13:53:54 RRSAgent has joined #xmlsec 13:53:54 logging to http://www.w3.org/2007/04/17-xmlsec-irc 13:53:59 rrsagent, make this record public 13:54:02 Meeting: XML Sec Weekly 13:54:03 thanks Thomas 13:54:06 Chair: fjh 13:54:08 Scribe. tlr 13:54:11 Scribe: tlr 13:54:23 Agenda: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Apr/0001.html 13:54:47 Topic: Welcome 13:58:07 cgi-irc has joined #xmlsec 13:58:50 + +30281039aaaa 13:58:56 zakim, call thomas-781 13:58:56 ok, tlr; the call is being made 13:58:58 +Thomas 13:59:24 zakim, aaaa is giles 13:59:24 +giles; got it 13:59:39 zakim, who is on the call 13:59:39 I don't understand 'who is on the call', fjh 13:59:47 zakim, who is on the call? 13:59:47 On the phone I see Frederick_Hirsch, giles, Thomas 14:00:00 + +1.443.695.aabb 14:00:37 zakim, aabb rdm 14:00:37 I don't understand 'aabb rdm', tlr 14:00:41 zakim, aabb is rdm 14:00:41 +rdm; got it 14:01:15 + +1.781.442.aacc 14:01:24 zakim, aacc is ShawnMullen 14:01:35 +ShawnMullen; got it 14:01:47 + +1.613.447.aadd 14:01:48 klanz2 has joined #xmlsec 14:01:57 dialing in 14:01:58 zakim, aadd is EdSimon 14:01:59 + +1.650.380.aaee 14:02:05 +Hal 14:02:07 +EdSimon; got it 14:02:19 zakim, aaee GregWhitehead 14:02:24 zakim, aaee is GregWhitehead 14:02:27 I don't understand 'aaee GregWhitehead', tlr 14:02:31 +GregWhitehead; got it 14:02:35 zakim, who is on the call? 14:02:40 sean has joined #xmlsec 14:02:45 On the phone I see rdm, ShawnMullen, EdSimon, GregWhitehead, Hal, Frederick_Hirsch, giles, Thomas 14:02:49 +[IPcaller] 14:02:55 zakim, IPcaller is JuanCarlosCruellas 14:03:02 +JuanCarlosCruellas; got it 14:03:24 +Anthony_Nadalin 14:03:38 grw has joined #xmlsec 14:04:24 Nadalin has joined #xmlsec 14:05:06 hal has joined #xmlsec 14:05:16 Giles has joined #xmlsec 14:05:18 jcc has joined #xmlsec 14:05:26 can you read me? 14:05:31 hi juan carlos 14:05:38 cgi-irc has joined #xmlsec 14:05:39 +??P32 14:05:47 test 14:05:49 zakim, P32 is klanz2 14:05:49 sorry, tlr, I do not recognize a party named 'P32' 14:05:54 zakim, ??P32 is klanz2 14:05:54 +klanz2; got it 14:05:55 for some reason initially this channel was not listed 14:06:06 zakim, mute me 14:06:06 klanz2 should now be muted 14:06:30 cgi-irc has joined #xmlsec 14:06:39 test 14:06:56 fjh: thanks for joinig, I'm Frederick, ... 14:07:04 ... thomas will scribe today, thanks ... 14:07:25 ... maybe do a quick round of introductions here ... 14:07:28 zakim, who is here? 14:07:28 On the phone I see rdm, ShawnMullen, EdSimon, GregWhitehead, Hal, JuanCarlosCruellas, Anthony_Nadalin, klanz2 (muted), Frederick_Hirsch, giles, Thomas 14:07:30 On IRC I see jcc, Giles, hal, Nadalin, grw, sean, klanz2, RRSAgent, Zakim, rdm, fjh, rdmiller89, tlr, trackbot-ng 14:07:32 Ed has joined #xmlsec 14:08:24 rdm: Rob Miller, Security Engineer, MITRE, XML wrt architectural issues 14:08:35 ... having fun with NSA and cross-domain solutions ... 14:08:40 ... would be happy to talk about that at f2f ... 14:09:05 shawn: Shawn Mullen, Sun Microsystems, working on XML Sig for past few years, implementor 14:09:17 ... have implementation shipping as part of JDK, committer for Apache ... 14:09:34 EdSimon: Ed Simon, working with xmlsec which is private consulting firm ... 14:09:43 ... co-author of xml signature and xml encryption specs ... 14:09:49 ... keen to hear how people use it, what the issues are ... 