13:38:31 RRSAgent has joined #xmlsec 13:38:31 logging to http://www.w3.org/2007/11/27-xmlsec-irc 13:38:33 RRSAgent, make logs public 13:38:33 Zakim has joined #xmlsec 13:38:35 Zakim, this will be XMLSEC 13:38:35 ok, trackbot-ng; I see T&S_XMLSEC()9:00AM scheduled to start in 22 minutes 13:38:37 Meeting: XML Security Specifications Maintenance Working Group Teleconference 13:38:39 Date: 27 November 2007 13:38:46 ScribeNick: tlr 13:39:29 Agenda: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Nov/0024.html 13:39:33 me hmmm trackbot seemed to do some stuff. note that the agenda is out of date. is there easy way to update trackbot when updating agenda? 13:40:18 Yes, just put another "Agenda: ..." line into IRC. 13:41:55 tlr has changed the topic to: http://www.w3.org/2007/xmlsec/ | Agenda: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Nov/0024.html 13:43:24 Chair: Frederick Hirsch 13:55:23 sean has joined #xmlsec 13:55:50 hal has joined #xmlsec 13:55:55 pdatta has joined #xmlsec 13:57:13 T&S_XMLSEC()9:00AM has now started 13:57:19 zakim, call thomas-781 13:57:20 ok, tlr; the call is being made 13:57:21 +Frederick_Hirsch 13:57:21 +Thomas 13:57:45 zakim, code? 13:57:45 the conference code is 965732 (tel:+1.617.761.6200 tel:+33.4.89.06.34.99 tel:+44.117.370.6152), klanz2 13:58:33 + +40.00.000.aaaa 13:58:36 zakim, ? is klanz2 13:58:36 sorry, klanz2, I do not recognize a party named '?' 13:58:42 zakim, aaaa is klanz2 13:58:42 +klanz2; got it 13:58:42 zakim, mute me 13:58:43 klanz2 should now be muted 13:58:49 zakim, who is here? 13:58:49 On the phone I see Frederick_Hirsch, Thomas, klanz2 (muted) 13:58:50 On IRC I see pdatta, hal, sean, Zakim, RRSAgent, FrederickHirsch, trackbot-ng, tlr, klanz2 14:00:44 +sean 14:01:01 +Ed_Simon 14:01:16 Regrets: Juan Carlos Cruellas, Rob Miller 14:01:16 +Hal 14:01:17 -Frederick_Hirsch 14:01:44 EdS has joined #xmlsec 14:02:03 PHB has joined #xmlsec 14:02:49 I just have decided not to talk ... ;-) 14:03:18 +brich 14:03:24 +Frederick_Hirsch 14:03:45 pdatta has joined #xmlsec 14:03:54 shivaram has joined #xmlsec 14:03:55 zakim, who is here? 14:03:55 On the phone I see Thomas, klanz2 (muted), +1.617.876.aabb, Ed_Simon, Hal, +1.512.401.aacc, Frederick_Hirsch 14:03:57 On IRC I see shivaram, pdatta, PHB, EdS, hal, sean, Zakim, RRSAgent, FrederickHirsch, trackbot-ng, tlr, klanz2 14:04:00 Topic: Administrivia: scribe confirmation, next meeting, other 14:04:04 frederick: welcome back 14:04:22 zakim, list participants 14:04:22 As of this point the attendees have been Frederick_Hirsch, Thomas, +40.00.000.aaaa, klanz2, sean, Ed_Simon, Hal, brich 14:04:29 + +1.650.506.aabb 14:04:36 zakim, aacc is brich 14:04:36 +brich; got it 14:04:39 brich has joined #xmlsec 14:04:41 zakim, aabb is pdatta 14:04:41 +pdatta; got it 14:04:54 zakim, aacc is BruceRich 14:04:54 sorry, tlr, I do not recognize a party named 'aacc' 14:05:14 zakim, who is here? 14:05:14 On the phone I see Thomas, klanz2 (muted), pdatta, Ed_Simon, Hal, brich, Frederick_Hirsch, +1.650.506.aabb 14:05:17 On IRC I see brich, shivaram, pdatta, PHB, EdS, hal, sean, Zakim, RRSAgent, FrederickHirsch, trackbot-ng, tlr, klanz2 14:05:33 (unless shivaram is on the phone) 14:05:53 frederick: minutes from face-to-face accepted? 14:06:02 s/face-to-face/October 30 meeting/ 14:06:06 RESOLUTION: October 30 minutes approved 14:06:12 http://www.w3.org/2007/10/30-xmlsec-minutes 14:06:19 frederick: face-to-facce minutes accepted? 14:06:23 RESOLUTION: face-tof-ace minutes accepted 14:06:29 http://www.w3.org/2007/11//08-xmlsec-minutes 14:06:35 http://www.w3.org/2007/11/09-xmlsec-minutes 14:06:40 Topic: XML Signature update 14:06:47 frederick: updated draft according to discussion at face-to-face ... 14:06:50 ... redline is available ... 14:06:55 ... hope people had chance to look ... 14:06:56 I am still dialing in ... 