See also: IRC log
<trackbot> Date: 02 December 2008
<scribe> Scribe: Scott Cantor
<scribe> Agenda: http://lists.w3.org/Archives/Public/public-xmlsec/2008Dec/0003.html
F2F 13-14 January
logistics http://lists.w3.org/Archives/Member/member-xmlsec/2008Nov/0035.html
registratiion page http://www.w3.org/2002/09/wbs/42458/xmlsecredwood0109/
ws-policy errata
http://lists.w3.org/Archives/Public/public-ws-policy/2008Nov/0002.html
http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0053.html
FIPS 186-3 (DSS)
please review and indicate any comments on the public list
pdatta: need attendance info for F2F a week before the meeting
http://www.w3.org/2008/11/18-xmlsec-minutes
RESOLUTION: Minutes for 18 Nov 2008 approved
<tlr> so marked
ISSUE-72 closed, requirement for DTD solved (up to WG, though preferred)
Default attributes in XML Signature
http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0054.html
sean msg http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0055.html
proposed resolution: adopt the proposal from magnus regarding default attributes, removing material starting with "Another possibility"
<brich> +1
RESOLUTION: adopt the proposal from magnus regarding default attributes, removing material starting with "Another possibility"
ACTION: fjh to add default attribute language to Best Practices doc [recorded in http://www.w3.org/2008/12/02-xmlsec-minutes.html#action01]
<trackbot> Created ACTION-111 - Add default attribute language to Best Practices doc [on Frederick Hirsch - due 2008-12-09].
http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.htm
http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/xmldsig-ecc.xsd
http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview_diff.htm
fjh: suggested we drop DSA from required list
Still require DSAwithSHA1?
http://lists.w3.org/Archives/Public/public-xmlsec/2008Dec/0000.html
bal: original key size defined was too small anyway, and the RSA patent was the big driver for DSA
<csolc> required for verification
bal: would prefer to see it optional, not even recommended
<rdmiller> +1
bal: might want to say something about key size anyway, if it's left as required for verifying
bal: would prefer not to see it as recommended at all, and have the spec make it optional and note the issues around it
csolc: needs to be required to verify, but we need language either way explaining the issues
ACTION: bal to draft text on DSA issues for 1.1 [recorded in http://www.w3.org/2008/12/02-xmlsec-minutes.html#action02]
<trackbot> Created ACTION-112 - Draft text on DSA issues for 1.1 [on Brian LaMacchia - due 2008-12-09].
<fjh> ietf feedback - http://lists.w3.org/Archives/Member/member-xmlsec/2008Dec/0001.html
fjh: need feedback from implementers on algorithm changes
<fjh> Brian action should include drafting language about MUST and MAY for DSAwithSHA1
fjh: want to publish a draft of 1.1 in January
fjh: would be good for tlr to get versioning text out to the list
ACTION: tlr to suggest text re versioning and namespaces for XML Signature [recorded in http://www.w3.org/2008/12/02-xmlsec-minutes.html#action03]
<trackbot> Created ACTION-113 - Suggest text re versioning and namespaces for XML Signature [on Thomas Roessler - due 2008-12-09].
scantor: noted some 1.1 cleanup for text language eg RetrievalMethod etc could be useful
pdatta: think most of the newer proposals would be for 2.0, so not a short term impact on 1.1
group notes that streaming and transform material in 2.0
sean notes could encourage XPath filter in 1.1 instead of XPath
<csolc> +1
tlr: how much effort do we spend on the current transform model?
csolc notes moving transforms to optional in 1.1 is a heads up for 2.0
brich: seemed that 1.1 would be for adding algorithms, and 2.0 would take things out
fjh notes that 1.1 could have some clarifications - need to give heads up in email announcing 1.1 about 2.0, request feedback on 1.1 and requirements for 2.0
ACTION: scantor to propose language improvements for 1.1 draft [recorded in http://www.w3.org/2008/12/02-xmlsec-minutes.html#action04]
<trackbot> Created ACTION-114 - Propose language improvements for 1.1 draft [on Scott Cantor - due 2008-12-09].
ACTION: smullan to craft language on encouraging XPath2 Filter for Best Practices doc [recorded in http://www.w3.org/2008/12/02-xmlsec-minutes.html#action05]
<trackbot> Created ACTION-115 - Craft language on encouraging XPath2 Filter for Best Practices doc [on Sean Mullan - due 2008-12-09].
http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0050.html
scott outlined his proposal for 1.1 and also the best practices
scott noted based on text from Magnus with additions
RESOLUTION: accept proposed text for 1.1 and BP drafts
ACTION: fjh to add approved certificate encoding text to drafts [recorded in http://www.w3.org/2008/12/02-xmlsec-minutes.html#action06]
<trackbot> Created ACTION-116 - Add approved certificate encoding text to drafts [on Frederick Hirsch - due 2008-12-09].
