W3C

XML Security Working Group Teleconference

03 Jul 2012

Agenda

See also: IRC log

Attendees

Present
Frederick_Hirsch, Gerald_Edgar, Hal_Lockhart, Scott_Cantor, Bruce_Rich
Regrets
Chair
Frederick_Hirsch
Scribe
fjh

Contents

<trackbot> Date: 03 July 2012

<scribe> ScribeNick: fjh

Administrivia

Minutes Approval

Approve minutes, 19 June 2012

http://lists.w3.org/Archives/Public/public-xmlsec/2012Jun/att-0018/minutes-2012-06-19.html

RESOLUTION: Minutes from 19 June 2012 are approved.

XML Signature Best Practices publication

Update: http://lists.w3.org/Archives/Public/public-xmlsec/2012Jun/0020.html

RESOLUTION: Publish XML Signature Best Practices as a WG Note on 10 July 2012

<scribe> ACTION: fjh to arrange publication of XML Signature Best Practices [recorded in http://www.w3.org/2012/07/03-xmlsec-minutes.html#action01]

<trackbot> Created ACTION-889 - Arrange publication of XML Signature Best Practices [on Frederick Hirsch - due 2012-07-10].

XML Encryption 1.1 update

http://lists.w3.org/Archives/Public/public-xmlsec/2012Jul/0003.html

RESOLUTION: update XML Encryption 1.1 and xenc-schema-11.xsd to make the anyType type of Parameters in PBKDF2 explicit

fjh: I have already implemented this change in the editors draft, as well as fixing a validation error and updating the reference for SP-800-67 - http://lists.w3.org/Archives/Public/public-xmlsec/2012Jul/0008.html

Test cases and Interop

ACTION-888?

<trackbot> ACTION-888 -- Pratik Datta to distribute test case and result for testing XML Signature 1.1 HMACOutputLength minimum length -- due 2012-06-19 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/888

scantor: limited time, but have implemented items at risk in 1.1, other than ocsp response
... focus on cryptographic items
... no time to create harness for KeyInfo etc

Action review

ACTION-238?

<trackbot> ACTION-238 -- Thomas Roessler to draft proposal to add identifiers for ECDSA-RIPEMD, RSA-WHIRLPOOL, ECDSA-WHIRLPOOL to XML Security Algorithms Cross-Reference (follow up to ACTION-222) -- due 2012-01-31 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/238

ACTION-887 closed

<trackbot> ACTION-887 Draft text on HMAC truncation for XML Signature best practices closed

Issue review

ISSUE-232?

<trackbot> ISSUE-232 -- Clarify meaning of HMAC truncation -- open

<trackbot> http://www.w3.org/2008/xmlsec/track/issues/232

ISSUE-232: RFC makes it clear so this can be closed

<trackbot> ISSUE-232 Clarify meaning of HMAC truncation notes added

ISSUE-232 closed

<trackbot> ISSUE-232 Clarify meaning of HMAC truncation closed

Roadmap

http://lists.w3.org/Archives/Public/public-xmlsec/2012Jul/0005.html

fjh: email summarizes status of documents and next steps. Plan is go to LC as soon as PAG completes, for Signature 1.1, 2.0 and Encryption 1.1. Need to decide what will not have interop and remove as well. We also have a number of Notes to publish at that time.

Adjourn

Have a good 4 July for those in the US.

Summary of Action Items

[NEW] ACTION: fjh to arrange publication of XML Signature Best Practices [recorded in http://www.w3.org/2012/07/03-xmlsec-minutes.html#action01]
 
[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.135 (CVS log)
$Date: 2009-03-02 03:52:20 $