See also: IRC log
<klanz2> dialing in
<jcc> can you read me?
<cgi-irc> test
<hal> for some reason initially this channel was not listed
<cgi-irc> test
fjh: thanks for joinig, I'm Frederick, ...
... thomas will scribe today, thanks ...
... maybe do a quick round of introductions here ...
rdm: Rob Miller, Security Engineer, MITRE, XML
wrt architectural issues
... having fun with NSA and cross-domain solutions ...
... would be happy to talk about that at f2f ...
shawn: Shawn Mullen, Sun Microsystems, working
on XML Sig for past few years, implementor
... have implementation shipping as part of JDK, committer for Apache ...
EdSimon: Ed Simon, working with xmlsec which is
private consulting firm ...
... co-author of xml signature and xml encryption specs ...
... keen to hear how people use it, what the issues are ...
... Invited Expert ...
grw: Greg Whitehead, HP, architect in IDM
software group, one of original specs' authors ...
... shed light on carzy things that were thought back then ...
hal: standards full-time for BEA, mostly
security standards ...
... involved with a bunch of standards that use XML Sig and Enc ...
... you name it ...
... main interest in follow-on work ...
... spurious validation errors associated with DSig ...
... maybe also tweak encryption ..
JuanCarlosCruellas: Polytech Univ Catalunia
...
... standardization involvement for a while ...
... worked on XADES development around ETSI ...
... editor during two last years (?) ...
... involved with DSS TC @ OASIS ...
... main interest is to cooperate in followup ...
... on stdzation of XML security ...
... implementation experience ...
Nadalin: Tony Nadalin, IBM, worked with Shawn
on Java implementation of XML Sig and Enc ...
... WS-Security, -Trust, other specs ...
... most interested in follow-on work ...
... severe performance problems with Sig and Enc ...
... large footprints, figure out what to do wrt moving forward with this tech
...
klanz2: Konrad Lanz, Stiftung Secure
Information Communication Technology (?) @ Graz University ...
... involved in maintaining implementations ...
... including Sig, Enc, OASIS DSS, some other Java toolkits ...
... involved in standardization work in OASIS, DSS TC there ...
... main interest in robustness of XML Signatures, false negatives are rather
bad ...
fjh: Working in security standards for some
time, including original specs, will chair this working group ...
... interest in having stuff converge, not have multiple versions of things
...
giles: Giles Hogben, ENISA, European Network
& Info Sec Agency ...
... identity management lead there ...
... main interest is to see work on European qualified signatures, XADES
within roadmap ...
... worked in the P3P working group where chaired a task force that dealt
with XML Dsig ...
tlr: W3C Team, main interest is to get the different communities that have stakes in XML Signature & friends together at one table
fjh: agenda bashing ...
... will talk briefly about scribing, schedule, charter, and look at agenda
for face-to-face ...
... do people feel anything needs to be added?
- silence -
fjh: scribe role will rotate, chair excused
from scribing ...
... haven't got exact mechanism down ...
... for 2/3 May face-to-face, will need scribes for mornings and afternoons
...
... if want to volunteer now, that would be helpful ...
... if you want to select a spot now, speak up ...
Note you can also type it into the record through IRC
fjh: or send e-mail ...
<rdm> I can scribe on the afternoon of May 2.
scheduling the weekly call, first choice is 9am Eastern slot on Tuesdays, 10am second
fjh: tentatively plan on that time. We won't have a call before the face-to-face ...
hal: if the West Coasters are happy about it, who are we East Coasters to complain?
fjh: next meeting is 8:30-5pm in Cambridge, 2/3
May
... registration form and logistics; please fill in registration ...
... any concerns or questions re face-to-face? ...
- silence -
http://www.w3.org/2005/Security/xmlsig-charter
<fjh> link for weekly scheduling results http://www.w3.org/2002/09/wbs/40279/xmlsecweekly/results
<fjh> f2f registration results page http://www.w3.org/2002/09/wbs/40279/xmlsecbos0705/results
<fjh> ballot still open for F2F, please register whether or not you plan to attend
fjh: will just go through charter ...
<klanz2> yes
<Giles> yes
fjh: goal is to do very limited work on the
spec, and then suggest charter for further work ...
... there is some other items, such as a note ...
... basic idea is to do minimum changes, then consider next steps ...
... fairly short time line especially if consider interop ...
... confidentiality: plan to do everything in public ...
... we have an administrative list for things like sending regrets or few
member-confidential items ...
... use that sparingly ...
... Frederick to chair, Thomas to team-contact ...
... suspect 3 face-to-face meetings ...
... first one in May, second as workshop, third @ tech plenary ...
... 6-8 november ...
http://www.w3.org/2002/09/TPOverview.html
scribe: need to talk about specific slots to
take in that week ...
... May 8 is conflicting wiht AC meeting; will send out e-mail about that
...
fjh: background and scope has links to
background material; there's reading list on home page as well
... XML Sig was 1999-2002 ...
... produced a bunch of recs ...
... how to sign/encrypt XML and other stuff and encapsulate results in XML
...
... Canonical XML to make signatures verify despite surface changes ...
... there's C14N 1.1 from XML Core ...
... that work is in last call ...
... one of the things to do is to comment on that ...
... get feedback to them ...
<fjh> ck klanz2
klanz2: to clarify, C14N 1.1 fixes xml:id and
xml:base issues, not related to xml 1.1
... there's also a wiki done by konrad and Jose Kahan ..
