Signature Minutes 99-October-14 from Joseph M. Reagle Jr. on 1999-10-14 (w3c-ietf-xmldsig@w3.org from October to December 1999)

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Thu, 14 Oct 1999 13:30:44 -0400
To: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
Message-Id: <3.0.5.32.19991014133044.00a74e60@localhost>
As always, additions, comments, corrections are welcome:

http://www.w3.org/Signature/Minutes/991014-tele.html
                                       
  99-October-14
  Chairs: Donald Eastlake and Joseph Reagle
  Note Taker: Joseph Reagle [[4]ascii]
  
Participants

     * Donald Eastlake 3rd, IBM
     * Joseph Reagle, W3C
     * Mark Bartel, JetForm
     * John Boyer, UWI
     * David Solo, Citigroup
     * Peter Norman, FactPoint
     * Ed Simon , Entrust Technologies Inc.
     * Barbara Fox, Microsoft
       
  Taxonomy of Decisions for Syntactical Stuff
  
     * Reagle Sent a proposal to the list.
     * Eastlake will send thoughts on parameters and algorithms.
     * ACTION Reagle: create document that covers syntactical, default,
       and algorithm/parameter conventions such that (1) we come to
       agreement and (2) the document has consistency.
       
  Types
  
     * Eastlake: Do we have input/output types as well?
     * Boyer: people need to be careful in their specifications for
       transformations over XML to retain the <?xml ... > and doctype
       declarations. If they do something that loses that information,
       they shot themselves in the foot.
     * Solo: it may be useful for some transformations, but for all of
       Boyer's XML transformations, the XML should carry that
       information. Eastlake seems opposed to mucking up his fragments
       with XML declarations. Boyer states you are still carrying it but
       it in the attribute.
     * Solo: a way to think about it: transform is applied to bytestream,
       might need some other control information.
     * Solo proposes: permit syntax to specify input, but note that for
       all of our specified XML transformations type should be in the
       XML.
     * ACTION Reagle: bounce this issue off of XML people. Do XSLT mind
       if we transform well-formed XML into XML without declarations?
     * Reagle: what happens if the signature syntax says text/xml, but
       the signature was based on the content type described by the HTTP
       headers. Which is normative?
     * Eastlake: the type specified in the signature (if present) is
       dominant.
       
  DTDs
  
     * Discussion resulting from "Section 6.0 -- The DTD appears
       incorrect. ANY can only occur once and not with any of the current
       defined items. Should ANY be inside of the *? "
     * Result: XML Signatures will not be validated signatures. Did to
       write an XML schema.
       
  Location
  
   Do we allow fragmentID's in location, or require them to sit in
   transformations.
    1. Only URI in <location> without fragmentID, otherwise
    2. use transformations to refer to a local IDREF, or parts of other
       documents.
       
  Review of Outstanding Action Items
  
     * Example in section 2.0 should be a DSS example as this is the
       mandatory example. I assume that at some point this will be come a
       verifiable example as well. WG Agrees.. ACTION Solo: will change
       example, and we will hopefully have a verifiable example at some
       point.
     * Do we include or exclude the object in the signature. continue
       with excluding such that the signature passes for an object or an
       external resource. ACTION Solo: reflect in his edit.
     * Section 6.0 -- The DTD appears incorrect. ANY can only occur once
       and not with any of the current defined items. Should ANY be
       inside of the *?
     * Solo: This section is presently heavily underspecified. Add a
       comment that it requires significant additional work.
       ACTION Solo: will add ANSI reference if he can find it.
     * [DEL: All IETF drafts now require a patent statement a the top of
       the draft. Such a statement should be added to the document. :DEL]
     * [DEL: ACTION Reagle: Add link in W3C status to patent statements
       now on Web site. We'll add the IETF disclosure to the IETF version
       when generated. :DEL]
     * [DEL: Section 3.0 - Insert reference to Base64. ACTION Bartel:
       includes the reference. :DEL]
     * [DEL: ACTION Reagle Fix. ACTION Reagle: move from c14n to
       canonicalization. In the XML canonicalization. Text we can keep
       for the time being. Bartel would like Alg spelled out too. No
       agreement -- but no opposition either really. :DEL]
     * [DEL: ACTION Solo: clarify section 8. :DEL]
     * [DEL: Action REAGLE: Move most comments to open issues sectio
       :DEL]
     * [DEL: ACTION Boyer: will write up a proposal for 7.6 using
       "Recommended" term. :DEL]
       
   
   
  New Resulting Action Items
  
     * ACTION Reagle: create document that covers syntactical, default,
       and algorithm/parameter convensions such that (1) we come to
       agreement and (2) the document has consistency.
     * ACTION Reagle: take David's edit and format it for publication.
     * ACTION Simon: begining thinking about the "normative" example such
       that we can test resulting signature values generated from
       different applications.

References

   1. http://www.ietf.org/
   2. http://www.w3.org/
   3. http://www.w3.org/Signature/Overview.html
   4. http://www.w3.org/Signature/Minutes/991014-tele,text



_________________________________________________________
Joseph Reagle Jr.   
Policy Analyst           mailto:reagle@w3.org
XML-Signature Co-Chair   http://w3.org/People/Reagle/
Received on Thursday, 14 October 1999 13:30:44 UTC