See also: IRC log
<trackbot> Date: 18 September 2012
<scribe> ScribeNick: fjh
fjh: PAG update - PAG teleconference and resolution has been delayed, with detailed discussion of wording, see PAG mail archive.
Approve minutes from 11 September 2012
http://lists.w3.org/Archives/Public/public-xmlsec/2012Sep/att-0021/minutes-2012-09-11.html
RESOLUTION: Minutes from 11 September 2012 are approved.
fjh: Call for Consensus (CfC) to remove the OCSPResponse element from XML Signature 1.1 completed, http://lists.w3.org/Archives/Public/public-xmlsec/2012Sep/0024.html
RESOLUTION: Remove OCSPResponse element from XML Signature 1.1 and 2.0 as outlined in the CfC and also remove from the interop test report.
<scribe> ACTION: fjh to remove OCSPResponse element from XML Signature 1.1 and 2.0 as outlined in the CfC and also remove from the interop test report [recorded in http://www.w3.org/2012/09/18-xmlsec-minutes.html#action01]
<trackbot> Created ACTION-911 - Remove OCSPResponse element from XML Signature 1.1 and 2.0 as outlined in the CfC and also remove from the interop test report [on Frederick Hirsch - due 2012-09-25].
fjh: this will enable us to move XML Signature 1.1 forward to Last Call once PAG completes as all interop testing for XML Signature 1.1 is now complete. Please review the spec for correctness.
fjh: I updated functional explain docs to remove links to detailed explains as previously agreed: http://lists.w3.org/Archives/Public/public-xmlsec/2012Sep/0026.html
Proposed RESOLUTION: The WG agrees to defer updating the SP800-56A reference in XML Encryption 1.1 until the new draft is finalized.
RESOLUTION: The WG agrees to defer updating the SP800-56A reference in XML Encryption 1.1 until the new draft is finalized.
fjh: XML Encryption 1.1 interop is underway but will require more time
pdatta: will ask magnus to send more debug output so we can figure out the difficulty
fjh: scott, do you have more testing to do?
scantor: I could run test on ecdsa, if needed
fjh: we will need to publish the test cases when we move forward toward Rec, exiting CR
... Decision needed on approach ; http://lists.w3.org/Archives/Public/public-xmlsec/2012Sep/0025.html
pdatta: prefer to have one document with both test cases and results if we plan to publish the results
fjh: yes we plan to publish interop test results
scantor: favor using the wiki, easier to work with
... with a wiki it is easier to get others to contribute
... could help with updating the wiki if we go that route
fjh: it depends on whether we plan to publish as a document the interop test results
pdatta: we already have a test case document for 2.0
fjh: suggest we create consolidated result and test case docs for 1.1 and update the wiki for pointing to earlier 1.0 testing
scantor: can help with the wiki
fjh: ok, so I will put the signature material from the wiki into the interop document
pdatta: I can update the encryption test case document
fjh: please include the encryption material from the wik
... then I can look at merging that with the interop test results document
RESOLUTION: WG agrees to move test case material into documents combined with interop test results
ACTION-883?
<trackbot> ACTION-883 -- Frederick Hirsch to review C14N 20 test cases document -- due 2012-04-10 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/883
ACTION-910?
<trackbot> ACTION-910 -- Pratik Datta to update test cases document with new tests, http://lists.w3.org/Archives/Public/public-xmlsec/2012Sep/0020.html -- due 2012-09-18 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/910
ISSUE-234?
<trackbot> ISSUE-234 -- Reference SP800-56A later in publication process if the latest version is no longer a draft -- open
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/234
ISSUE-91?
<trackbot> ISSUE-91 -- ECC can't be REQUIRED -- open
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/91
ISSUE-122?
<trackbot> ISSUE-122 -- Explain peformance improvements and rationale, relationship to earlier work, document, benchmarks -- open
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/122
fjh: I've been updating 2.0 with changes from 1.1 as we go forward but have not done anything more
... who has implemented or is thinking about implementation of 2.0?
scantor: I looked at 2.0, was thinking of writing SAML profile for it, looks like amenable to self-contained implementation
... but cannot do this if it does not move foward
fjh: pratik, I assume you have implementation
pdatta: only for canonicalization, not clear that will do for signature at this point
scantor: could C14N2 be used with 1.1? That could have some value.
fjh: we need to look at this
pdatta: inputs are different
fjh: maybe we should not be treating 2.0 as a monolithic package, but see what is possible with moving C14N2 forward.