14:09:53 ... Invited Expert ... 14:10:13 grw: Greg Whitehead, HP, architect in IDM software group, one of original specs' authors ... 14:10:27 ... shed light on carzy things that were thought back then ... 14:11:06 hal: standards full-time for BEA, mostly security standards ... 14:11:14 ... involved with a bunch of standards that use XML Sig and Enc ... 14:11:19 ... you name it ... 14:11:29 ... main interest in follow-on work ... 14:11:37 ... spurious validation errors associated with DSig ... 14:11:42 ... maybe also tweak encryption .. 14:11:55 JuanCarlosCruellas: Polytech Univ Catalunia ... 14:12:03 ... standardization involvement for a while ... 14:12:10 ... worked on XADES development around ETSI ... 14:12:19 ... editor during two last years (?) ... 14:12:24 ... involved with DSS TC @ OASIS ... 14:12:33 ... main interest is to cooperate in followup ... 14:12:43 ... on stdzation of XML security ... 14:12:46 zakim, unmute me 14:12:46 klanz2 should no longer be muted 14:12:47 ... implementation experience ... 14:13:20 Nadalin: Tony Nadalin, IBM, worked with Shawn on Java implementation of XML Sig and Enc ... 14:13:27 zakim, mute me 14:13:27 klanz2 should now be muted 14:13:27 ... WS-Security, -Trust, other specs ... 14:13:32 ... most interested in follow-on work ... 14:13:39 ... severe performance problems with Sig and Enc ... 14:13:48 ... large footprints, figure out what to do wrt moving forward with this tech ... 14:13:50 ack klanz 14:14:13 klanz2: Konrad Lanz, Stiftung Secure Information Communication Technology (?) @ Graz University ... 14:14:18 ... involved in maintaining implementations ... 14:14:28 ... including Sig, Enc, OASIS DSS, some other Java toolkits ... 14:14:39 ... involved in standardization work in OASIS, DSS TC there ... 14:15:02 ... main interest in robustness of XML Signatures, false negatives are rather bad ... 14:15:28 fjh: Working in security standards for some time, including original specs, will chair this working group ... 14:15:32 zakim, mute me 14:15:32 klanz2 should now be muted 14:15:37 ... interest in having stuff converge, not have multiple versions of things ... 14:15:42 zakim, who is on the phone? 14:15:42 On the phone I see rdm, ShawnMullen, EdSimon, GregWhitehead, Hal, JuanCarlosCruellas, Anthony_Nadalin, klanz2 (muted), Frederick_Hirsch, giles, Thomas 14:15:55 giles: Giles Hogben, ENISA, European Network & Info Sec Agency ... 14:15:59 ... identity management lead there ... 14:16:14 ... main interest is to see work on European qualified signatures, XADES within roadmap ... 14:16:36 ... worked in the P3P working group where chaired a task force that dealt with XML Dsig ... 14:17:45 zakim, who is here? 14:17:45 On the phone I see rdm, ShawnMullen, EdSimon, GregWhitehead, Hal, JuanCarlosCruellas, Anthony_Nadalin, klanz2 (muted), Frederick_Hirsch, giles, Thomas 14:17:47 On IRC I see Ed, jcc, Giles, hal, Nadalin, grw, sean, klanz2, RRSAgent, Zakim, rdm, fjh, rdmiller89, tlr, trackbot-ng 14:17:55 tlr: W3C Team, main interest is to get the different communities that have stakes in XML Signature & friends together at one table 14:18:03 zakim, I am thomas 14:18:03 ok, tlr, I now associate you with Thomas 14:18:05 zakim, mute me 14:18:05 Thomas should now be muted 14:18:13 fjh: agenda bashing ... 