# XML Security Working Group Teleconference

## 09 Aug 2011

[Agenda][3]

See also: [IRC log][4]

## Attendees

Present

    Frederick_Hirsch, Chris_Solc, Hal_Lockhart, Gerald_Edgar, Scott_Cantor,
Cynthia_Martin, Bruce_Rich

Regrets

    Pratik_Datta, Ed_Simon, Magnus_Nystrom, Brian_LaMacchia

Chair

    Frederick_Hirsch

Scribe

    Hal

## Contents

  * [Topics][5]

    1. [Administration][6]

    2. [Minutes Approval][7]

    3. [XML Security 1.1][8]

    4. [XML Security 2.0][9]

    5. [Test Cases][10]

    6. [XML Encryption][11]

    7. [Adjourn][12]

  * [Summary of Action Items][13]

* * *

<trackbot> Date: 09 August 2011

<fjh> ScribeNick: Hal

### Administration

### Minutes Approval

<fjh> Approve minutes, 2 August 2011

<fjh> [http://lists.w3.org/Archives/Public/public-
xmlsec/2011Aug/att-0005/minutes-2011-08-02.html][14]

<fjh> Proposed RESOLUTION: Minutes from 2 August are approved.

**RESOLUTION: Minutes from 2 August are approved.**

### XML Security 1.1

<fjh> please review editorial updates to resolve LC issues

<fjh> LC-2502 (substantive), ACTION-816

<fjh> change RetrievalMethod toKeyInfoReference for SHOULD

<fjh> Done, please review: [http://lists.w3.org/Archives/Public/public-
xmlsec/2011Aug/0007.html][15]

<fjh> LC2506 changes completed

<fjh> [http://lists.w3.org/Archives/Public/public-
xmlsec/2011Aug/0008.html][16]\

<fjh> RetrievalMethod in 2.0

<fjh> [http://lists.w3.org/Archives/Public/public-
xmlsec/2011Aug/0010.html][17]

<scantor> I don't think we have a good basis for barring Transforms *inside*
RetrievalMethod itself as part of the general 2.0 changes

<fjh> proposed RESOLUTION: update 2.0 spec to treat RetrievalMethod same as in
1.1, specifically not disallow Transform within RetrievalMethod

<scantor> rather, we should make it a deprecated feature

<fjh> also should consider deprecating in 1.1 and disallowing in 2.0

**RESOLUTION: update 2.0 spec to treat RetrievalMethod same as in 1.1,
specifically not disallow Transform within RetrievalMethod**

<fjh> **ACTION:** tlr to remind WG how to deprecate RetrievalMethod in 1.1 and
disallow in 2.0 appropriately [recorded in [http://www.w3.org/2011/08/09
-xmlsec-minutes.html#action01][18]]

<trackbot> Created ACTION-820 - Remind WG how to deprecate RetrievalMethod in
1.1 and disallow in 2.0 appropriately [on Thomas Roessler - due 2011-08-16].

<fjh> **ACTION:** fjh to update 2.0 spec to treat RetrievalMethod same as in
1.1, specifically not disallow Transform within RetrievalMethod [recorded in
[http://www.w3.org/2011/08/09-xmlsec-minutes.html#action02][19]]

<trackbot> Created ACTION-823 - Update 2.0 spec to treat RetrievalMethod same
as in 1.1, specifically not disallow Transform within RetrievalMethod [on
Frederick Hirsch - due 2011-08-16].

<fjh> ACTION-814?

<trackbot> ACTION-814 -- Magnus Nystrom to make namespace ("&xenc;") related
edits in XML Encryption 1.1 -- due 2011-07-05 -- OPEN

<trackbot> [http://www.w3.org/2008/xmlsec/track/actions/814][20]

<fjh> in progress

### XML Security 2.0

<fjh> LC-4288, detailed comments from Paul Grosso

<fjh> ACTION-802: Pratik Datta to Review comments from XML Core WG and
formulate response, [http://lists.w3.org/Archives/Public/public-
xmlsec/2011Jun/0005.html][21]

<fjh> ACTION-810: Pratik Datta to Review and respond to additional XML Core WG
comments [http://lists.w3.org/Archives/Public/public-
xmlsec/2011Jun/0005.html][21]

<fjh> close ACTION-810 as duplicate of ACTION-802?

<trackbot> ACTION-810 Review and respond to additional XML Core WG comments
[http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0005.html][21]
notes added

<fjh> [http://lists.w3.org/Archives/Public/public-
xmlsec/2011Jul/0018.html][22]

<fjh> Need to send formal reply to XML Core/ Paul?

<fjh> LC-2487, change name of attribute from type to Attribute

<fjh> ACTION-809?

