh: what are the gaps for 1.1 itself?

<fjh> ACTION: gerald to review 1.1 interop to determine which gaps we have in 1.1 testing itself [recorded in http://www.w3.org/2011/04/12-xmlsec-minutes.html#action06]

<trackbot> Created ACTION-793 - Review 1.1 interop to determine which gaps we have in 1.1 testing itself [on Gerald Edgar - due 2011-04-19].

<fjh> gerald: notes that he reviewed gaps in 2.0 testing that isn't covered in 1.1 testing.

<fjh> gerald: we need test streaming

<fjh> streaming is hard to test for, it would be a negative test

<fjh> spec written to enable streaming

pdatta: to make some examples using the new features

fjh: prefix re-writing

<Ed_Simon> * back in 5 minutes

fjh: c14n and XPath profile
... start with what is obvious
... to create a test plan,

<fjh> ACTION: pdatta to add test case prefix rewriting [recorded in http://www.w3.org/2011/04/12-xmlsec-minutes.html#action07]

<trackbot> Created ACTION-794 - Add test case prefix rewriting [on Pratik Datta - due 2011-04-19].

pdatta: to create one or two test cases for prefix re-writing

<fjh> we need a test plan, so it can be reviewed

Action Review

<fjh> see last weeks, we discussed open actions, please review and complete. Performance is one of them.

Issue Review

<fjh> ISSUE-132?

<trackbot> ISSUE-132 -- Keep 2.0 xenc transform feature in sync with signature 2.0 -- open

<trackbot> http://www.w3.org/2008/xmlsec/track/issues/132

<fjh> for when coming out of Last Call

fjh: there is nothing to do with issue-132 at this time

<fjh> Meeting next week.

<fjh> Not meeting 26 April, 3 May, 10 May.

<fjh> Meeting again 17 May

Adjourn

Summary of Action Items

[NEW] ACTION: fjh to ask Makoto re XML Security 2.0 security review, with ePub consideration [recorded in http://www.w3.org/2011/04/12-xmlsec-minutes.html#action03]
[NEW] ACTION: fjh to contact Juan Carlos re XML Security 2.0 review [recorded in http://www.w3.org/2011/04/12-xmlsec-minutes.html#action01]
[NEW] ACTION: fjh to follow up with XML Coordination WG re XML Security 2.0 review [recorded in http://www.w3.org/2011/04/12-xmlsec-minutes.html#action02]
[NEW] ACTION: gerald to review 1.1 interop to determine which gaps we have in 1.1 testing itself [recorded in http://www.w3.org/2011/04/12-xmlsec-minutes.html#action06]
[NEW] ACTION: pdatta to add test case prefix rewriting [recorded in http://www.w3.org/2011/04/12-xmlsec-minutes.html#action07]
[NEW] ACTION: thomas to request SAAG review of XML Sec 2.0 once spec is in LC [recorded in http://www.w3.org/2011/04/12-xmlsec-minutes.html#action04]
[NEW] ACTION: tlr to prepare Last Call publication, for publication by next week [recorded in http://www.w3.org/2011/04/12-xmlsec-minutes.html#action05]
 
[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.135 (CVS log)
$Date: 2009-03-02 03:52:20 $