W3C

XML Security Working Group Teleconference

24 Apr 2012

Agenda

See also: IRC log

Attendees

Present
Frederick_Hirsch, Hal_Lockhart, Gerald_Edgar, Pratik_Datta, Bruce_Rich, Ed_Simon
Regrets
Brian_LaMacchia, Scott_Cantor
Chair
Frederick_Hirsch
Scribe
fjh

Contents

<trackbot> Date: 24 April 2012

<scribe> ScribeNick: fjh

Administrative

Please respond on public list with any interest in EXI canonicalization, see http://lists.w3.org/Archives/Public/public-xmlsec/2012Apr/0005.html (Taki)

Ed Simon indicated interest in this topic and will respond to Taki

Minutes Approval

Approve minutes, 3 April 2012

http://lists.w3.org/Archives/Public/public-xmlsec/2012Apr/att-0004/minutes-2012-04-03.html

Proposed RESOLUTION: Minutes from 3 April 2012 are approved.

RESOLUTION: Minutes from 3 April 2012 are approved.

Draft XML Signature 1.1 and XML Encryption 1.1 interop test reports

I have updated the interop test reports for XML Signature 1.1 and XML Encryption 1.1: http://lists.w3.org/Archives/Public/public-xmlsec/2012Apr/0006.html (Frederick)

also corrected Encryption interop test report for participants:

XML Signature 1.1 Interop Test Report

http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core1-interop/Overview.src.html

XML Encryption 1.1 Interop Test Report

http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core1-interop/Overview.src.html

fjh: I have updated these interop test reports since last time to make them much clearer, remove non-testable material, and re-organized
... also fixed an issue with companies listed for xml encryption interop
... this should help make it clear what we need to do to move these specs forward toward REC, the red material has not been tested
... please review for correctness
... and also see if there are any tests that have been done but are not listed
... please indicate on the list if you are able to test any of the untested material, even if you think there is no second party
... as two may be concerned about the same item and not realize they could test together
... if there is anything else in these reports that can be removed please indicate on the list
... note that we need such reports to go to REC so I thought I'd put them in place now, to see where we are

XML Signature 1.1, XML Encryption 1.1: Additional implementation information for untested features or specs?

Future decision: remove features and revisit Last Call and CR?

XML Security Generic Hybrid Ciphers interop

http://www.w3.org/TR/2011/CR-xmlsec-generic-hybrid-20110303/

fjh: likely that this spec will not progress beyond CR unless we are able to have 2 implementations for interop

XML Signature Properties interop

http://www.w3.org/TR/2011/CR-xmldsig-properties-20110303/

Widget interop sufficient? http://dev.w3.org/2006/waf/widgets-digsig/imp-report/

fjh: preliminary review - some but not all tested, tested SignatureProperties
... widget testing included Profile, Role, and Identifier, with 3 implementations
... not tested: Created, Expires, ReplayProtect
... likely outcome unless we implement and test is to remove Created, Expires, ReplayProtect

<scribe> ACTION: fjh to review CR features at risk for Signature Properties [recorded in http://www.w3.org/2012/04/24-xmlsec-minutes.html#action01]

<trackbot> Created ACTION-884 - Review CR features at risk for Signature Properties [on Frederick Hirsch - due 2012-05-01].

fjh: if these were at risk we can simply remove them and progress the document
... please indicate any concerns or suggestions on the list, otherwise we are likely to pursue this path
... I believe this covers the 1.1 docs
... summary - signature 1.1 and encryption 1.1 have interop docs, additional work needed
... ghc probably won't progress, can progress properties after removing features noted as at risk
... can update notes when we move the docs forward (updates are already in place)

XML Security 2.0

fjh: please review the 2.0 specs

Action Item review

ACTION-238?

<trackbot> ACTION-238 -- Thomas Roessler to update the proposal associated with ACTION-222 and send to list. -- due 2012-01-31 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/238

ACTION-717?

<trackbot> ACTION-717 -- Pratik Datta to document the Performance improvements with 2.0 -- due 2010-11-09 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/717

ACTION-865?

<trackbot> ACTION-865 -- Frederick Hirsch to contact parties re participation in interop for 2.0 -- due 2011-12-20 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/865

will send a ping on the xmlsec open source list, then close.

ACTION-883?

<trackbot> ACTION-883 -- Frederick Hirsch to review C14N 20 test cases document -- due 2012-04-10 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/883

following to close

ACTION-880?

<trackbot> ACTION-880 -- Pratik Datta to contact sean regarding signature 1.1 interop and whether x509 enhancements were implemented -- due 2012-04-10 -- PENDINGREVIEW

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/880

I contacted sean as well

no response to fjh or pratik yet

ACTION-880 closed

<trackbot> ACTION-880 Contact sean regarding signature 1.1 interop and whether x509 enhancements were implemented closed

ACTION-881?

<trackbot> ACTION-881 -- Frederick Hirsch to ask magnus re xml encryption 1.1 test cases document -- due 2012-04-10 -- PENDINGREVIEW

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/881

ACTION-881 closed

<trackbot> ACTION-881 Ask magnus re xml encryption 1.1 test cases document closed

ACTION-882?

<trackbot> ACTION-882 -- Frederick Hirsch to ask bruce rich about xml encryption 1.1 interop -- due 2012-04-10 -- PENDINGREVIEW

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/882

ACTION-882 closed

<trackbot> ACTION-882 Ask bruce rich about xml encryption 1.1 interop closed

open issues

ISSUE-91?

<trackbot> ISSUE-91 -- ECC can't be REQUIRED -- open

<trackbot> http://www.w3.org/2008/xmlsec/track/issues/91

ISSUE-122?

<trackbot> ISSUE-122 -- Explain peformance improvements and rationale, relationship to earlier work, document, benchmarks -- open

<trackbot> http://www.w3.org/2008/xmlsec/track/issues/122

PAG Status

fjh: no new update, no meeting scheduled, was supposed to be scheduled two weeks ago but has been deferred
... would like to see completion before summer holidays, really would like to see conclusion this month

Other business

No meeting next week. Next meeting is 8 May.

will cancel if no need for meeting, depending on list discussion and agenda topics

fjh: plan to keep interop test cases document separate from interop test report

<brich> The private keys and certs section of the testcase has some confusing text associated with the links.

<brich> In particular, P521 test has a link that calls it P256 with SHA521

<scribe> ACTION: pdatta to update test cases document and send email clarifying changes [recorded in http://www.w3.org/2012/04/24-xmlsec-minutes.html#action02]

<trackbot> Created ACTION-885 - Update test cases document and send email clarifying changes [on Pratik Datta - due 2012-05-01].

Adjourn

Summary of Action Items

[NEW] ACTION: fjh to review CR features at risk for Signature Properties [recorded in http://www.w3.org/2012/04/24-xmlsec-minutes.html#action01]
[NEW] ACTION: pdatta to update test cases document and send email clarifying changes [recorded in http://www.w3.org/2012/04/24-xmlsec-minutes.html#action02]
 
[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.135 (CVS log)
$Date: 2009-03-02 03:52:20 $