... we should be making a conscious decision regarding 2.0
hal: performance is important benefit of 2.0 and critical for its adoption, so we probably need to document the performance changes to get interest
fjh: will people care if JSON is the new trend
hal: there are a lot of existing XML implementations
fjh: pratik do you have any infrastructure to get some performance numbers
pdatta: no, do not have anything, but have been thinking about doing it. Only want to do it if it makes sense.
fjh: 2.0 is good work
scantor: agree can separate security protocols, but vendors may not agree
hal: if we do not document performance, that indicates that we might want to mothball 2.0
fjh: argument is that XML is no longer good, as opposed to JSON
scantor: right, protocol issue is driving conversation, what about documents
fjh: epub3 uses XML security
... I can ask about outreach at xml coordination group meeting
scantor: is the work done technically?
fjh: I think it is done technically, , we had two reviews of the XPath and C14N material, it certainly seems stable..
hal: getting a reputation for being slow can be hard to shed
... hardware also gets faster, also addressing performance issues.
scantor: performance problems that mattered have been addressed by now
hal: lightweight is embedded in the JSON understanding, XML has a heavyweight reputation, which we cannot change
scantor: need to see who needs the capabilities and performance, then they need to ask vendors to provide it
fjh: pratik to continue interop with magnus ; to update XML Encryption 1.1 test cases document (ACTION-910), including material from test case wiki
ACTION-910: include in update XML Encryption 1.1 test cases on wiki, http://www.w3.org/2008/xmlsec/wiki/Interop#XML_Encryption_1.1_Key_Derivation_using_ConcatKDF_and_PBKDF2
<trackbot> ACTION-910 Update test cases document with new tests, http://lists.w3.org/Archives/Public/public-xmlsec/2012Sep/0020.html notes added
<scribe> ACTION: fjh to put XML Signature 1.1 test case material from wiki into XML Signature 1.1. interop test report [recorded in http://www.w3.org/2012/09/18-xmlsec-minutes.html#action02]
<trackbot> Created ACTION-912 - Put XML Signature 1.1 test case material from wiki into XML Signature 1.1. interop test report [on Frederick Hirsch - due 2012-09-25].
<scribe> ACTION: fjh to merge XML Encryption 1.1 test case document into XML Encryption 1.1 interop test result document, once Pratik concludes updating XML Encryption 1.1 test case document (ACTION-910) [recorded in http://www.w3.org/2012/09/18-xmlsec-minutes.html#action03]
<trackbot> Created ACTION-913 - Merge XML Encryption 1.1 test case document into XML Encryption 1.1 interop test result document, once Pratik concludes updating XML Encryption 1.1 test case document (ACTION-910) [on Frederick Hirsch - due 2012-09-25].
fjh: scott, pratik to look at C14N2 to see if it can progress independently of 2.0 as a whole
<scribe> ACTION: fjh to consult with XML Coordination Group to see if there is a community that would be interested in XML Security 2.0 and how to reach them [recorded in http://www.w3.org/2012/09/18-xmlsec-minutes.html#action04]
<trackbot> Created ACTION-914 - Consult with XML Coordination Group to see if there is a community that would be interested in XML Security 2.0 and how to reach them [on Frederick Hirsch - due 2012-09-25].
fjh: we should start thinking how maintenance will be done once this WG has completed the specifications
... one approach is to keep the WG open indefinitely, I'm not sure that is a good option or that we will retain participants.
... another approach is like the WS* maintenance group, though I think I've heard that didn't work well
hal: it took a long time to start, but I'm not sure there was a problem afterwards, what have you heard?
fjh: I have no details, just general discussion at TPAC
<scribe> ACTION: fjh to bring up issue of XML maintenance at XML Coordination group [recorded in http://www.w3.org/2012/09/18-xmlsec-minutes.html#action05]
<trackbot> Created ACTION-915 - Bring up issue of XML maintenance at XML Coordination group [on Frederick Hirsch - due 2012-09-25].
scantor: what is the time frame until recommendation, will it be done for 1.1 this year? I have another specification that depends on it.
<scantor> I have a SAML spec for using it with GSS-API and SASL that depends on Enc 1.1
fjh: We are trying to complete by year end, but there are built in delays in the process such as minimum time for last call, CR, director review, AC review etc
... if the PAG does not finish soon we will not be able to complete this year, but I still think we have a chance
<scribe> ACTION: fjh to outline timeline for completing 1.1 Rec and share with XML Security WG and PAG [recorded in http://www.w3.org/2012/09/18-xmlsec-minutes.html#action06]
<trackbot> Created ACTION-916 - Outline timeline for completing 1.1 Rec and share with XML Security WG and PAG [on Frederick Hirsch - due 2012-09-25].