<trackbot> ACTION-809 -- Pratik Datta to fix examples in signature 2.0 -- due
2011-06-21 -- OPEN

<trackbot> [http://www.w3.org/2008/xmlsec/track/actions/809][23]

<fjh> ACTION-717?

<trackbot> ACTION-717 -- Pratik Datta to document the Performance improvements
with 2.0 -- due 2010-11-09 -- OPEN

<trackbot> [http://www.w3.org/2008/xmlsec/track/actions/717][24]

### Test Cases

<fjh> 1.0 (regression), [http://www.w3.org/2008/xmlsec/Drafts/testing/test-
coverage-10.html][25]

<fjh> 1.1, [http://www.w3.org/2008/xmlsec/Drafts/testing/test-
coverage-11.html][26]

<fjh> 2.0, [http://www.w3.org/2008/xmlsec/Drafts/testing/test-
coverage-20.html][27]

<fjh> Writing testable conformance requirements, [http://www.w3.org/TR/test-
methodology/][28]

<fjh> **ACTION:** fjh to post suite b interop material from Cynthia [recorded
in [http://www.w3.org/2011/08/09-xmlsec-minutes.html#action03][29]]

<trackbot> Created ACTION-821 - Post suite b interop material from Cynthia [on
Frederick Hirsch - due 2011-08-16].

### XML Encryption

<fjh> do we need XML Encryption 1.1 and update to algorithms in 1.1 as well as
other fixes.

<fjh> proposed change - disallow pkcs# 1.5 for generation (language analogous
to sha-1)

<fjh> **ACTION:** fjh to propose XML Encryption 1.1 and associated changes
[recorded in [http://www.w3.org/2011/08/09-xmlsec-minutes.html#action04][30]]

<trackbot> Created ACTION-822 - Propose XML Encryption 1.1 and associated
changes [on Frederick Hirsch - due 2011-08-16].

### Adjourn

## Summary of Action Items

**[NEW]** **ACTION:** fjh to post suite b interop material from Cynthia
[recorded in [http://www.w3.org/2011/08/09-xmlsec-minutes.html#action03][29]]

**[NEW]** **ACTION:** fjh to propose XML Encryption 1.1 and associated changes
[recorded in [http://www.w3.org/2011/08/09-xmlsec-minutes.html#action04][30]]

**[NEW]** **ACTION:** fjh to update 2.0 spec to treat RetrievalMethod same as
in 1.1, specifically not disallow Transform within RetrievalMethod [recorded
in [http://www.w3.org/2011/08/09-xmlsec-minutes.html#action02][19]]

**[NEW]** **ACTION:** tlr to remind WG how to deprecate RetrievalMethod in 1.1
and disallow in 2.0 appropriately [recorded in [http://www.w3.org/2011/08/09
-xmlsec-minutes.html#action01][18]]


[End of minutes]

* * *

Minutes formatted by David Booth's [scribe.perl][31] version 1.135 ([CVS
log][32])

$Date: 2009-03-02 03:52:20 $

   [1]: http://www.w3.org/Icons/w3c_home

   [2]: http://www.w3.org/

   [3]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Aug/0011.html

   [4]: http://www.w3.org/2011/08/09-xmlsec-irc

   [5]: #agenda

   [6]: #item01

   [7]: #item02

   [8]: #item03

   [9]: #item04

   [10]: #item05

   [11]: #item06

   [12]: #item07

   [13]: #ActionSummary

   [14]: http://lists.w3.org/Archives/Public/public-
xmlsec/2011Aug/att-0005/minutes-2011-08-02.html

   [15]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Aug/0007.html

   [16]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Aug/0008.html

   [17]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Aug/0010.html

   [18]: http://www.w3.org/2011/08/09-xmlsec-minutes.html#action01

   [19]: http://www.w3.org/2011/08/09-xmlsec-minutes.html#action02

   [20]: http://www.w3.org/2008/xmlsec/track/actions/814

   [21]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0005.html

   [22]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Jul/0018.html

   [23]: http://www.w3.org/2008/xmlsec/track/actions/809

   [24]: http://www.w3.org/2008/xmlsec/track/actions/717

   [25]: http://www.w3.org/2008/xmlsec/Drafts/testing/test-coverage-10.html

   [26]: http://www.w3.org/2008/xmlsec/Drafts/testing/test-coverage-11.html

   [27]: http://www.w3.org/2008/xmlsec/Drafts/testing/test-coverage-20.html

   [28]: http://www.w3.org/TR/test-methodology/

   [29]: http://www.w3.org/2011/08/09-xmlsec-minutes.html#action03

   [30]: http://www.w3.org/2011/08/09-xmlsec-minutes.html#action04

   [31]: http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm

   [32]: http://dev.w3.org/cvsweb/2002/scribe/