See also: IRC log
<trackbot> Date: 15 May 2012
<scribe> ScribeNick: fjh
fjh: still waiting for a PAG meeting to happen so that the PAG issue can be resolved, hoping this will happen soon
... it seems the PAG is nearing a conclusion but there was still some discussion, hopefully to be resolved soon
... also thanks to Pratik for fixing links in test case document
Approve minutes, 24 April 2012
http://lists.w3.org/Archives/Public/public-xmlsec/2012Apr/att-0009/minutes-2012-04-24.html
RESOLUTION: Minutes from 24 April 2012 are approved.
Agree to proposed updates (remove unnecessary tests)
http://lists.w3.org/Archives/Public/public-xmlsec/2012May/0002.html
http://lists.w3.org/Archives/Public/public-xmlsec/2012May/0003.html
RESOLUTION: WG agrees to update the interop test reports as proposed and to not interop test items that have been tested as previous Recommendations
<scribe> ACTION: fjh to update interop test reports to remove unneeded tests [recorded in http://www.w3.org/2012/05/15-xmlsec-minutes.html#action01]
<trackbot> Created ACTION-886 - Update interop test reports to remove unneeded tests [on Frederick Hirsch - due 2012-05-22].
http://www.w3.org/2008/xmlsec/wiki/AdditionalSignature11TestCases
fjh: we have six items listed that need to be interop tested before we can go to Rec with XML Signature 1.1, in addition to PAG resolution
... most are of nature of finding the key and then validating a signature, in addition to OCSPResponse, and HMACOutputLength
scantor: has implementation for #3 and #5, DerEncodedKeyValue and KeyInfoReference, would prefer not to see these dropped
... also X509Digest, #2
... what do we have to do to demonstrate interop?
fjh: not have to prove output, but vouch that able to process, e.g. in original XML Signature interop output was table of Y and N for tests (merlin)
bal: that is right
scantor: need to recognize syntax but not build a CA infrastructure
bal: yes, limit the amount of work
scantor: have limited resources for testing
fjh: So we only need to go as far as parsing the XML and finding the X509Digest, for example, that should suffice for interop. Is there someone else on the call that has implementations of #2, #3, #5 that could also test these?
[silence]
fjh: bal can you please check with Magnus and his team regarding these tests and possible participation or resolution...
brich: possible but no commitment 2, 3, 4,6
fjh: does #6 need an interop test? HMacOutputLength?
scantor: perhaps not, it is a security test, if not tested we are not going to remove from the spec are we?
bal: this might have been put into 1.0 as a patch
fjh: has this already been tested?
bal: ability to truncate may have been removed in some implementations
hal: these things are trivial to implement
scantor: question of degree of 1.1 implementation
hal: should add truncation as a best practice to the best practices document
... I'm planning to do this
<scribe> ACTION: hal to draft text on HMAC truncation for XML Signature best practices [recorded in http://www.w3.org/2012/05/15-xmlsec-minutes.html#action02]
<trackbot> Created ACTION-887 - Draft text on HMAC truncation for XML Signature best practices [on Hal Lockhart - due 2012-05-22].
fjh: XML Encryption 1.1 has more interop work to be done
http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core1-interop/Overview.src.html
please review this and indicate if you have implementation that can be tested
fjh: Expect GHC will simply remain at CR and not move forward
... Expect Signature Properties can move forward with at-risk items removed, due to Widget Signature interop
... but expect to wait with moving it forward until we can also move other items like XML Signature 1.1, so we move stuff forward together
... will also need publication of algorithm cross reference etc at that time (changes are already in place in the editors drafts)
fjh: focus on moving 1.1 to Rec, but please indicate if any work required on 2.0 at this point
ACTION-238?
<trackbot> ACTION-238 -- Thomas Roessler to update the proposal associated with ACTION-222 and send to list. -- due 2012-01-31 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/238
need info from Thomas on what this is, and what the status is
ACTION-717?
<trackbot> ACTION-717 -- Pratik Datta to document the Performance improvements with 2.0 -- due 2010-11-09 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/717
defer to later
ACTION-883?
<trackbot> ACTION-883 -- Frederick Hirsch to review C14N 20 test cases document -- due 2012-04-10 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/883
still open
ACTION-885?
<trackbot> ACTION-885 -- Pratik Datta to update test cases document and send email clarifying changes -- due 2012-05-01 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/885
ACTION-885 closed
<trackbot> ACTION-885 Update test cases document and send email clarifying changes closed
ACTION-865?
<trackbot> ACTION-865 -- Frederick Hirsch to contact parties re participation in interop for 2.0 -- due 2011-12-20 -- PENDINGREVIEW
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/865
ACTION-865 closedc
<trackbot> ACTION-865 Contact parties re participation in interop for 2.0 closed
ACTION-884?
<trackbot> ACTION-884 -- Frederick Hirsch to review CR features at risk for Signature Properties -- due 2012-05-01 -- PENDINGREVIEW
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/884
ACTION-884 closed
<trackbot> ACTION-884 Review CR features at risk for Signature Properties closed
ed_simon: looked at EXI, and gave feedback
... suggested that members of xml security wg do not have time to work on this, but might be interested in review
... will continue to look at it with EXI group
fjh: XML Security WG is chartered to 30 June 2012.
... lack of PAG completion makes it more likely we will have to extend charter, as does need to complete interop
... Regarding upcoming calls, we have them scheduled for every week, but will cancel if there is no business.
... if we have limited business then the call will be short.
... please indicate any progress especially with regards to interop, on the list. We will use the list traffic to determine if we need a call.
... please review the interop testing and implementations to see how we can move this work forward.
... thanks