# XML Security Working Group Teleconference ## 13 Nov 2012 [Agenda][3] See also: [IRC log][4] ## Attendees Present Frederick_Hirsch, Gerald_Edgar, Scott_Cantor, Bruce_Rich, Pratik_Datta Regrets Chair Frederick_Hirsch Scribe fjh ## Contents * [Topics][5] 1. [Administrative: Agenda review, Announcements][6] 2. [Minutes Approval][7] 3. [Last Call of XML Signature 1.1 and XML Encryption 1.1][8] 4. [Interop Test Report publication][9] 5. [XML Security 2.0][10] 6. [Roadmap][11] 7. [Action review][12] 8. [Issue review][13] 9. [Other business][14] 10. [Adjourn][15] * [Summary of Action Items][16] * * * Date: 13 November 2012 ScribeNick: fjh ### Administrative: Agenda review, Announcements RIM/Certicom official response to PAG report: [http://lists.w3.org/Archives/Public/public-xmlsec/2012Nov/0005.html][17] Reminder, no call next week. Next call is scheduled for 27 November 2012. ### Minutes Approval Approve minutes from 23 October 2012 [http://lists.w3.org/Archives/Public/public- xmlsec/2012Oct/att-0015/minutes-2012-10-23.html][18] **RESOLUTION: Minutes from 23 October 2012 are approved.** ### Last Call of XML Signature 1.1 and XML Encryption 1.1 fjh: Last Call ended 8 November ... two comments, one on here() and one on separation of keys for signing and encryption (off-list) Comment on XML Signature 1.1 and here() function, added this as Last Call comment LC-2721, see [https://www.w3.org/2006/02/lc-comments-tracker/42458/WD- xmldsig-core1-20121018/2721][19] in tracker fjh: proposed resolution - [http://lists.w3.org/Archives/Public/public- xmlsec/2012Nov/0009.html][20] ... proposed resolution is to clarify bullet as noted in link to make clear that not namespaced, and to be treated as if part of the library scantor: may not be an issue since now XPath filter is used anyway ... ok with the proposed resolution Proposed RESOLUTION: change bullet referring to here() or clarity, as noted in [http://lists.w3.org/Archives/Public/public-xmlsec/2012Nov/0009.html][20], closing LC-2721 fjh: Ken noted acceptance of this resolution: [http://lists.w3.org/Archives/Public/public-xmlsec/2012Nov/0010.html][21] **RESOLUTION: change bullet referring to here() or clarity, as noted in [http://lists.w3.org/Archives/Public/public-xmlsec/2012Nov/0009.html][20], closing LC-2721** **ACTION:** fjh to update XML Signature 1.1 to address LC-2721 [recorded in [http://www.w3.org/2012/11/13-xmlsec-minutes.html#action01][22]] Created ACTION-921 - Update XML Signature 1.1 to address LC-2721 [on Frederick Hirsch - due 2012-11-20]. fjh: this should not require another Last Call, just an editorial clarification ... key separation should be noted in XML Encryption 1.1, a security consideration, again should not require another Last Call scantor: agree **ACTION:** fjh to propose additional security consideration for XML Encryption 1.1 key separation and update draft [recorded in [http://www.w3.org/2012/11/13-xmlsec-minutes.html#action02][23]] Created ACTION-922 - Propose additional security consideration for XML Encryption 1.1 key separation and update draft [on Frederick Hirsch - due 2012-11-20]. fjh: Last call completed, will make corresponding editorial changes, need to wait for exclusion period before going to PR in mid-December ### Interop Test Report publication fjh: No objection to Call for Consensus on list to publish "XML Encryption 1.1 Interop Test Report" and "XML Signature 1.1 Interop Test Report" as W3C Notes. [http://lists.w3.org/Archives/Public/public-xmlsec/2012Oct/0016.html][24] fjh: I have prepared the documents for publication and submitted transition request (approved) and publication request. They should be published today. ### XML Security 2.0 fjh: we need to determine our plans with XML Security 2.0 pdatta: we had one person express interest in implementing 2.0 fjh: can you please contact them again? pdatta: yes fjh: this could