See also: IRC log
final meeting of this working group, new one starts with F2F in Barcelona
RESOLUTION: Minutes from 10 June approved
PROPOSAL: Minutes from this meeting will be approved as of Friday if no objections raised via email
<fjh> upcoming wg instructions http://www.w3.org/2004/01/pp-impl/42458/instructions
<fjh> F2F for next WG planned. 16-17 July, Barcelona
<fjh> http://www.w3.org/2008/xmlsec/Group/barcelona.html
<fjh> Technical Plenary / Advisory Committee Meetings Week, 20 - 24 October 2008
<fjh> XML Security scheduled Monday 20 October - Tuesday 21 October
<fjh> Schedule: http://www.w3.org/2008/10/TPAC/Schedule
<fjh> XML Signature, Syntax and Processing (Second Edition) Published as Recommendation, 10 June 2008
<fjh> http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/
<fjh> Test cases published as Working Group Note, 10 June 2008
<fjh> http://www.w3.org/TR/2008/NOTE-xmldsig2ed-tests-20080610/
<fjh> References http://lists.w3.org/Archives/Member/member-xmlsec-maintwg/2008Jun/0011.html
Bulk of work done, but RFC updates needed
Direct quotes from RFC 2828 need to be checked
<fjh> additional note from Donald Eastlake http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2008Jun/0020.html
Document will be sent to list, comments welcome
<fjh> document http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2008Jun/att-0020/Xsig2-19fftoc.txt
Front matter and end matter are most critical for review
Question: does this WG mailing list continue after formal close of group activities?
hopefully, it will persist for a while
<tlr> ACTION: frederick to update XML Signature errata to reflect RFC version's reference changes [recorded in http://www.w3.org/2008/06/17-xmlsec-minutes.html#action01]
<trackbot> Created ACTION-170 - Update XML Signature errata to reflect RFC version's reference changes [on Frederick Hirsch - due 2008-06-24].
<tlr> action-170?
<trackbot> ACTION-170 -- Frederick Hirsch to update XML Signature errata to reflect RFC version's reference changes -- due 2008-06-24 -- OPEN
<trackbot> http://www.w3.org/2007/xmlsec/Group/track/actions/170
<tlr> action-170?
<trackbot> ACTION-170 -- Thomas Roessler to update XML Signature errata to reflect RFC version's reference changes, based on input from Don Eastlake -- due 2008-06-24 -- OPEN
<trackbot> http://www.w3.org/2007/xmlsec/Group/track/actions/170
Public draft will be posted in a week or so
IETF Last Call will take 4 weeks or so
<fjh> Please review and provide comment on the list in the next week
<fjh> will continue to use current WG mail list until new WG starts
Updated version of schema provided by Norm
<fjh> updates schema http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2008Jun/0011.html
Thomas will continue to work action items on this
Access control discussion
<fjh> http://lists.w3.org/Archives/Member/member-xmlsec-maintwg/2008Jun/0009.html
Timetable for releasing the best practices doc will likely extend into the next group
<fjh> not give formula in document for denial of service, give general discussion.
<fjh> desire to also give implementers time to work on this material
tlr...want to preserve clarity of communication in the document
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2008Jun/0014.html
<fjh> sean: advice rather than rules..
<klanz2> +1
<brich> +1
<fjh> +1
<fjh> timestamp text revision http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2008Jun/0019.html
all drafts are currently world-readable...should this be restricted a bit?
<klanz2> http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/samples/ --> member only ?
RESOLUTION: Change the best practices directory to be member-confidential only
klanz suggests tooling needs to change to render attacks less effective (e.g., XSLT, XPath DOS attacks)
<fjh> klanz: notes that we need to inform working groups in these other groups regarding potential security issues
<fjh> new wg should share security considerations with other wg
<fjh> hal: not necessarily signature specific, more generic issues come out
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2008Jun/0019.html
RESOLUTION: pratik to incorporate jcc's updates, folding in sean's comments
action-158 still open
action-166 still open
ACTION-167 close
<tlr> trackbot, close ACTION-167
<trackbot> ACTION-167 Propose change to timestamp text to address requirement for trusted third parties. closed
action-168 still open, will go for new tracker
action-169 still open
Agenda updates for F2F are still welcome