http://lists.w3.org/Archives/Member/member-xmlsec/2008Nov/0033.html
RESOLUTION: approved updates to public web site
http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0049.html
scott recorded issues he noted with xml Signature schema, in four categories
scott noted IDs, Attribute Extensibility, Mixed Content, KeyInfo child issues as issues
scott noted not a generic schema redesign from scratch but note of issues
scott noted that may not want to pass bare keys exactly as OpenSSL but need to do something, this would be a new element
scott asks is it appropriate for 1.1 to add this addition for key?
scott or additional document , perhaps using 2.0 namespace in advance
ACTION: scantor to propose a schema and language for bare key encoding in KeyInfo [recorded in http://www.w3.org/2008/12/02-xmlsec-minutes.html#action07]
<trackbot> Created ACTION-117 - Propose a schema and language for bare key encoding in KeyInfo [on Scott Cantor - due 2008-12-09].
scott notes could use separate namespace for this, not 2.0 or 1.0
need to determine namespace to use for this
updated draft http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0044.html
web services requirements http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0036.html
RESOLUTION: add Hal's text to requirements doc
ACTION: fjh to add web services text from Hal to Requirements draft [recorded in http://www.w3.org/2008/12/02-xmlsec-minutes.html#action08]
<trackbot> Created ACTION-118 - Add web services text from Hal to Requirements draft [on Frederick Hirsch - due 2008-12-09].
http://www.w3.org/2008/xmlsec/Drafts/transform-note/Overview.html
ACTION: fjh to add pointer to Transforms note to Requirements draft [recorded in http://www.w3.org/2008/12/02-xmlsec-minutes.html#action09]
<trackbot> Created ACTION-119 - Add pointer to Transforms note to Requirements draft [on Frederick Hirsch - due 2008-12-09].
ISSUE-32, http://www.w3.org/2008/xmlsec/track/issues/32
fjh: do we need to add metadata as a requirement for 2.0?
scott notes that one separable aspect of metadata is about signing context, signer etc. Applies to signature in a business sense...
<csolc> new namespace and add a version attribute.
<Gerald-Edgar> What kind of metadata are we speaking of? it could be anything about the signature. Will we be defing a standard set of metadata? One example would be the relation of the signature applied to other signatures such as signatures with expired certificates.
scott notes for whitespace topic could have class of documents that are not mixed content, hence requirement on c14n
<scantor> fjh: please send suggestions for F2F topics to list
<scantor> fjh: will close pending actions
tlr has items for 1.1 including separating normative and informative references, so keep ACTION-2 open
tlr: W3C notes can be done as HTML or with xmlspec to generate the HTML
http://lists.w3.org/Archives/Public/public-xmlsec/2008Oct/0042.html
algorithm uri, document reference, what it is
fjh reviewed open issues
issue74 hmac-sha256 required in 1.1?
<kyiu> I think the issue is referring to a question about the status of HMAC-SHA256 in SP 800-57 Part 1
ACTION: kyiu to review SP 800-57 for HMAC-SHA256 item [recorded in http://www.w3.org/2008/12/02-xmlsec-minutes.html#action10]
<trackbot> Created ACTION-120 - Review SP 800-57 for HMAC-SHA256 item [on Kelvin Yiu - due 2008-12-09].
issue-77 ordering requirement in signature 1.1
<scantor> ISSUE-70 closed
<scantor> Issue-77 can be closed
[NEW]
ACTION: bal to draft text on DSA issues for 1.1
[recorded in http://www.w3.org/2008/12/02-xmlsec-minutes.html#action02]
[NEW] ACTION: fjh to add
approved certificate encoding text to drafts [recorded in
http://www.w3.org/2008/12/02-xmlsec-minutes.html#action06]
[NEW] ACTION: fjh to add
default attribute language to Best Practices doc [recorded in
http://www.w3.org/2008/12/02-xmlsec-minutes.html#action01]
[NEW] ACTION: fjh to add
pointer to Transforms note to Requirements draft [recorded in
http://www.w3.org/2008/12/02-xmlsec-minutes.html#action09]
[NEW] ACTION: fjh to add web
services text from Hal to Requirements draft [recorded in
http://www.w3.org/2008/12/02-xmlsec-minutes.html#action08]
[NEW] ACTION: kyiu to review SP
800-57 for HMAC-SHA256 item [recorded in http://www.w3.org/2008/12/02-xmlsec-minutes.html#action10]
[NEW] ACTION: scantor to
propose a schema and language for bare key encoding in KeyInfo
[recorded in http://www.w3.org/2008/12/02-xmlsec-minutes.html#action07]
[NEW] ACTION: scantor to
propose language improvements for 1.1 draft [recorded in http://www.w3.org/2008/12/02-xmlsec-minutes.html#action04]
[NEW] ACTION: smullan to craft
language on encouraging XPath2 Filter for Best Practices doc
[recorded in http://www.w3.org/2008/12/02-xmlsec-minutes.html#action05]
[NEW] ACTION: tlr to suggest
text re versioning and namespaces for XML Signature [recorded in
http://www.w3.org/2008/12/02-xmlsec-minutes.html#action03]
[End of minutes]