14:18:25 ... will talk briefly about scribing, schedule, charter, and look at agenda for face-to-face ... 14:18:29 ... do people feel anything needs to be added? 14:18:32 - silence - 14:18:47 ... scribe role will rotate, chair excused from scribing ... 14:18:53 ... haven't got exact mechanism down ... 14:19:02 ... for 2/3 May face-to-face, will need scribes for mornings and afternoons ... 14:19:09 ... if want to volunteer now, that would be helpful ... 14:19:22 ... if you want to select a spot now, speak up ... 14:19:40 Note you can also type it into the record through IRC 14:19:57 ... or send e-mail ... 14:20:25 I can scribe on the afternoon of May 2. 14:20:29 scheduling the weekly call, first choice is 9am Eastern slot on Tuesdays, 10am second 14:20:34 zakim, ack me 14:20:34 unmuting Thomas 14:20:36 I see no one on the speaker queue 14:21:07 fjh: tentatively plan on that time. We won't have a call before the face-to-face ... 14:21:25 hal: if the West Coasters are happy about it, who are we East Coasters to complain? 14:21:54 fjh: next meeting is 8:30-5pm in Cambridge, 2/3 May 14:22:10 ... registration form and logistics; please fill in registration ... 14:22:16 ... any concerns or questions re face-to-face? ... 14:22:18 - silence - 14:22:21 Topic: charter review 14:22:30 http://www.w3.org/2005/Security/xmlsig-charter 14:22:41 link for weekly scheduling results http://www.w3.org/2002/09/wbs/40279/xmlsecweekly/results 14:22:43 zakim, mute me 14:22:43 Thomas should now be muted 14:23:12 f2f registration results page http://www.w3.org/2002/09/wbs/40279/xmlsecbos0705/results 14:23:25 ballot still open for F2F, please register whether or not you plan to attend 14:24:09 fjh: will just go through charter ... 14:24:12 yes 14:24:16 yes 14:24:37 ... goal is to do very limited work on the spec, and then suggest charter for further work ... 14:24:42 ... there is some other items, such as a note ... 14:24:51 ... basic idea is to do minimum changes, then consider next steps ... 14:24:59 ... fairly short time line especially if consider interop ... 14:25:11 ... confidentiality: plan to do everything in public ... 14:25:30 ... we have an administrative list for things like sending regrets or few member-confidential items ... 14:25:33 ... use that sparingly ... 14:25:42 ... Frederick to chair, Thomas to team-contact ... 14:25:50 ... suspect 3 face-to-face meetings ... 14:26:00 ... first one in May, second as workshop, third @ tech plenary ... 14:26:04 ... 6-8 november ... 14:26:15 http://www.w3.org/2002/09/TPOverview.html 14:26:31 ... need to talk about specific slots to take in that week ... 14:26:49 ... May 8 is conflicting wiht AC meeting; will send out e-mail about that ... 14:27:25 fjh: background and scope has links to background material; there's reading list on home page as well 14:27:33 ... XML Sig was 1999-2002 ... 14:27:39 ... produced a bunch of recs ... 14:28:04 ... how to sign/encrypt XML and other stuff and encapsulate results in XML ... 14:28:15 ... Canonical XML to make signatures verify despite surface changes ... 14:28:21 ... there's C14N 1.1 from XML Core ... 14:28:25 zakim, unmute me 14:28:25 klanz2 should no longer be muted 14:28:28 ... that work is in last call ... 14:28:35 ... one of the things to do is to comment on that ... 14:28:39 ... get feedback to them ... 