... will post pointer to IRC ...
<klanz2> http://esw.w3.org/topic/XML-Dsig?highlight=%28xml%29
<klanz2> go ahead
fjh: useful to know, thanks
... deliverables ...
... two initial ones that we need to be careful with the timing ...
... Syntax & Processing / Decryption Transform ...
... we'll need to do interop testing on these ...
... review of both of them ...
... for Syntax & Processing - since this was joint effort - give the IETF
a chance to have a last call review and have published as RFC ...
... get on track fairly quickly at face-to-face ...
... with XML Sig, starting with REC, move it to Proposed Edited Rec ...
... part of doing this is to limit the changse - no new features, no
conformance-affecting things except for the bits that we know of ...
... we're shortcutting process on that one ...
... decryption trasnform back to Working Draft, then go through the process
...
... there's some work that outlines proposed changes ...
... fold in some of the errata as well ...
<fjh> thomas: should look at reading list and Note that Thomas produced indicating the changes that need to be done
<fjh> ... this would be very useful to help those with implementations
<fjh> ... so we can get to interop and testing more easily and quickly
<fjh> ... please indicate to those in your companies doing implementations as soon as possible
<fjh> ... so we can get a start on interop
fjh: the sooner we get started on interop, the
better we'll be off
... process details to be discussed at f2f ...
... rec track deliverables are the timing critical ones due to review and
interop ...
... SHOULD do a charter for further work, reach out to other communities
...
... MAY do a note on best practices ...
... might be something to do without extra work ...
... we might be able to document things as we go ...
... but the REC track deliverables and chartering work have priority ...
... use wiki to document ideas and issues as we go, also as input for
chartering ...
... might have workshop ...
... meetings ...
... weekly, and face-to-faces ..
... plan to have phone bridge in Cambridge ...
... critical sentence in the deliverables and schedule is "early interop
testing" ...
... from introductions, looks like we're in good shape ...
... please indicate who will actually participate in interop testing ...
... private e-mail is fine, don't want to put folks on the spot right now
...
... dependencies, obviously XML Core ...
http://lists.w3.org/Archives/Member/member-xmlsec-maintwg/2007Mar/0001.html
scribe: XML Core closes Last Call before our
f2f, but they're prepared to accept late comments from us ...
... please review C14N 1.1 before f2f ...
... comments to share on the list? ...
... also, things noteworthy on the wiki? If so, Konrad please send mail
...
... there's also XML Coordination Group ...
fjh: uwa dependency?
tlr: in response to member input during AC review; mostly for charter work
klanz2: happen to be in the XML Core WG
... they're not particularly eager to keep C14N as a deliverable ...
tlr: change of rec-track deliverables requires rechartering
<fjh> thomas: would prefer to avoid the necessary AC review to recharter XMLSec Maint
tlr: would rather avoid that during the next half year ...
fjh: external dependencies -- ietf, trying to
get out as an RFC, but attempt not to have that as a blocking point ...
... DSS and its future ...
... WS-I, basic security profile and other things, future work ...
... Liberty ...
... there are probably others; if we should be collaborating with other
organizations and are able to help with that, please speak up on the list
...
... please cover patent policy essentials at face-to-face
jcc: ETSI should be acknowledged ...
tlr: charter is cast in stone, but we can put
the external relations somewhere on the web site
... and do that as a living document ...
fjh: jcc to send material to list
<Giles> Please add Xades to list
<scribe> ACTION: Cruellas to send note on ETSI liaison to mailing list [recorded in http://www.w3.org/2007/04/17-xmlsec-minutes.html#action02]
<trackbot-ng> Created ACTION-2 - Send note on ETSI liaison to mailing list [on Juan Carlos Cruellas - due 2007-04-24].
<Giles> action on Xades too?
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Apr/0006.html
<tlr> Giles, the ETSI liaison is supposed to be about XADES, I think.
<Giles> Oh OK sorry
fjh: think there needs to be additional item
about interop ...
... propose adding something on that ...
... will start setup at 8:30 ..
... will start 9am sharp ...
... scribe volunteers please speak up on list ...
... note that scribing at f2f has its benefits ...
... going through inidividual points of agenda ...
... need somebody to do c14n 1.1 overview ...
... will talk to people this week about who is to do that ...
... people on their own for lunch, there's good stuff very close ...
... use C14N 1.1 for review? ...
... if people have comments, please post to list ...
... need a taker for decryption transform ...
... if you want to talk about it, please speak up this week ...
... thursday, setup at 8:30, start 9 sharp...
... attendance on both days?
tlr: people indicated they'll join for *both* days
fjh: interop important ...
... issues and implementation experience ...
... quick soundbites on issues and implementations ...
... 1h total?
... comments?
... after lunch, future steps ...
... charter, best practices; there are some editor / tooling / mechanics
questions ...
... having raced through the agenda ...
... any comments?
??: sounds fine
Tony: sounds good
... come up with somethig that we want to test
... use case / scenario ...
fjh: can people contribute in advance?
... to have better use of our time ...
... aob?
EdSimon: next meeting next week?
fjh: tentatively had scheduled it ...
... then cancelled. ...
... next meeting will be the face-to-face ...
... from then on, 9-10 Eastern every Tuesday after that, apart of 8 May
...
... we'll confirm at f2f ...
meeting adjourned
<klanz2> thank you, bye