14:07:00 http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Nov/0018.html 14:07:15 ... section that was changed is section 4 ... 14:07:57 ... also, removed "Applications must be able to parse URI syntax" ... 14:08:24 + +1.408.907.aacc 14:08:30 zakim, aacc is shivaram 14:08:30 +shivaram; got it 14:08:48 clean http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/nochanges.html#sec-URI 14:09:06 removed XML signature applications MUST be able to parse URI syntax. 14:10:37 frederick: clean version shows section without the removed stuff 14:10:48 q+ 14:10:56 ack tlr 14:11:37 tlr: where does "a string as" come from? 14:11:48 frederick: believe face-to-face? 14:11:59 using a string as a URI-Reference - change introduced at F2F in discussion, konrad? 14:12:04 PHB2 has joined #xmlsec 14:12:45 zakim, code 14:12:45 I don't understand 'code', PHB2 14:12:47 zakim, code? 14:12:48 the conference code is 965732 (tel:+1.617.761.6200 tel:+33.4.89.06.34.99 tel:+44.117.370.6152), PHB2 14:13:14 +PHB 14:13:17 did people hear what I said ? 14:13:28 is this better: The URI attribute string value identifies a data object as a URI-Reference 14:14:19 see "klanz: should say "using a string as a URI reference"" in 8 Nov minujt 14:15:44 sean agrees with tlr 14:15:54 The URI attribute identifies a data object using as a URI-Reference 14:16:00 tlr: Don'T think the "as string" helps; more likely to cause confusion. Underlying concern unfounded, as we sayi n the next paragraph that there is a mapping. 14:16:01 choice #1 14:16:02 sean: agree 14:16:22 The URI attribute identifies a data object using a URI-Reference" 14:16:35 +1 14:17:29 RESOLUTION: revert first sentence in 4.3.3.1 to "The URI attribute identifies a data object using a URI-Reference" 14:17:57 rrsagent, where am I? 14:17:57 See http://www.w3.org/2007/11/27-xmlsec-irc#T14-17-57 14:18:31 frederick: any other issues? 14:18:55 PROPOSED RESOLUTION: considering all issues with dsig-core closed 14:19:09 RESOLUTION: considering all issues with dsig-core closed 14:19:48 Topic: C14N11 red line 14:19:59 frederick: sent a new redline to xml core 14:20:03 sent a new redline to xml core reflecting changes and examples 14:20:16 http://www.w3.org/2007/xmlsec/c14n11/07-11-20-redline/ 14:20:24 frederick: have people looked at this? 14:20:56 tlr: my browser history says this is what I looked at, and I didn'T find any issues 14:21:01 frederick: would like to walk through some 14:21:10 The "Remove Dot Segments" algorithm is modified to ensure that a combination of two xml:base attribute 14:21:30 values that include relative path components (i.e., path components that do not begin with a '/' 14:21:41 character) results in an attribute value that is a relative path component. 14:21:52 -- added this as bullet 14:22:05 frederick: putting key changes into IRC... 14:22:15 ... modifying algorithm to combine relative path components ... 14:22:30 ... also, add examples from previous discussion ... 14:22:45 -Frederick_Hirsch 14:23:08 ... third change, to +++ATH ... 14:23:17 1. added bullet, 2. added examples, see document, 3. change to xml:id in examples, 4. give link for `appendix A content 14:23:46 +Frederick_Hirsch 14:23:55 Two questions: (1) any issue with this change from inspection 14:24:10 (2) implementations to enable xml core to accept 14:25:21 bruce: Looking for the examples 14:25:30 http://www.w3.org/2007/xmlsec/c14n11/07-11-20-redline/ 14:25:37 frederick: in the document 14:25:40 bruce: where? 14:25:45 http://www.w3.org/2007/xmlsec/c14n11/07-11-20-redline/c14n11-update-clean.pdf 14:26:09 lines 108 to 128 14:26:44 tlr: lines 119++? 14:26:46 3 bullets and removal of b and c from xml example 14:27:36 tlr: 108-111 examples for combining URI references, 119+ XML example 14:27:39 brich: in the original test suite? 