14:28:41 q+ 14:29:00 zakim, unmute me 14:29:00 Thomas should no longer be muted 14:29:13 ack klanz2 14:29:16 zakim, mute me 14:29:16 Thomas should now be muted 14:29:18 ck klanz2 14:29:25 ack klanz2 14:29:43 klanz2: to clarify, C14N 1.1 fixes xml:id and xml:base issues, not related to xml 1.1 14:29:52 ... there's also a wiki done by konrad and Jose Kahan .. 14:30:05 ... will post pointer to IRC ... 14:30:23 http://esw.w3.org/topic/XML-Dsig?highlight=%28xml%29 14:30:48 zakim, mute me 14:30:48 klanz2 should now be muted 14:31:03 go ahead 14:31:13 fjh: useful to know, thanks 14:31:24 ... deliverables ... 14:31:33 ... two initial ones that we need to be careful with the timing ... 14:31:44 ... Syntax & Processing / Decryption Transform ... 14:31:48 ... we'll need to do interop testing on these ... 14:31:52 ... review of both of them ... 14:32:13 ... for Syntax & Processing - since this was joint effort - give the IETF a chance to have a last call review and have published as RFC ... 14:32:33 ... get on track fairly quickly at face-to-face ... 14:32:53 ... with XML Sig, starting with REC, move it to Proposed Edited Rec ... 14:33:09 ... part of doing this is to limit the changse - no new features, no conformance-affecting things except for the bits that we know of ... 14:33:21 ... we're shortcutting process on that one ... 14:33:34 ... decryption trasnform back to Working Draft, then go through the process ... 14:33:41 ... there's some work that outlines proposed changes ... 14:33:45 ... fold in some of the errata as well ... 14:34:28 ack thomas 14:34:52 q- 14:35:39 thomas: should look at reading list and Note that Thomas produced indicating the changes that need to be done 14:35:51 ... this would be very useful to help those with implementations 14:36:03 ... so we can get to interop and testing more easily and quickly 14:36:20 ... please indicate to those in your companies doing implementations as soon as possible 14:36:25 zakim, mute thomas 14:36:25 Thomas should now be muted 14:36:29 ... so we can get a start on interop 14:36:55 fjh: the sooner we get started on interop, the better we'll be off 14:37:09 ... process details to be discussed at f2f ... 14:37:27 ... rec track deliverables are the timing critical ones due to review and inteorp ... 14:37:31 s/inteorp/interop/ 14:37:48 fjh: SHOULD do a charter for further work, reach out to other communities ... 14:37:55 ... MAY do a note on best practices ... 14:38:00 ... might be something to do without extra work ... 14:38:06 ... we might be able to document things as we go ... 14:38:20 ... but the REC track deliverables and chartering work have priority ... 14:38:42 ... use wiki to document ideas and issues as we go, also as input for chartering ... 14:38:50 ... might have workshop ... 14:38:55 ... meetings ... 14:39:01 ... weekly, and face-to-faces .. 14:39:05 + +1.770.615.aaff 14:39:06 ... plan to have phone bridge in Cambridge ... 14:39:13 - +1.770.615.aaff 14:39:21 zakim, unmute me 14:39:21 Thomas should no longer be muted 14:39:36 zakim, who is here? 14:39:36 zakim, who is here? 14:39:37 On the phone I see rdm, ShawnMullen, EdSimon, GregWhitehead, Hal, JuanCarlosCruellas, Anthony_Nadalin, klanz2 (muted), Frederick_Hirsch, giles, Thomas 14:39:41 On IRC I see Ed, jcc, Giles, hal, Nadalin, grw, sean, klanz2, RRSAgent, Zakim, rdm, fjh, rdmiller89, tlr, trackbot-ng 14:39:44 On the phone I see rdm, ShawnMullen, EdSimon, GregWhitehead, Hal, JuanCarlosCruellas, Anthony_Nadalin, klanz2 (muted), Frederick_Hirsch, giles, Thomas 14:39:44 zakim, mute me 14:39:46 On IRC I see Ed, jcc, Giles, hal, Nadalin, grw, sean, klanz2, RRSAgent, Zakim, rdm, fjh, rdmiller89, tlr, trackbot-ng 14:39:49 Thomas should now be muted 14:40:14 fjh: critical sentence in the deliverables and schedule is "early interop testing" ... 