# XML Security Working Group Teleconference ## 02 Aug 2011 [Agenda][3] See also: [IRC log][4] ## Attendees Present Frederick_Hirsch, Cynthia_Martin, Ed_Simon, Chris_Solc, Hal_Lockhart, Gerald_Edgar, Pratik_Datta, Scott_Cantor, Bruce_Rich Regrets Thomas_Roessler Chair Frederick_Hirsch Scribe csolc ## Contents * [Topics][5] 1. [Administrative][6] 2. [Minutes Approval][7] 3. [XML Security 1.1][8] 4. [Updated XML Signature Best Practices editors draft][9] 5. [Update of XML Signature 1.1 to reference Best Practices in introduction, LC-2504][10] 6. [1.1 Test Case review][11] 7. [XML Security 2.0][12] * [Summary of Action Items][13] * * * Date: 02 August 2011 ### Administrative ScribeNick: csolc Publication moratoria for 2H2011, [http://lists.w3.org/Archives/Member /member-xmlsec/2011Jul/0006.html][14] ### Minutes Approval [http://lists.w3.org/Archives/Public/public- xmlsec/2011Jun/att-0058/minutes-2011-06-28.html][15] Proposed RESOLUTION: Minutes from 28 June are approved. **RESOLUTION: Minutes from 28 June 2011 are approved** ### XML Security 1.1 [http://www.w3.org/2006/02/lc-comments-tracker/42458/CR-xmldsig- core1-20110303/2502][16] [http://lists.w3.org/Archives/Public/public- xmlsec/2011Jun/0063.html][17] (Sean) [http://lists.w3.org/Archives/Public/public- xmlsec/2011Jun/0064.html][18] (Scott) [http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.html#sec- RetrievalMethod][19] change in section 4.5, paragraph 2 If KeyInfo is omitted, the recipient is expected to be able to identify the key based on application context. Multiple declarations within KeyInfo refer to the same key. While applications may define and use any mechanism they choose through inclusion of elements from a different namespace, compliant versions must implement KeyValue (section 4.5.2 The KeyValue Element) and should implement RetrievalMethod (section 4.5.3 The RetrievalMethod Element). proposed RESOLUTION: change RetrievalMethod to KeyInfoReference in paragraph 2 section 4.5 and update section reference, for Signature 1.1 and 2.0 **RESOLUTION: change RetrievalMethod to KeyInfoReference in paragraph 2 section 4.5 and update section reference, for Signature 1.1 and 2.0** **ACTION:** fjh to update SIgnature 1.1 and 2.0 with change of SHOULD in 4.5 [recorded in [http://www.w3.org/2011/08/02-xmlsec- minutes.html#action01][20]] Created ACTION-816 - Update SIgnature 1.1 and 2.0 with change of SHOULD in 4.5 [on Frederick Hirsch - due 2011-08-09]. anything more to do with [http://lists.w3.org/Archives/Public/public- xmlsec/2011Jun/0063.html][17] ### Updated XML Signature Best Practices editors draft [http://lists.w3.org/Archives/Public/public-xmlsec/2011Jul/0007.html][21] [http://lists.w3.org/Archives/Public/public-xmlsec/2011Jul/0013.html][22] **RESOLUTION: Publish an updated best practices document for XML Signature Aug 9 2011** **ACTION:** fjh to prepare and submit best practices draft for publication [recorded in [http://www.w3.org/2011/08/02-xmlsec- minutes.html#action02][23]] Created ACTION-817 - Prepare and submit best practices draft for publication [on Frederick Hirsch - due 2011-08-09]. ### Update of XML Signature 1.1 to reference Best Practices in introduction, LC-2504 Update of XML Signature 1.1 to reference Best Practices in introduction, LC-2504 [http://lists.w3.org/Archives/Public/public-xmlsec/2011Jul/0014.html][24] ### 1.1 Test Case review [http://lists.w3.org/Archives/Public/public-xmlsec/2011Jul/0009.html][25] (Gerald) Gerald is asking for the group to add comments on the 1.1 Test cases. Comments on the 1.1 Test cases should be sent to the list. **ACTION:** fjh to check in test cases document distributed by Gerald [recorded in [http://www.w3.org/2011/08/02-xmlsec-minutes.html#action03][26]] Created ACTION-818 - Check in test cases document distributed by Gerald [on Frederick Hirsch - due 2011-08-09]. ### XML Security 