help, also need to see about progressing XPath work independently ... will need to decide in January whether to go to Note or not ### Roadmap **ACTION:** fjh to update Roadmap page to reflect current status [recorded in [http://www.w3.org/2012/11/13-xmlsec-minutes.html#action03][25]] Created ACTION-923 - Update Roadmap page to reflect current status [on Frederick Hirsch - due 2012-11-20]. fjh: next steps for 1.1 - editorial updates to reflect the two comments received during Last Call period, PR transition request 17 December ### Action review ISSUE-236? ISSUE-236 -- Update all references in all Notes and Recs when publishing final REC? -- open [http://www.w3.org/2008/xmlsec/track/issues/236][26] fjh: checked with thomas, we can update references at the end of the process close ACTION-920 ACTION-920 Check with W3C team on ISSUE-236 closed ACTION-883? ACTION-883 -- Frederick Hirsch to review C14N 20 test cases document -- due 2012-04-10 -- OPEN [http://www.w3.org/2008/xmlsec/track/actions/883][27] ### Issue review ISSUE-122? ISSUE-122 -- Explain peformance improvements and rationale, relationship to earlier work, document, benchmarks -- open [http://www.w3.org/2008/xmlsec/track/issues/122][28] fjh: do not expect work on ISSUE-122 unless we have additional interest in 2.0 implementation pdatta: correct, do not plan on working on this now unless there is a change ISSUE-234? ISSUE-234 -- Reference SP800-56A later in publication process if the latest version is no longer a draft -- open [http://www.w3.org/2008/xmlsec/track/issues/234][29] ISSUE-236? ISSUE-236 -- Update all references in all Notes and Recs when publishing final REC? -- open [http://www.w3.org/2008/xmlsec/track/issues/236][26] fjh: both these issues are for reference updates upon final publication ### Other business fjh: any other business? ... none ### Adjourn ## Summary of Action Items **[NEW]** **ACTION:** fjh to propose additional security consideration for XML Encryption 1.1 key separation and update draft [recorded in [http://www.w3.org/2012/11/13-xmlsec-minutes.html#action02][23]] **[NEW]** **ACTION:** fjh to update Roadmap page to reflect current status [recorded in [http://www.w3.org/2012/11/13-xmlsec-minutes.html#action03][25]] **[NEW]** **ACTION:** fjh to update XML Signature 1.1 to address LC-2721 [recorded in [http://www.w3.org/2012/11/13-xmlsec-minutes.html#action01][22]] [End of minutes] * * * Minutes formatted by David Booth's [scribe.perl][30] version 1.135 ([CVS log][31]) $Date: 2009-03-02 03:52:20 $ [1]: http://www.w3.org/Icons/w3c_home [2]: http://www.w3.org/ [3]: http://lists.w3.org/Archives/Public/public-xmlsec/2012Nov/0011.html [4]: http://www.w3.org/2012/11/13-xmlsec-irc [5]: #agenda [6]: #item01 [7]: #item02 [8]: #item03 [9]: #item04 [10]: #item05 [11]: #item06 [12]: #item07 [13]: #item08 [14]: #item09 [15]: #item10 [16]: #ActionSummary [17]: http://lists.w3.org/Archives/Public/public-xmlsec/2012Nov/0005.html [18]: http://lists.w3.org/Archives/Public/public- xmlsec/2012Oct/att-0015/minutes-2012-10-23.html [19]: https://www.w3.org/2006/02/lc-comments-tracker/42458/WD-xmldsig- core1-20121018/2721 [20]: http://lists.w3.org/Archives/Public/public-xmlsec/2012Nov/0009.html [21]: http://lists.w3.org/Archives/Public/public-xmlsec/2012Nov/0010.html [22]: http://www.w3.org/2012/11/13-xmlsec-minutes.html#action01 [23]: http://www.w3.org/2012/11/13-xmlsec-minutes.html#action02 [24]: http://lists.w3.org/Archives/Public/public-xmlsec/2012Oct/0016.html [25]: http://www.w3.org/2012/11/13-xmlsec-minutes.html#action03 [26]: http://www.w3.org/2008/xmlsec/track/issues/236 [27]: http://www.w3.org/2008/xmlsec/track/actions/883 [28]: http://www.w3.org/2008/xmlsec/track/issues/122 [29]: http://www.w3.org/2008/xmlsec/track/issues/234 [30]: http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm [31]: http://dev.w3.org/cvsweb/2002/scribe/