Minutes from Today's Call Please Review/Correct

• From: Joseph M. Reagle Jr. <reagle@w3.org>
• Date: Thu, 19 Aug 1999 18:11:56 -0400
• To: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
• Message-Id: <3.0.5.32.19990819181156.00ad39d0@localhost>

http://www.w3.org/Signature/Minutes/990820-tele.html

    XML Signature
  WG

    99-July-22
    Chairs: Donald Eastlake and Joseph Reagle
    Note Taker: Joseph Reagle [ascii]

    Participants

            *Donald Eastlake 3rd, IBM 
            *Joseph Reagle, W3C 
            *David Solo, Citigroup 
            *Phillip M Hallam-Baker, VeriSign Inc 
            *John M. Boyer, UWI.com 
            *Ed Simon , Entrust Technologies Inc. 
            *Brian Lamachia, Microsoft 
            *Mark Champine, Iris 
            *Todd Vincent, GSU 
            *Peter Norman, FactPoint, 
            *Bob Relyea, Netscape 

    Notes:

            Reference Documents: 
                 http://www.w3.org/1999/08/xmldsig-requirements-990820.html
                 Drafts/xmldsig-scenarios-990818.html 
            Resulting Document: 
                   

    Review Outstanding Action Items

            Requirements Going to Last Call shortly. 
            FTF details/confirmation. 
            Canonicalization (should reagle collect and send
            comments and start discussion?) 
            Status of scenarios? 
            Discussion of Syntax proposal, how to create a first
            draft prior to FTF? 
            Data Model (Reagle should have a data model
            proposal by tomorrow)Open: Working Group 

    Agenda and Open Issues

    Core Syntax Proposal

            Seem to have convergence in that manifest is merely
            one case of some object that you are signing. For
            packages and manifests, we define additional
            constraints, other XML content is processed
            according to c14n, scripts, or XSLT, for encoded
            content, it's still XML just CDATA. 
            Should keyinfo be part of the signature? David: The
            goal should be that having it outside gives you the
            option of not having to have it part of the signature
            (For instance, the key has some ephemeral type of
            information not relevant to that signature (like email
            addresses in PGP.) Lamachia: that keyinfo might be
            carried by the protocol, and known by the application 
            Removing selections of XML. Should the ability to
            preclude sections be a mandatory to implement
            feature/requirement of selection/c14n. Peter Norman
            is proposing a dsig:element by which it can be
            inserted into XML and reference a section but
            ignored by the signature c14n algorithm. 

    Scenarios Document

            Everyone should have a look at the latest. Himes
            proposed two more (How to sign the binary form of
            an encoded attachement, and how to protect against
            the collision ID of combined XML in a package.) 

    Data Model

            Reagle will post graph and explaination tonight,
            should post resulting syntax tomorrow. Work with
            Solo into integrating it into that proposal. 

    Carry-Over and New Action Items 

            Winchel: post definitions prior to FTF. 
            Action: Joseph: collect readings for FTF by end of
            next week. 
            Action: Joseph: add comment on John's request
            about exluding things to RD. 
            Action: Joseph: send fragment identifier as MIME
            type to Peter. 
            Action: Solo: new version of syntax by mid week. 
            Action: Boyer: put Richard's two points into the
            document. 


_________________________________________________________
Joseph Reagle Jr.   
Policy Analyst           mailto:reagle@w3.org
XML-Signature Co-Chair   http://w3.org/People/Reagle/

Received on Thursday, 19 August 1999 18:11:58 UTC