IRC log of xmlsec on 2008-12-09

Timestamps are in UTC.

14:47:20 [RRSAgent]
RRSAgent has joined #xmlsec
14:47:20 [RRSAgent]
logging to http://www.w3.org/2008/12/09-xmlsec-irc
14:47:22 [trackbot]
RRSAgent, make logs member
14:47:22 [Zakim]
Zakim has joined #xmlsec
14:47:24 [trackbot]
Zakim, this will be XMLSEC
14:47:24 [Zakim]
ok, trackbot; I see T&S_XMLSEC()10:00AM scheduled to start in 13 minutes
14:47:25 [trackbot]
Meeting: XML Security Working Group Teleconference
14:47:25 [trackbot]
Date: 09 December 2008
14:51:32 [fhirsch3]
fhirsch3 has joined #xmlsec
14:52:17 [fhirsch3]
zakim, who is here?
14:52:17 [Zakim]
T&S_XMLSEC()10:00AM has not yet started, fhirsch3
14:52:18 [Zakim]
On IRC I see fhirsch3, Zakim, RRSAgent, tlr, trackbot
14:52:55 [fhirsch3]
Chair: Frederick Hirsch
14:57:12 [mullan]
mullan has joined #xmlsec
14:57:47 [tlr]
I'll join slightly late
14:57:53 [CGI165]
CGI165 has joined #xmlsec
14:57:56 [hlockhar]
hlockhar has joined #xmlsec
14:57:57 [csolc]
csolc has joined #xmlsec
14:58:25 [Zakim]
T&S_XMLSEC()10:00AM has now started
14:58:31 [fhirsch3]
Regrets: Scott Cantors, Konrad Lanz
14:58:32 [Zakim]
+ +1.781.993.aaaa
14:59:03 [jwray]
jwray has joined #xmlsec
14:59:09 [magnus]
magnus has joined #xmlsec
14:59:22 [bal]
bal has joined #xmlsec
14:59:48 [pdatta]
pdatta has joined #xmlsec
14:59:59 [Zakim]
+[IBMCambridge]
15:00:19 [Zakim]
+ +1.617.876.aabb
15:00:26 [jwray]
zakim, [IBMCambridge] is jwray
15:00:26 [Zakim]
+jwray; got it
15:00:52 [Zakim]
+[Oracle]
15:01:00 [Zakim]
+ +0468725aacc
15:01:20 [pdatta]
zakim, Oracle is pdatta
15:01:20 [Zakim]
+pdatta; got it
15:01:29 [Zakim]
+Robert_Miller
15:01:31 [Zakim]
+Frederick_Hirsch
15:01:50 [mullan]
zakim, aabb is mullan
15:01:50 [Zakim]
+mullan; got it
15:02:02 [magnus]
zakim, aacc is magnus
15:02:02 [Zakim]
+magnus; got it
15:02:09 [Zakim]
+ +5aadd
15:02:31 [csolc]
zakim, aadd is csolc
15:02:31 [Zakim]
+csolc; got it
15:02:36 [brich]
brich has joined #xmlsec
15:02:41 [Zakim]
+ +1.206.726.aaee
15:02:50 [bal]
zakim, aaee is bal
15:02:52 [Zakim]
+bal; got it
15:03:14 [bal]
zakim, mute me
15:03:14 [Zakim]
bal should now be muted
15:03:51 [hlockhar]
Agenda: http://lists.w3.org/Archives/Public/public-xmlsec/2008Dec/0003.html
15:03:56 [Zakim]
+Ed_Simon
15:04:04 [bhill]
bhill has joined #xmlsec
15:04:19 [esimon2]
esimon2 has joined #xmlsec
15:04:19 [fjh]
fjh has joined #xmlsec
15:04:25 [hlockhar]
Regrets: Konrad, Scott
15:04:28 [Zakim]
+ +1.512.401.aaff
15:04:31 [fjh]
zakim, who is here?