14:27:43 tlr: no, discovered at tech plenary 14:27:53 klanz2: similar test cases for appendix a 14:27:59 ... can be seen in mail ... 14:28:11 ... mentioned "ending in .." problem ... 14:28:48 ... should have been exercised in appendix a ... 14:29:01 Question can we test these 4 cases explicitly, 3 Remove-Dot-Segment test and the one XML input and output 14:29:25 tlr: this occurs while input for appendix a algorithm is prepared 14:29:40 klanz2: ?? 14:29:51 http://www.w3.org/2007/xmlsec/interop/c14n11/appendixa/inputs.txt 14:30:01 http://www.w3.org/2007/xmlsec/interop/c14n11/appendixa/outputs.txt 14:30:24 tlr: problem is that trailing path segment of left-hand side is removed in 3986, which is wrong if that left-hand side is relative URI reference with trailing .. 14:30:36 http://www.w3.org/2007/xmlsec/interop/xmlsig-interop-doc/testcases.html#XMLBASE_ANNEXA 14:31:10 klanz2: should have same results now as at the interop 14:31:24 frederick: would like to have this in c14n 1.1 document 14:31:32 ... would like to be able to say that we have tested the examples provided ... 14:31:39 ... this seems to be a small, slightly different set ... 14:31:43 ... can we test and include with core? 14:31:50 q+ 14:32:04 klanz2: Can we use the old examples? 14:32:11 ack tlr 14:32:57 frederick: is this really covered with test suite 14:33:08 tlr: same question, not sure I heard that at the f2f 14:33:17 q+ 14:33:25 ack sean 14:33:25 ack sean 14:33:34 sean: was under impression we're adding this as new test case 14:33:44 ... waiting for tlr ... 14:34:17 -Frederick_Hirsch 14:34:23 the link near the end of the doc is broken 14:34:40 http://lists.w3.org/Archives/Public/public-xml-core-187wg/2007Jun/att-0050/Apendix_20060625.html 14:34:40 tlr: sorry to have slacked on this 14:34:51 sean: wanted to update some other material in test suite as well 14:35:06 Sean - do you have list of what else to be updated? 14:35:10 tlr: let's stay on after this call and try to get this test case in right away. 14:35:13 +Frederick_Hirsch 14:35:25 klanz2: yes, need an integrated test; agree 14:35:38 ... had another look at the test cases ... 14:37:00 frederick: rejoining; confused 14:37:15 ... do we have remove_dot_segments "unit tests"? 14:37:19 http://www.w3.org/2007/xmlsec/interop/c14n11/appendixa/outputs.txt 14:37:43 http://www.w3.org/2007/xmlsec/interop/c14n11/appendixa/inputs.txt 14:37:52 klanz2: confident that we can split these at any forward slash, combine, and get same results 14:37:59 ... but agree that we should have integrated test ... 14:38:43 frederick: 3 tests needed 14:38:46 ... 1. example in redline 14:38:51 ... 2. bullets in redline 14:39:02 ... think we have mechanism to test that as well 14:39:40 ... any need for actions? 14:39:45 tlr: umh, no, still have that one 14:39:52 frederick: wait for sean, thomas to come back 14:39:55 tlr: yes, think so 14:40:28 topic: chartering for follow-up work 14:40:33 frederick: worked on this at face-to-face 14:40:38 ... thought we reached pretty good point ... 14:40:43 ... distribute to wider audience for feed-back ... 14:40:49 +1 14:40:55 ... any problems with sharing this ... 14:41:10 +1 to sharing with -discuss 14:41:15 ... and sending heads-up to aC 14:42:38 tlr: share with workshop participants and send heads up to AC, before formal team process occurs 14:43:55 4 week AC review is later step in process 14:44:09 now considering AC advanced notice. 14:44:15 tlr: (explains process) 14:44:38 proposed: to share with workshop participants, work with comm team to send advance notice 14:45:03 RESOLUTION: to share current material with workshop participants, work with comm team to send advance notice 14:45:18 ACTION: thomas to send message to public-xmlsec-discuss to solicit feed-back 14:45:18 Created ACTION-118 - Send message to public-xmlsec-discuss to solicit feed-back [on Thomas Roessler - due 2007-12-04]. 