# XML Security Working Group Teleconference

## 26 Feb 2013

[Agenda][3]

See also: [IRC log][4]

## Attendees

Present

    Frederick_Hirsch, Thomas_Roessler, Scott_Cantor, Pratik_Datta

Regrets

    Jim_Dovey

Chair

    Frederick_Hirsch

Scribe

    fjh

## Contents

  * [Topics][5]

    1. [Administrative: Agenda review, Announcements][6]

    2. [Minutes Approval][7]

    3. [XML Encryption 1.1, XML Signature 1.1, XML Signature Properties][8]

    4. [RFC 4051 update, 'Additional XML Security Uniform Resource Identifiers
(URIs)'][9]

    5. [Canonical XML 2.0][10]

    6. [Next steps for 2.0][11]

    7. [Action Review][12]

    8. [Issue Review][13]

    9. [Other Business][14]

    10. [Adjourn][15]

  * [Summary of Action Items][16]

* * *

<trackbot> Date: 26 February 2013

<scribe> ScribeNick: fjh

### Administrative: Agenda review, Announcements

no announcements

### Minutes Approval

Approve minutes from 19 February 2013

[http://lists.w3.org/Archives/Public/public-
xmlsec/2013Feb/att-0010/minutes-2013-02-19.html][17]

**RESOLUTION: Minutes from 19 February 2013 are approved.**

### XML Encryption 1.1, XML Signature 1.1, XML Signature Properties

PR results - [https://www.w3.org/2002/09/wbs/33280/XMLsecPR/results][18]

<tlr> tlr: PR review completed; next steps within the team; suggest aiming at
synchronized publication of Rec with IETF RFC.

fjh: have checked with IETF, should have number for RFC publication next week,
but concerned if we delay REC too long

... need publication date soon in order to prepare drafts

... will check this offline

Correction to "XML Signature 1.1 Explanation of Changes", remove OCSPResponse
: [http://lists.w3.org/Archives/Public/public-xmlsec/2013Feb/0006.html][19]

fjh: Please review the XML Security 1.1 references and acknowledgements and
indicate on the list of you notice any editorial changes needed before
Recommendation publication.

### RFC 4051 update, 'Additional XML Security Uniform Resource Identifiers
(URIs)'

<scribe> New draft aligned with XML Security 1.1

[http://datatracker.ietf.org/doc/draft-eastlake-additional-xmlsec-uris/][20]

[http://www.ietf.org/id/draft-eastlake-additional-xmlsec-uris-09.txt][21]

fjh: please review

proposed XML Security Algorithm Cross-Reference updates,
[http://lists.w3.org/Archives/Public/public-xmlsec/2013Feb/0001.html][22]

fjh: please check these

... will make updates

### Canonical XML 2.0

fjh: we have another implementation of C14N2 from Jim Dovey, as he mentioned
last week

scantor: can C14N2 work with Signature 1.1?

tlr: if so we can move C14N2 to Recommendation otherwise we cannot

... cannot work with arbitrary document subsets

... does C14N2 generate same subtree as C14N1

scantor: depends on the options used

... default behaviour is exclusive

fjh: it depends

tlr: can plug it in

fjh: given we have implementations suggest we can move forward to
Recommendation

tlr: concerned that it will be confusing without corresponding Signature
draft, suggest moving to Note

... do not want to send signal that this supersedes Exclusive Canonicalization

fjh: what about licensing obligations, potential further work

... do not want to stop work unnecessarily

scantor: is he implementing Signature 2.0

fjh: I think he is working on it

pdatta: I think Jim was looking for implementers guide to 1.1

fjh: he specifically needed streaming

pdatta: one can implement a subset of 1.1 in a streaming way, what most people
do

fjh: suggest we follow up with Jim on whether use of C14N11 and Signature 1.1
would solve his needs, if he has guidance on streaming for these

... if so we are done and can publish C14N2 as a Note, otherwise we need to
discuss plans for his implementation of Signature 2.0 and go from there

<scribe> **ACTION:** pdatta to check with Jim D re use of C14N1 in streaming
way [recorded in [http://www.w3.org/2013/02/26-xmlsec-
minutes.html#action01][23]]