15:04:32 [Zakim]
On the phone I see bal (muted), Ed_Simon, +1.512.401.aaff, +1.781.993.aaaa, jwray, mullan, pdatta, magnus, Robert_Miller, Frederick_Hirsch, csolc
15:04:37 [Zakim]
On IRC I see fjh, esimon2, bhill, brich, pdatta, bal, magnus, jwray, csolc, hlockhar, mullan, Zakim, RRSAgent, tlr, trackbot
15:04:49 [brich]
zakim, aaff is brich
15:04:49 [Zakim]
+ +1.425.373.aagg
15:04:53 [Zakim]
+brich; got it
15:05:11 [fjh]
zakim, aaaa is hal
15:05:19 [Zakim]
+hal; got it
15:05:31 [Zakim]
+ +1.303.229.aahh
15:05:42 [bhill]
zakim aahh is bhill
15:05:49 [hlockhar]
Topic: Administrative
15:05:49 [bhill]
zakim, aahh is bhill
15:05:50 [Zakim]
+bhill; got it
15:05:59 [hlockhar]
Call next week
15:06:10 [tlr]
zakim, call thomas-skype
15:06:10 [Zakim]
ok, tlr; the call is being made
15:06:12 [Zakim]
+Thomas
15:06:14 [hlockhar]
no calls until Jan 6
15:06:46 [hlockhar]
Scribe: hlockhar
15:06:59 [hlockhar]
Topic: Minutes Approval
15:07:09 [rdmiller]
rdmiller has joined #xmlsec
15:07:21 [hlockhar]
Resoution: Minutes from Dec 2 Approved
15:07:44 [hlockhar]
Topic: Editorial Updates
15:08:11 [hlockhar]
All drafts updated last week
15:08:24 [hlockhar]
Best Practices
15:08:25 [GeraldE]
GeraldE has joined #xmlsec
15:08:47 [hlockhar]
also 1.1 editors draft of signature
15:09:13 [hlockhar]
ran a diff against 2nd edition
15:09:29 [hlockhar]
Updated Requirements document
15:09:39 [hlockhar]
Updated Roadmap page on Web
15:10:04 [bal]
zakim, unmute me
15:10:04 [Zakim]
bal should no longer be muted
15:10:28 [esimon2]
I have to drive my son to school -- back in about 25 min; I'll stay logged into chat but will redial in when I return.
15:10:34 [tlr]
zakim, mute me
15:10:34 [Zakim]
sorry, tlr, I do not know which phone connection belongs to you
15:10:38 [tlr]
zakim, I am thomas
15:10:38 [Zakim]
ok, tlr, I now associate you with Thomas
15:10:40 [tlr]
zakim, mute me
15:10:40 [Zakim]
Thomas should now be muted
15:10:42 [Zakim]
-Ed_Simon
15:11:50 [hlockhar]
Topic: Derived Keys
15:12:12 [hlockhar]
cannot be part of 1.1
15:12:43 [hlockhar]
magnus: will be added to future document
15:13:13 [hlockhar]
cannot extend same namespace
15:14:22 [hlockhar]
Resolution: Produce a seperate document for derived keys
15:14:45 [tlr]
zakim, unmute me
15:14:45 [Zakim]
Thomas should no longer be muted
15:15:09 [hlockhar]
bruce: where are we going with this, will it be optional?
15:15:26 [hlockhar]
... seems to make life more complicated rather than less
15:15:33 [tlr]
zakim, mute me
15:15:33 [Zakim]
Thomas should now be muted
15:15:59 [hlockhar]
... getting pushback about why we are doing it?
15:16:55 [bal]
zakim, mute me
15:16:55 [Zakim]
bal should now be muted
15:17:12 [Zakim]
+[Microsoft]
15:17:34 [brich]
why push forward on a separate spec for derived keys? where are we going with this?
15:18:04 [hlockhar]
magnus: there is a need for more general capabilities
15:18:19 [hlockhar]
... available outside of WS-*
15:18:43 [kyiu]
kyiu has joined #xmlsec
15:18:58 [fhirsch3]
fhirsch3 has joined #xmlsec
15:19:05 [fhirsch3]
zakim, who is here?