14:45:26 ACTION: thomas to work with comm team on AC advance notice 14:45:26 Created ACTION-119 - Work with comm team on AC advance notice [on Thomas Roessler - due 2007-12-04]. 14:45:39 topic: interop report 14:45:47 frederick: think we're ready 14:45:52 ... next step is template and fill it in 14:45:53 tlr: yes 14:46:05 ... another overdue action item, sorry ... 14:46:19 frederick: c14n 1 closure is the other action item here, so we don't rework stuff 14:46:39 topic: best practices 14:46:46 frederick: ed, think nobody ever responded 14:47:02 ... to ASN.1 issue ... 14:47:09 ed: ?? got back to me, couldn't see security issue 14:47:16 ... don't have that e-mail in front of me ... 14:47:29 ... totally swamped last three weeks ... 14:47:41 ... we can probably close this issue ... 14:47:45 ... if anything new, will point that out ... 14:47:58 ... anything we need to do as result of this question? 14:48:06 s/... anything/frederick: anything/ 14:48:14 ed: idea was to consult with ASN.1 expert to take look 14:48:28 ... still a bit confused as to security considerations in RFC ... 14:48:38 ... whether they are applicable as security considerations ... 14:48:41 ... RFC 4514 ... 14:48:49 ... not sure why it wouldn't affect work we#re doing ... 14:48:56 ... tend to agree there isn't much of a hole there ... 14:49:01 ... hard to say anything defnitive right now 14:49:01 Did we ever decide on which wording of the best practice we desired? 14:49:36 frederick: anything we should record and distill from this? 14:49:43 ... don't want to just close this ... 14:49:57 ... other question is hal and who else were interested to look at some material ... 14:50:03 ... Hal and Sean, I think ... 14:50:07 sean: yes 14:50:10 zakim, who is here? 14:50:10 On the phone I see Thomas, klanz2 (muted), pdatta, Ed_Simon, Hal, brich, +1.650.506.aabb, shivaram, PHB, Frederick_Hirsch 14:50:12 On IRC I see PHB2, brich, shivaram, pdatta, PHB, EdS, hal, sean, Zakim, RRSAgent, FrederickHirsch, trackbot-ng, tlr, klanz2 14:50:15 I am interested, may start in Dec 14:50:38 topic: any other topics? 14:51:26 tlr: started team process for extension of this WG through March 14:51:51 2008 14:52:32 tlr: note that this does not imply overlap between this group and the follow-up group 14:52:34 next step would be message to AC indicating group extended, no additional work for WG 14:52:46 ... aim of the process is that after director decides, extension announced to AC ... 14:52:59 Topic: action item review 14:53:03 ACTION-74 continued 14:53:11 ACTION-105 continued 14:53:33 frederick: Sean and Hal to work on the Wiki? What's the plan? 14:53:37 ACTION-105? 14:53:37 ACTION-105 -- Frederick Hirsch to start issues list for best practices -- due 2007-10-30 -- OPEN 14:53:37 http://www.w3.org/2007/xmlsec/Group/track/actions/105 14:53:46 wiki is fine for me 14:54:00 ACTION-105 continued; might be overtaken 14:54:02 ACTION-109? 14:54:02 ACTION-109 -- Thomas Roessler to provide example for "isolated .." case -- due 2007-11-15 -- OPEN 14:54:02 http://www.w3.org/2007/xmlsec/Group/track/actions/109 14:54:11 ACTION-110? 14:54:11 ACTION-110 -- Frederick Hirsch to update redline and share with xml:core -- due 2007-11-15 -- OPEN 14:54:11 http://www.w3.org/2007/xmlsec/Group/track/actions/110 14:54:20 trackbot-ng, close ACTION-110 14:54:20 ACTION-110 Update redline and share with xml:core closed 14:54:22 ACTION-111? 14:54:22 ACTION-111 -- Frederick Hirsch to review examples in C14N 1.1 and propose detailed changes to use xml:Id -- due 2007-11-15 -- OPEN 14:54:22 http://www.w3.org/2007/xmlsec/Group/track/actions/111 14:54:35 trackbot-ng, close ACTION-111 14:54:35 ACTION-111 Review examples in C14N 1.1 and propose detailed changes to use xml:Id closed 14:54:42 ACTION-112? 