14:40:27 ... from introductions, looks like we're in good shape ... 14:40:36 ... please indicate who will actually participate in interop testing ... 14:40:50 ... private e-mail is fine, don't want to put folks on the spot right now ... 14:41:03 ... dependencies, obviously XML Core ... 14:41:23 http://lists.w3.org/Archives/Member/member-xmlsec-maintwg/2007Mar/0001.html 14:41:26 q+ 14:41:37 ... XML Core closes Last Call before our f2f, but they're prepared to accept late comments from us ... 14:41:45 ... please review C14N 1.1 before f2f ... 14:41:49 ... comments to share on the list? ... 14:42:02 ... also, things noteworthy on the wiki? If so, Konrad please send mail ... 14:42:08 q? 14:42:15 ... there's also XML Coordination Group ... 14:42:31 ack thomas 14:43:21 fjh: uwa dependency? 14:43:30 zakim, unmute me 14:43:30 klanz2 should no longer be muted 14:43:37 ack klanz 14:43:38 tlr: in response to member input during AC review; mostly for charter work 14:43:50 klanz2: happens to be in the XML Core WG 14:44:14 ... they're not particularly eager to keep C14N as a deliverable ... 14:44:25 s/happens to/happen to/ 14:44:57 tlr: change of rec-track deliverables requires rechartering 14:44:59 thomas: would prefer to avoid the necessary AC review to recharter XMLSec Maint 14:45:00 zakim, mute me 14:45:00 klanz2 should now be muted 14:45:09 ... would rather avoid that during the next half year ... 14:45:43 + +1.770.615.aagg 14:45:48 fjh: external dependencies -- ietf, trying to get out as an RFC, but attempt not to have that as a blocking point ... 14:45:55 q+ 14:45:57 ... DSS and its future ... 14:46:20 q- 14:46:23 zakim, aagg is rsalz 14:46:23 +rsalz; got it 14:46:28 zakim, mute me 14:46:28 Thomas should now be muted 14:46:49 ... WS-I, basic security profile and other things, future work ... 14:46:53 ... Liberty ... 14:47:23 ... there are probably others; if we should be collaborating with other organizations and are able to help with that, please speak up on the list ... 14:47:24 q? 14:47:47 zakim, unmute me 14:47:47 Thomas should no longer be muted 14:48:50 ack jcc 14:49:08 fjh: please cover patent policy essentials at face-to-face 14:49:16 jcc: ETSI should be acknowledged ... 14:49:16 q+ 14:49:59 tlr: charter is cast in stone, but we can put the external relations somewhere on the web site 14:50:01 q+ 14:50:06 ... and do that as a living document ... 14:50:07 q- 14:50:16 fjh: jcc to send material to list 14:50:42 ACTION: Juan-Carlos to send note on ETSI liaison to mailing list 14:50:42 Sorry, couldn't find user - Juan-Carlos 14:50:48 Please add Xades to list 14:50:55 ACTION: Cruellas to send note on ETSI liaison to mailing list 14:50:57 Created ACTION-2 - Send note on ETSI liaison to mailing list [on Juan Carlos Cruellas - due 2007-04-24]. 14:51:03 rrsagent, drop action 1 14:51:11 Topic: face-to-face agenda 14:51:15 action on Xades too? 14:51:21 http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Apr/0006.html 14:51:31 Giles, the ETSI liaison is supposed to be about XADES, I think. 