15:19:05 [Zakim]
On the phone I see bal (muted), brich, +1.425.373.aagg, bhill, Thomas (muted), [Microsoft], hal, jwray, mullan, pdatta, magnus, Robert_Miller, Frederick_Hirsch, csolc
15:19:08 [Zakim]
On IRC I see fhirsch3, kyiu, GeraldE, rdmiller, esimon2, bhill, brich, pdatta, bal, magnus, jwray, csolc, hlockhar, mullan, Zakim, RRSAgent, tlr, trackbot
15:19:19 [hlockhar]
brich: our users satisfied with WS-* solution
15:19:26 [brich]
it seems like it would be separate so it can be used in a number of places, but what might they be?
15:19:42 [fhirsch3]
zakim, Microsoft is kyiu
15:19:42 [Zakim]
+kyiu; got it
15:19:59 [brich]
if this is only going to be a 2.0 item, then why separate it out?
15:20:56 [hlockhar]
fjh: need a proposal from magnus, can deal with packaging later
15:21:19 [hlockhar]
... decide later, 1.1 vs. 2.0, optional vs. necessary
15:21:33 [hlockhar]
brich: wanted to raise the concern
15:22:36 [hlockhar]
fhirsch: once we have a proposal we can decide how to deal with it
15:22:54 [hlockhar]
magnus: don't want to work on it if we are not going to do it
15:24:00 [tlr]
zakim, unmute me
15:24:00 [Zakim]
Thomas should no longer be muted
15:24:02 [hlockhar]
magnus: would be ok with it being optional in 1.1
15:25:08 [tlr]
zakim, mute me
15:25:08 [Zakim]
Thomas should now be muted
15:25:21 [tlr]
tlr: a separate spec would lead to RF Commitments that an optional feature in the base spec wouldn't
15:26:13 [hlockhar]
possible approach would be optional in 1.1 and mandatory in 2.0
15:26:52 [anil]
anil has joined #xmlsec
15:27:10 [GeraldE]
Zakim, +1.425.373.aagg is GeraldE
15:27:10 [Zakim]
+GeraldE; got it
15:27:28 [anil]
zakim, code?
15:27:28 [Zakim]
the conference code is 965732 (tel:+1.617.761.6200 tel:+33.4.89.06.34.99 tel:+44.117.370.6152), anil
15:28:10 [bal]
zakim, unmute me
15:28:10 [Zakim]
bal should no longer be muted
15:28:12 [hlockhar]
Topic: DSA with SHA1
15:28:21 [Zakim]
+ +1.708.524.aaii
15:28:27 [anil]
zakim, aaii is anil
15:28:27 [Zakim]
+anil; got it
15:28:32 [anil]
zakim, mute me
15:28:32 [Zakim]
anil should now be muted
15:29:03 [hlockhar]
Brian was to provide text on DSA with SHA1
15:29:28 [bal]
i have an action on me to draft some text for this
15:29:47 [bal]
my sense of the call from the last meeting was that we should make DSAwithSHA1
15:29:57 [hlockhar]
Topic: HMAC SHA1
15:30:53 [bal]
optional for signature generation, recommended for signature verification, and add implementation notes saying something tot he efect of "if you expect to interop with xmldsig 1.0 and 1.0 2nd ed you should support dsawithsha1 for verification for interop"
15:31:00 [hlockhar]
Kelvin: we don't ahve to require HMAC SHA256
15:31:42 [hlockhar]
Close issue 74 can be closed with no action
15:32:16 [hlockhar]
Topic: Requirements
15:32:44 [hlockhar]
fhirsh: do we have streaming reqs complete?
15:33:06 [hlockhar]
pdata: need to add more, want to look at it again
15:33:24 [hlockhar]
fhirsh: everybody please comment
15:33:44 [hlockhar]
... is text on Transforms correct?