2.0 Update of XML Signature 2.0 to reference Best Practices in introduction, LC-2507 [http://lists.w3.org/Archives/Public/public-xmlsec/2011Jul/0015.html][27] (Frederick) [http://lists.w3.org/Archives/Public/public- xmlsec/2011Aug/0000.html][28] use "attributes in the XML namespace" for section 11.3 [http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-20/#sec- NamespaceContext][29] **ACTION:** pdatta to update 2.0 11.3 text, including changes discussed in email [http://lists.w3.org/Archives/Public/public- xmlsec/2011Aug/0000.html][28] [recorded in [http://www.w3.org/2011/08/02 -xmlsec-minutes.html#action04][30]] Created ACTION-819 - Update 2.0 11.3 text, including changes discussed in email [http://lists.w3.org/Archives/Public/public- xmlsec/2011Aug/0000.html][28] [on Pratik Datta - due 2011-08-09]. LC-2506, [http://www.w3.org/2006/02/lc-comments-tracker/42458/WD- xmldsig-core2-20110421/2506?cid=2506][31] need to track down what specific change is needed here ACTION-699? ACTION-699 -- Cynthia Martin to update interop wiki with suite B organization -- due 2010-11-08 -- OPEN [http://www.w3.org/2008/xmlsec/track/actions/699][32] ## Summary of Action Items **[NEW]** **ACTION:** fjh to check in test cases document distributed by Gerald [recorded in [http://www.w3.org/2011/08/02-xmlsec- minutes.html#action03][26]] **[NEW]** **ACTION:** fjh to prepare and submit best practices draft for publication [recorded in [http://www.w3.org/2011/08/02-xmlsec- minutes.html#action02][23]] **[NEW]** **ACTION:** fjh to update SIgnature 1.1 and 2.0 with change of SHOULD in 4.5 [recorded in [http://www.w3.org/2011/08/02-xmlsec- minutes.html#action01][20]] **[NEW]** **ACTION:** pdatta to update 2.0 11.3 text, including changes discussed in email [http://lists.w3.org/Archives/Public/public- xmlsec/2011Aug/0000.html][28] [recorded in [http://www.w3.org/2011/08/02 -xmlsec-minutes.html#action04][30]] [End of minutes] * * * Minutes formatted by David Booth's [scribe.perl][33] version 1.135 ([CVS log][34]) $Date: 2009-03-02 03:52:20 $ [1]: http://www.w3.org/Icons/w3c_home [2]: http://www.w3.org/ [3]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Jul/0017.html [4]: http://www.w3.org/2011/08/02-xmlsec-irc [5]: #agenda [6]: #item01 [7]: #item02 [8]: #item03 [9]: #item04 [10]: #item05 [11]: #item06 [12]: #item07 [13]: #ActionSummary [14]: http://lists.w3.org/Archives/Member/member-xmlsec/2011Jul/0006.html [15]: http://lists.w3.org/Archives/Public/public- xmlsec/2011Jun/att-0058/minutes-2011-06-28.html [16]: http://www.w3.org/2006/02/lc-comments-tracker/42458/CR-xmldsig- core1-20110303/2502 [17]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0063.html [18]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0064.html [19]: http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.html #sec-RetrievalMethod [20]: http://www.w3.org/2011/08/02-xmlsec-minutes.html#action01 [21]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Jul/0007.html [22]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Jul/0013.html [23]: http://www.w3.org/2011/08/02-xmlsec-minutes.html#action02 [24]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Jul/0014.html [25]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Jul/0009.html [26]: http://www.w3.org/2011/08/02-xmlsec-minutes.html#action03 [27]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Jul/0015.html [28]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Aug/0000.html [29]: http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-20/#sec- NamespaceContext [30]: http://www.w3.org/2011/08/02-xmlsec-minutes.html#action04 [31]: http://www.w3.org/2006/02/lc-comments-tracker/42458/WD-xmldsig- core2-20110421/2506?cid=2506 [32]: http://www.w3.org/2008/xmlsec/track/actions/699 [33]: http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm [34]: http://dev.w3.org/cvsweb/2002/scribe/