14:51:37 Oh OK sorry 14:52:00 fjh: think there needs to be additional item about interop ... 14:52:04 ... propose adding something on that ... 14:52:11 ... will start setup at 8:30 .. 14:52:14 ... will start 9am sharp ... 14:52:20 ... scribe volunteers please speak up on list ... 14:52:39 ... note that scribing at f2f has its benefits ... 14:53:12 ... going through inidividual points of agenda ... 14:53:20 ... need somebody to do c14n 1.1 overview ... 14:53:35 ... will talk to people this week about who is to do that ... 14:53:55 ... people on their own for lunch, there's good stuff very close ... 14:54:14 ... use C14N 1.1 for review? ... 14:54:20 ... if people have comments, please post to list ... 14:54:39 ... need a taker for decryption transform ... 14:54:50 ... if you want to talk about it, please speak up this week ... 14:55:04 fjh: thursday, setup at 8:30, start 9 sharp... 14:55:43 ... attendance on both days? 14:55:49 tlr: people indicated they'll join for *both* days 14:55:54 fjh: interop important ... 14:56:01 ... issues and implementation experience ... 14:56:15 ... quick soundbites on issues and implementations ... 14:56:17 ... 1h total? 14:56:19 ... comments? 14:56:47 fjh: after lunch, future steps ... 14:57:04 ... charter, best practices; there are some editor / tooling / mechanics questions ... 14:57:10 ... having raced through the agenda ... 14:57:26 ... any comments? 14:57:29 ??: sounds fine 14:57:32 Tony: sounds good 14:57:46 tony: come up with somethig that we want to test 14:57:54 ... use case / scenario ... 14:58:11 fjh: can people contribute in advance? 14:58:18 ... to have better use of our time ... 14:58:32 fjh: aob? 14:58:43 EdSimon: next meeting next week? 14:58:49 fjh: tentatively had scheduled it ... 14:58:53 ... then cancelled. ... 14:58:58 ... next meeting will be the face-to-face ... 14:59:12 ... from then on, 9-10 Eastern every Tuesday after that, apart of 8 May ... 14:59:16 ... we'll confirm at f2f ... 14:59:26 -Anthony_Nadalin 14:59:31 meeting adjourned 14:59:48 -Hal 14:59:50 thank you, bye 14:59:52 -GregWhitehead 14:59:53 zakim, list participants 14:59:55 -ShawnMullen 14:59:56 -Thomas 14:59:57 As of this point the attendees have been Frederick_Hirsch, +30281039aaaa, Thomas, giles, +1.443.695.aabb, rdm, +1.781.442.aacc, ShawnMullen, +1.613.447.aadd, +1.650.380.aaee, Hal, 15:00:01 ... EdSimon, GregWhitehead, JuanCarlosCruellas, Anthony_Nadalin, klanz2, +1.770.615.aaff, +1.770.615.aagg, rsalz 15:00:06 -giles 15:00:09 -rsalz 15:00:12 -rdm 15:00:14 -JuanCarlosCruellas 15:00:14 rrsagent, please draft minutes 15:00:14 I have made the request to generate http://www.w3.org/2007/04/17-xmlsec-minutes.html tlr 15:00:20 -EdSimon 15:00:38 -klanz2 15:00:52 zakim, excuse us 15:00:54 leaving. As of this point the attendees were Frederick_Hirsch, +30281039aaaa, Thomas, giles, +1.443.695.aabb, rdm, +1.781.442.aacc, ShawnMullen, +1.613.447.aadd, +1.650.380.aaee, 15:00:54 rrsagent, excuse us 15:00:54 I see 1 open action item saved in http://www.w3.org/2007/04/17-xmlsec-actions.rdf : 15:00:54 ACTION: Cruellas to send note on ETSI liaison to mailing list [2] 15:00:54 recorded in http://www.w3.org/2007/04/17-xmlsec-irc#T14-50-55 15:00:57 Zakim has left #xmlsec