15:34:01 [hlockhar]
pdata: reqs section and design section
15:34:17 [hlockhar]
... reqs are ok, want to flesh out design portion more
15:34:43 [hlockhar]
... since we are making a breaking change, can make a bigger change
15:34:56 [hlockhar]
.. can do without Transforms entirely
15:35:21 [hlockhar]
... can get a nonsensical set of Transforms
15:35:36 [hlockhar]
... have a proposal for a more constrained approach
15:36:12 [Zakim]
+Ed_Simon
15:36:15 [hlockhar]
fhirsh: I know Konrad has concerns, but I understand your idea
15:37:27 [hlockhar]
pdata: one problem with transform chain is hard to determine what is signed
15:37:41 [hlockhar]
... signature occurs in the middle of the chain
15:38:18 [hlockhar]
... need to declar what is being signed
15:38:54 [hlockhar]
... also want to identify the type of data being signed
15:38:55 [fhirsch3]
fhirsch3 has joined #xmlsec
15:40:11 [fhirsch3]
zakim, mute me
15:40:11 [Zakim]
sorry, fhirsch3, I do not know which phone connection belongs to you
15:40:36 [mullan]
q+
15:40:55 [fhirsch3]
http://lists.w3.org/Archives/Public/public-xmlsec/2008Dec/0008.html
15:41:12 [fhirsch3]
sean follow up http://lists.w3.org/Archives/Public/public-xmlsec/2008Dec/0009.html
15:44:01 [hlockhar]
pdata: binary types only allow byte range selection, not general transforms
15:44:17 [bhill]
bhill has joined #xmlsec
15:44:35 [hlockhar]
... added types defined in other specs, for example WS-attachements
15:45:35 [bhill]
+queue
15:45:56 [brich]
...also mentioned SWA - Soap With Attachments
15:46:00 [hlockhar]
... define some actions as text properties
15:46:00 [tlr]
ack mullan
15:46:34 [hlockhar]
sean: said you are not proposing syntax, what is the proposal?
15:47:02 [hlockhar]
pdata: actually this is a limited form of XPath filter 2
15:47:17 [hlockhar]
... current aapproach is declaritive
15:47:38 [hlockhar]
... s/declaritive/procedural/
15:47:57 [hlockhar]
... need declaritive approach
15:48:21 [hlockhar]
... suggesting a syntax that does not have transforms
15:48:33 [hlockhar]
q+
15:48:35 [bhill]
bhill is on the queue
15:48:44 [hlockhar]
q-
15:48:53 [esimon2]
+1 to pdatta
15:49:10 [hlockhar]
fhirsh: like approach, nore controlled
15:49:25 [tlr]
q?
15:49:28 [tlr]
ack bhil
15:49:40 [hlockhar]
bhill: like the declaritive approach
15:50:00 [hlockhar]
... concerned about ability to handle different data types
15:50:14 [hlockhar]
... harder and harder as more types are defined
15:51:08 [hlockhar]
... can avoid this by constraining processor to emit text to be hashed
15:51:34 [bhill]
the multiple parser problem is fundamental
15:51:49 [bhill]
to say "what is signed" requires the application to recapitulate the logic of the signature processor
15:52:16 [bhill]
this is difficult to guarantee fidelity even for very simple cases, and becomes more and more so as additional types are added
15:52:58 [bhill]
I would suggest that rather than implying "what is signed" the approach of having the signature processor provide a cached retrieval of the exact material used to calculate the digest
15:53:14 [bhill]
and constrain those outputs to either XML nodes or binary
15:53:34 [bhill]
is the preferred one
15:54:41 [mullan]
q+
15:55:52 [hlockhar]
mullen: is there is large benefit to making the change if there are transforms that are equivalent
15:55:58 [Zakim]
-magnus
15:56:39 [mullan]
ack mullan
15:58:16 [Zakim]
+magnus
15:59:59 [hlockhar]
bhill: can declare a type that uses a known style sheet
16:00:30 [hlockhar]
... does application try to detemine what was signed?