<trackbot> Created ACTION-931 - Check with Jim D re use of C14N1 in streaming
way [on Pratik Datta - due 2013-03-05].

fjh: when do we need to draft new charter

tlr: suggest I send formal heads up to AC, plan to send draft of charter to
WG, assume only maintenance charter unless we have new info from Jim

<jdovey> (Editors Note: Please note new information sent by Jim after call:
[http://lists.w3.org/Archives/Public/public-xmlsec/2013Feb/0012.html][24] and
[http://lists.w3.org/Archives/Public/public-xmlsec/2013Feb/0014.html][25]

### Next steps for 2.0

Call for Consensus to publish 2.0 drafts as WG Notes:
[http://lists.w3.org/Archives/Public/public-xmlsec/2013Feb/0000.html][26]

fjh: CfC has completed, no objection, some support to move 2.0 documents to
Notes

... need to resolve with Jim if there is any concern, and whether 1.1 C14N
will work for him, otherwise will go forward with this plan

### Action Review

fjh: no open or pending actions apart from those assigned today

### Issue Review

ISSUE-234?

<trackbot> ISSUE-234 -- Reference SP800-56A later in publication process if
the latest version is no longer a draft -- open

<trackbot> [http://www.w3.org/2008/xmlsec/track/issues/234][27]

fjh: Still a draft, [http://csrc.nist.gov/publications/PubsSPs.html][28]

... will not update unless it is published before our publication date

ISSUE-122

<trackbot> ISSUE-122 -- Explain peformance improvements and rationale,
relationship to earlier work, document, benchmarks -- open

<trackbot> [http://www.w3.org/2008/xmlsec/track/issues/122][29]

fjh: this is moot if not moving 2.0 forward

pdatta: not working on this

close ISSUE-122

<trackbot> Closed ISSUE-122 Explain peformance improvements and rationale,
relationship to earlier work, document, benchmarks.

### Other Business

none

### Adjourn

## Summary of Action Items

**[NEW]** **ACTION:** pdatta to check with Jim D re use of C14N1 in streaming
way [recorded in [http://www.w3.org/2013/02/26-xmlsec-
minutes.html#action01][23]]


[End of minutes]

* * *

Minutes formatted by David Booth's [scribe.perl][30] version 1.135 ([CVS
log][31])

$Date: 2009-03-02 03:52:20 $

   [1]: http://www.w3.org/Icons/w3c_home

   [2]: http://www.w3.org/

   [3]: http://lists.w3.org/Archives/Public/public-xmlsec/2013Feb/0011.html

   [4]: http://www.w3.org/2013/02/26-xmlsec-irc

   [5]: #agenda

   [6]: #item01

   [7]: #item02

   [8]: #item03

   [9]: #item04

   [10]: #item05

   [11]: #item06

   [12]: #item07

   [13]: #item08

   [14]: #item09

   [15]: #item10

   [16]: #ActionSummary

   [17]: http://lists.w3.org/Archives/Public/public-
xmlsec/2013Feb/att-0010/minutes-2013-02-19.html

   [18]: https://www.w3.org/2002/09/wbs/33280/XMLsecPR/results

   [19]: http://lists.w3.org/Archives/Public/public-xmlsec/2013Feb/0006.html

   [20]: http://datatracker.ietf.org/doc/draft-eastlake-additional-xmlsec-
uris/

   [21]: http://www.ietf.org/id/draft-eastlake-additional-xmlsec-uris-09.txt

   [22]: http://lists.w3.org/Archives/Public/public-xmlsec/2013Feb/0001.html

   [23]: http://www.w3.org/2013/02/26-xmlsec-minutes.html#action01

   [24]: http://lists.w3.org/Archives/Public/public-xmlsec/2013Feb/0012.html

   [25]: http://lists.w3.org/Archives/Public/public-xmlsec/2013Feb/0014.html

   [26]: http://lists.w3.org/Archives/Public/public-xmlsec/2013Feb/0000.html

   [27]: http://www.w3.org/2008/xmlsec/track/issues/234

   [28]: http://csrc.nist.gov/publications/PubsSPs.html

   [29]: http://www.w3.org/2008/xmlsec/track/issues/122

   [30]: http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm

   [31]: http://dev.w3.org/cvsweb/2002/scribe/