# XML Security Working Group Teleconference ## 09 Aug 2011 [Agenda][3] See also: [IRC log][4] ## Attendees Present Frederick_Hirsch, Chris_Solc, Hal_Lockhart, Gerald_Edgar, Scott_Cantor, Cynthia_Martin, Bruce_Rich Regrets Pratik_Datta, Ed_Simon, Magnus_Nystrom, Brian_LaMacchia Chair Frederick_Hirsch Scribe Hal ## Contents * [Topics][5] 1. [Administration][6] 2. [Minutes Approval][7] 3. [XML Security 1.1][8] 4. [XML Security 2.0][9] 5. [Test Cases][10] 6. [XML Encryption][11] 7. [Adjourn][12] * [Summary of Action Items][13] * * * Date: 09 August 2011 ScribeNick: Hal ### Administration ### Minutes Approval Approve minutes, 2 August 2011 [http://lists.w3.org/Archives/Public/public- xmlsec/2011Aug/att-0005/minutes-2011-08-02.html][14] Proposed RESOLUTION: Minutes from 2 August are approved. **RESOLUTION: Minutes from 2 August are approved.** ### XML Security 1.1 please review editorial updates to resolve LC issues LC-2502 (substantive), ACTION-816 change RetrievalMethod toKeyInfoReference for SHOULD Done, please review: [http://lists.w3.org/Archives/Public/public- xmlsec/2011Aug/0007.html][15] LC2506 changes completed [http://lists.w3.org/Archives/Public/public- xmlsec/2011Aug/0008.html][16]\ RetrievalMethod in 2.0 [http://lists.w3.org/Archives/Public/public- xmlsec/2011Aug/0010.html][17] I don't think we have a good basis for barring Transforms *inside* RetrievalMethod itself as part of the general 2.0 changes proposed RESOLUTION: update 2.0 spec to treat RetrievalMethod same as in 1.1, specifically not disallow Transform within RetrievalMethod rather, we should make it a deprecated feature also should consider deprecating in 1.1 and disallowing in 2.0 **RESOLUTION: update 2.0 spec to treat RetrievalMethod same as in 1.1, specifically not disallow Transform within RetrievalMethod** **ACTION:** tlr to remind WG how to deprecate RetrievalMethod in 1.1 and disallow in 2.0 appropriately [recorded in [http://www.w3.org/2011/08/09 -xmlsec-minutes.html#action01][18]] Created ACTION-820 - Remind WG how to deprecate RetrievalMethod in 1.1 and disallow in 2.0 appropriately [on Thomas Roessler - due 2011-08-16]. **ACTION:** fjh to update 2.0 spec to treat RetrievalMethod same as in 1.1, specifically not disallow Transform within RetrievalMethod [recorded in [http://www.w3.org/2011/08/09-xmlsec-minutes.html#action02][19]] Created ACTION-823 - Update 2.0 spec to treat RetrievalMethod same as in 1.1, specifically not disallow Transform within RetrievalMethod [on Frederick Hirsch - due 2011-08-16]. ACTION-814? ACTION-814 -- Magnus Nystrom to make namespace ("&xenc;") related edits in XML Encryption 1.1 -- due 2011-07-05 -- OPEN [http://www.w3.org/2008/xmlsec/track/actions/814][20] in progress ### XML Security 2.0 LC-4288, detailed comments from Paul Grosso ACTION-802: Pratik Datta to Review comments from XML Core WG and formulate response, [http://lists.w3.org/Archives/Public/public- xmlsec/2011Jun/0005.html][21] ACTION-810: Pratik Datta to Review and respond to additional XML Core WG comments [http://lists.w3.org/Archives/Public/public- xmlsec/2011Jun/0005.html][21] close ACTION-810 as duplicate of ACTION-802? ACTION-810 Review and respond to additional XML Core WG comments [http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0005.html][21] notes added [http://lists.w3.org/Archives/Public/public- xmlsec/2011Jul/0018.html][22] Need to send formal reply to XML Core/ Paul? LC-2487, change name of attribute from type to Attribute ACTION-809? ACTION-809 -- Pratik Datta to fix examples in signature 2.0 -- due 2011-06-21 -- OPEN [http://www.w3.org/2008/xmlsec/track/actions/809][23] ACTION-717? ACTION-717 -- Pratik Datta to document the Performance improvements with 2.0 -- due 2010-11-09 -- OPEN [http://www.w3.org/2008/xmlsec/track/actions/717][24] ### Test Cases 1.0 (regression), [http://www.w3.org/2008/xmlsec/Drafts/testing/test- coverage-10.html][25] 1.1, [http://www.w3.org/2008/xmlsec/Drafts/testing/test- coverage-11.html][26] 2.0, [http://www.w3.org/2008/xmlsec/Drafts/testing/test- coverage-20.html][27] Writing testable conformance requirements, [http://www.w3.org/TR/test- methodology/][28] **ACTION:** fjh to post suite b interop material from Cynthia [recorded in [http://www.w3.org/2011/08/09-xmlsec-minutes.html#action03][29]] Created ACTION-821 - Post suite b interop material from Cynthia [on Frederick Hirsch - due 2011-08-16]. ### XML Encryption do we need XML Encryption 1.1 and update to algorithms in 1.1 as well as other fixes. proposed change - disallow pkcs# 1.5 for generation (language analogous to sha-1) **ACTION:** fjh to propose XML Encryption 1.1 and associated changes [recorded in [http://www.w3.org/2011/08/09-xmlsec-minutes.html#action04][30]] Created ACTION-822 - Propose XML Encryption 1.1 and associated changes [on Frederick Hirsch - due 2011-08-16]. ### Adjourn ## Summary of Action Items **[NEW]** **ACTION:** fjh to post suite b interop material from Cynthia [recorded in [http://www.w3.org/2011/08/09-xmlsec-minutes.html#action03][29]] **[NEW]** **ACTION:** fjh to propose XML Encryption 1.1 and associated changes [recorded in [http://www.w3.org/2011/08/09-xmlsec-minutes.html#action04][30]] **[NEW]** **ACTION:** fjh to update 2.0 spec to treat RetrievalMethod same as in 1.1, specifically not disallow Transform within RetrievalMethod [recorded in [http://www.w3.org/2011/08/09-xmlsec-minutes.html#action02][19]] **[NEW]** **ACTION:** tlr to remind WG how to deprecate RetrievalMethod in 1.1 and disallow in 2.0 appropriately [recorded in [http://www.w3.org/2011/08/09 -xmlsec-minutes.html#action01][18]] [End of minutes] * * * Minutes formatted by David Booth's [scribe.perl][31] version 1.135 ([CVS log][32]) $Date: 2009-03-02 03:52:20 $ [1]: http://www.w3.org/Icons/w3c_home [2]: http://www.w3.org/ [3]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Aug/0011.html [4]: http://www.w3.org/2011/08/09-xmlsec-irc [5]: #agenda [6]: #item01 [7]: #item02 [8]: #item03 [9]: #item04 [10]: #item05 [11]: #item06 [12]: #item07 [13]: #ActionSummary [14]: http://lists.w3.org/Archives/Public/public- xmlsec/2011Aug/att-0005/minutes-2011-08-02.html [15]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Aug/0007.html [16]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Aug/0008.html [17]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Aug/0010.html [18]: http://www.w3.org/2011/08/09-xmlsec-minutes.html#action01 [19]: http://www.w3.org/2011/08/09-xmlsec-minutes.html#action02 [20]: http://www.w3.org/2008/xmlsec/track/actions/814 [21]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0005.html [22]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Jul/0018.html [23]: http://www.w3.org/2008/xmlsec/track/actions/809 [24]: http://www.w3.org/2008/xmlsec/track/actions/717 [25]: http://www.w3.org/2008/xmlsec/Drafts/testing/test-coverage-10.html [26]: http://www.w3.org/2008/xmlsec/Drafts/testing/test-coverage-11.html [27]: http://www.w3.org/2008/xmlsec/Drafts/testing/test-coverage-20.html [28]: http://www.w3.org/TR/test-methodology/ [29]: http://www.w3.org/2011/08/09-xmlsec-minutes.html#action03 [30]: http://www.w3.org/2011/08/09-xmlsec-minutes.html#action04 [31]: http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm [32]: http://dev.w3.org/cvsweb/2002/scribe/