16:00:41 [bhill]
clarification:
16:00:52 [bhill]
my issue is with the description as "what is signed"
16:01:06 [bhill]
this invites the relying application to attempt to make this determination itself
16:01:23 [bhill]
re-doing the logic the signature processor has just done, possibly inaccurately
16:01:41 [Zakim]
-anil
16:02:07 [hlockhar]
Action to Pratik to write up more detailed proposal
16:02:07 [trackbot]
Sorry, couldn't find user - to
16:02:17 [bal]
zakim, unmute me
16:02:17 [Zakim]
bal should no longer be muted
16:02:27 [bhill]
I think the preferred pattern should always look like "cached reference retrieval" in the draft best practices
16:02:27 [tlr]
ACTION: pratik to write up more detailed proposal in time for workshop
16:02:27 [trackbot]
Created ACTION-122 - Write up more detailed proposal in time for workshop [on Pratik Datta - due 2008-12-16].
16:02:43 [tlr]
ACTION-122: s/workshop/January face-to-face/
16:02:43 [trackbot]
ACTION-122 Write up more detailed proposal in time for workshop notes added
16:02:56 [bhill]
where the relying application always gets the exact nodeset or binary octets that went in to the digester
16:03:18 [bhill]
and doesn't have to know anything about the syntax and processing rules of XMLDSIG, regardless of whether they be procedural or declarative
16:03:37 [hlockhar]
fhirsh: would like discussion at F2F
16:04:05 [hlockhar]
... want to adress Konrad's concerns also
16:04:42 [Zakim]
-kyiu
16:06:08 [tlr]
zakim, who is muted?
16:06:08 [Zakim]
I see Thomas muted
16:06:11 [hlockhar]
Topic: Long Term Signatures
16:06:47 [hlockhar]
fhirsh: I think we should add Juan Carlos material on long term sigs to Requirements Document
16:07:11 [hlockhar]
Resolution: add Juan Carlos material on long term sigs to Requirements Document
16:07:42 [hlockhar]
Action: fhirsh to add Juan Carlos material on long term sigs to Requirements Document
16:07:42 [trackbot]
Sorry, couldn't find user - fhirsh
16:08:16 [tlr]
ACTION: fhirsch to add Juan Carlos material on long term sigs to Requirements Document
16:08:16 [trackbot]
Sorry, couldn't find user - fhirsch
16:08:33 [tlr]
ACTION: frederick to add Juan Carlos material on long term sigs to Requirements Document
16:08:35 [trackbot]
Created ACTION-123 - Add Juan Carlos material on long term sigs to Requirements Document [on Frederick Hirsch - due 2008-12-16].
16:08:42 [hlockhar]
Topic: Issue 38 Requirement for non-XML canonicalization?
16:09:13 [Zakim]
+anil
16:09:22 [anil]
zakim, mute me
16:09:22 [Zakim]
anil should now be muted
16:09:23 [tlr]
ISSUE-38
16:09:29 [tlr]
ISSUE-38?
16:09:30 [trackbot]
ISSUE-38 -- Profile for signature processing for non-XML or for constrained XML requirements -- OPEN
16:09:30 [trackbot]
http://www.w3.org/2008/xmlsec/track/issues/38
16:11:41 [hlockhar]
brich: Pratik's proposal could cover this, perhaps current spec allows it as well
16:12:02 [tlr]
zakim, who is making noise?
16:12:13 [Zakim]
tlr, listening for 10 seconds I could not identify any sounds
16:12:14 [tlr]
zakim, unmute me
16:12:14 [Zakim]
Thomas should no longer be muted
16:12:56 [Zakim]
-Frederick_Hirsch
16:14:46 [tlr]
Topic: ISSUE-56
16:14:49 [tlr]
ISSUE-56?