14:54:42 ACTION-112 -- Thomas Roessler to prepare interop report template -- due 2007-11-15 -- OPEN 14:54:42 http://www.w3.org/2007/xmlsec/Group/track/actions/112 14:54:47 ACTION-113? 14:54:47 ACTION-113 -- Sean Mullan to update testcase document -- due 2007-11-15 -- OPEN 14:54:47 http://www.w3.org/2007/xmlsec/Group/track/actions/113 14:55:01 frederick: sean, waht was that about again? 14:55:08 sean: there's test case that's in suite, not in document 14:55:19 ... just generally review document to make sure it's consistent with test suite 14:55:23 frederick: time line? 14:55:27 sean: this week 14:55:29 ACTION-113 continued 14:55:33 ACTION-114? 14:55:33 ACTION-114 -- Thomas Roessler to ensure that result from ACTION-109 goes into test suite -- due 2007-11-15 -- OPEN 14:55:33 http://www.w3.org/2007/xmlsec/Group/track/actions/114 14:55:44 ACTION-115? 14:55:44 ACTION-115 -- Juan Carlos Cruellas to review EXI with respect to correct XML Security usage -- due 2007-12-10 -- OPEN 14:55:44 http://www.w3.org/2007/xmlsec/Group/track/actions/115 14:55:51 frederick: Juan Carlos told us he's working on this 14:55:54 ACTION-116? 14:55:54 ACTION-116 -- Frederick Hirsch to remind Donald to review XML Signature and Encryption home pages for accuracy -- due 2007-11-16 -- OPEN 14:55:54 http://www.w3.org/2007/xmlsec/Group/track/actions/116 14:56:00 frederick: haven't yet done, should do 14:56:23 frederick: scribe for next meeting? 14:56:27 ... ed? ... 14:56:29 ed - scribed oct 30 14:56:31 ed: can do, but scribed October 30 14:56:44 ... would rather not ... 14:56:57 sean: will scribe 14:57:02 ... btw, regrets two weeks from now ... 14:57:21 I will scribe for Dec. 13 14:57:22 frederick: hope we're in better shape wrt test cases and c14n 1.1 testing 14:57:37 ... if we can get impl testing under way, that would be great ... 14:57:41 ... will coordinate wiht XML Core ... 14:57:49 ed, there is no meeting on Dec 13. It's Dec 11 14:57:55 frederick: anything else? 14:58:05 shivaram: XML Conf in Boston next week? 14:58:07 OK, Dec. 11 14:58:17 -klanz2 14:58:38 +??P12 14:58:40 zakim, ? is klanz2 14:58:40 +klanz2; got it 14:58:42 ... anybody going? ... 14:58:49 Frederick: won't be there 14:58:55 shivaram: might be interesting to meet up 14:59:01 no 14:59:05 frederick: if people get together, that's of course great 14:59:30 ... shivaram, why don't you post to the list ... 14:59:40 -- adjourned -- 14:59:47 zakim, list participants 14:59:47 As of this point the attendees have been Frederick_Hirsch, Thomas, +40.00.000.aaaa, klanz2, sean, Ed_Simon, Hal, brich, +1.650.506.aabb, pdatta, +1.408.907.aacc, shivaram, PHB 14:59:50 rrsagent, please draft minutes 14:59:50 I have made the request to generate http://www.w3.org/2007/11/27-xmlsec-minutes.html tlr 14:59:55 -Hal 14:59:59 thx, bye 14:59:59 -shivaram 15:00:01 bye 15:00:02 -PHB 15:00:11 -brich 15:00:15 - +1.650.506.aabb 15:00:20 -Ed_Simon 15:00:25 like fencing in a car radio 15:01:34 zakim, who is here? 15:01:34 On the phone I see Thomas, pdatta, Frederick_Hirsch, klanz2 15:01:35 On IRC I see PHB2, PHB, sean, Zakim, RRSAgent, FrederickHirsch, trackbot-ng, tlr, klanz2 15:02:19 tlr, I could not verify the sig you've sent to me ... 15:02:31 the second one? 15:02:41 yes 15:03:18 -Frederick_Hirsch 15:03:20 zakim, who is talking 15:03:26 zakim, who is talking? 15:03:38 I don't understand 'who is talking', klanz2 15:03:49 klanz2, listening for 10 seconds I heard sound from the following: Thomas (79%), pdatta (65%) 15:05:02 thx 15:05:36 -pdatta 15:05:57 moment 15:06:12 http://www.w3.org/2007/11/h6n/Overview-signature.xml 15:07:05 � � � � � � � � � � � � 15:13:05 -Thomas 15:17:33 -klanz2 15:17:34 T&S_XMLSEC()9:00AM has ended 15:17:35 Attendees were Frederick_Hirsch, Thomas, +40.00.000.aaaa, klanz2, sean, Ed_Simon, Hal, brich, +1.650.506.aabb, pdatta, +1.408.907.aacc, shivaram, PHB 17:18:07 Zakim has left #xmlsec 17:38:48 PHB has left #xmlsec