16:14:49 [trackbot]
ISSUE-56 -- Add references related to timestamping -- OPEN
16:14:49 [trackbot]
http://www.w3.org/2008/xmlsec/track/issues/56
16:15:16 [Zakim]
-anil
16:15:34 [Zakim]
+Frederick_Hirsch
16:15:44 [tlr]
ScribeNick: tlr
16:15:55 [tlr]
Hal: Question is whether or not ?? actually happened
16:16:24 [tlr]
hal, I suggest you take the chair for the moment
16:16:40 [tlr]
frederick: being chased away from hotel by police
16:16:57 [tlr]
Hal: issue-56, suggest we put this aside since critical parties aren't here
16:17:04 [tlr]
hal: who's editing?
16:17:08 [tlr]
frederick: myself, pratik, ...
16:17:23 [tlr]
hal: do you know what is to be put in? If you know, then I suggest action
16:17:28 [tlr]
frederick: double check
16:17:50 [tlr]
... need to check what actually needs to be done
16:18:02 [hlockhar]
Action: fredrick to check with Juan Carlos on timestamp references
16:18:02 [trackbot]
Sorry, couldn't find user - fredrick
16:18:21 [tlr]
ACTION: frederick to follow up with Juan Carlos on ISSUE-56
16:18:21 [trackbot]
Created ACTION-124 - Follow up with Juan Carlos on ISSUE-56 [on Frederick Hirsch - due 2008-12-16].
16:18:31 [tlr]
close ACTION-94
16:18:32 [trackbot]
ACTION-94 Provide draft note on new algorithms for 1.1 closed
16:18:32 [tlr]
close ACTION-111
16:18:32 [trackbot]
ACTION-111 Add default attribute language to Best Practices doc closed
16:18:34 [tlr]
close ACTION-116
16:18:34 [trackbot]
ACTION-116 Add approved certificate encoding text to drafts closed
16:18:38 [tlr]
close ACTION-118
16:18:38 [trackbot]
ACTION-118 Add web services text from Hal to Requirements draft closed
16:18:40 [tlr]
close ACTION-119
16:18:41 [trackbot]
ACTION-119 Add pointer to Transforms note to Requirements draft closed
16:18:44 [tlr]
close ACTION-120
16:18:46 [trackbot]
ACTION-120 Review SP 800-57 for HMAC-SHA256 item closed
16:19:24 [tlr]
frederick: would like to get list down to manageable, small list before face-to-face. Please create material
16:19:31 [tlr]
hal: prefer material early!
16:19:32 [tlr]
+1
16:19:52 [tlr]
frederick: please review issues list as well
16:20:01 [Zakim]
-csolc
16:20:28 [tlr]
frederick: suggest adjourning
16:20:31 [tlr]
Next meeting: next week
16:20:35 [tlr]
rrsagent, draft minutes
16:20:35 [RRSAgent]
I have made the request to generate http://www.w3.org/2008/12/09-xmlsec-minutes.html tlr
16:20:35 [Zakim]
-mullan
16:20:35 [Zakim]
-bhill
16:20:36 [Zakim]
-GeraldE
16:20:38 [Zakim]
-brich
16:20:43 [Zakim]
-hal
16:20:47 [Zakim]
-Frederick_Hirsch
16:20:50 [Zakim]
-jwray
16:20:56 [Zakim]
-pdatta
16:20:58 [Zakim]
-Ed_Simon
16:21:00 [Zakim]
-magnus
16:21:04 [Zakim]
-Thomas
16:21:11 [Zakim]
-Robert_Miller
16:21:19 [Zakim]
-bal
16:21:21 [Zakim]
T&S_XMLSEC()10:00AM has ended
16:21:22 [Zakim]
Attendees were +1.781.993.aaaa, +1.617.876.aabb, jwray, +0468725aacc, pdatta, Robert_Miller, Frederick_Hirsch, mullan, magnus, +5aadd, csolc, +1.206.726.aaee, bal, Ed_Simon,
16:21:25 [Zakim]
... +1.512.401.aaff, brich, hal, +1.303.229.aahh, bhill, Thomas, kyiu, GeraldE, +1.708.524.aaii, anil
16:26:59 [GeraldE]
GeraldE has left #xmlsec
16:40:22 [anil]
anil has left #xmlsec
18:34:53 [Zakim]
Zakim has left #xmlsec