See also: IRC log
<trackbot> Date: 08 September 2009
fjh: propose we cancel next week. Sep 15
RESOLUTION: Sep 15 call canceled
<fjh> XML Security Thursday and Friday 5-6 November as originally planned.
fjh: TPAC questionaire, please respond
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2009Aug/0002.html
fjh: if you're attending in person,
complete TPAC registration
... price rising soon
<fjh> http://www.w3.org/2009/09/01-xmlsec-minutes.html
RESOLUTION: Sep 1 minutes approved
fjh: updated best practices per last week's call
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2009Sep/0001.html
fjh: also updated implementations list in wiki, with draft disclaimer
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2009Sep/0004.html
fjh: pdatta sent proposal on XPath streamable subset
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2009Sep/0003.html
<fjh> http://www.w3.org/2008/xmlsec/Drafts/proposals/Streamable-XPath-subset.html
<fjh> Kelvin to take minutes 22 Sept
pdatta: responding to comment that we need a clearly defined XPath subset for the 2.0 draft
pdatta: took original XPath grammar
rules and examined each one for need
... needs review by XPath experts and implementers to make sure
it's the right subset
esimon2: relates to work he's been doing, will be reviewing
still needs review
<fjh> http://www.w3.org/2008/xmlsec/Drafts/proposals/Streamable-XPath-subset.html
pdatta: email is easier to review
in HTML form
... starts by defining top level included/excluded paths for use
by new spec
... only allows element selection
... only allows absolute paths, not relative
<fjh> scott notes that grammar does not express that elements versus attribute distinction
<fjh> pratik notes would need duplication of many rules
<fjh> should be clear of what is not expressed in grammar as note associated with the grammar
<esimon2> It seems to me that a transform that results in a single text node should be supported. For example, an app stores binary data as base64 in an XML element and wants to hash (on signing and validation) the original raw binary. On validation, use XPath to select the text, then feed that to the base64-decoding before hashing.
pdatta: made change to ensure only the last step can have a predicate
<fjh> pratik notes only last step since do not remember attributes for earlier steps
pdatta: modified grammar to constrain predicate possibilities
<bal> +q
pdatta: removed non-streamable axes
bal: do predicate rules prevent use of numeric/indexed access?
pdatta: claims this complicates streaming
<klanz> proactively evaluating the xpath ... i.e. seting the counter depending on the xpath
bal: doesn't look ahead solve this?
<esimon2> +1 to bal
<klanz> foo[9] instantiates a counter called foo
<esimon2> (an emphatic +1)
<fjh> bal notes counters used alot and can be look ahead case, so why not include
<klanz> isn't there always some trade-off what context is built up during streaming ?
<klanz> i.e. ancestral context is not necessarily expensive
<fjh> bal notes need to process the xpath express in advance then can process in streaming manner, using positions on all items
<fjh> bal notes "last" function not necessarily needed
<fjh> scott asks if there is a analysis of what is streamable
<klanz> http://www.cs.umd.edu/projects/xsq/
<klanz> http://www.cs.indiana.edu/~welu/c14n_hpdc05.pdf
<klanz> http://portal.acm.org/citation.cfm?id=872809&dl=GUIDE
<klanz> http://portal.acm.org/citation.cfm?doid=1071610.1071617
<klanz> Something from IBM in 2003 ... http://domino.research.ibm.com/comm/research_people.nsf/pages/mrm.pubs.html/$FILE/icde2003.pdf
<klanz> Charles Barton, Philippe Charles
<klanz> Deepak Goyal, Mukund Raghavachari
<klanz> IBM T.J. Watson Research Center
<klanz> Marcus Fontoura, Vanja Josifovski
<klanz> IBM Almaden Research Center
<klanz> http://www.research.ibm.com/xj/pubs/icde.pdf
<klanz> Some more experts might be found here ...
<klanz> http://spex.sourceforge.net/
<klanz> http://portal.acm.org/citation.cfm?id=1247512
esimon2: bothered by removing namespace axis
pdatta: we allow namespace
qualified names
... it's the ability to include/exclude namespace declarations
that we're tossing
esimon2: questions problem with handling ancestor axis while streaming
<fjh> ack klanz
klanz: notes various streaming implementations, take different approaches
<esimon2> To clarify, I was wondering why the ancestor axis needs to be removed. If a streaming XPath processor can scan the input XPath before processing, can it not keep track of just those ancestors that would be relevant to successfully processing the XPath?
klanz: should demonstrate we did due diligence on this
pdatta: people have asked for positional access, ancestor axis
ISSUE: Need to collect streaming XPath requirements
<trackbot> Created ISSUE-139 - Need to collect streaming XPath requirements ; please complete additional details at http://www.w3.org/2008/xmlsec/track/issues/139/edit .
<fjh> issue-139: positional access
<trackbot> ISSUE-139 Need to collect streaming XPath requirements notes added
ISSUE-139: ancestor axis
<trackbot> ISSUE-139 Need to collect streaming XPath requirements notes added
pdatta: back to email, notes that
node testing has been modified to limit use
... has removed rules for allowing full XPath inside
predicate
... inside predicate, disallowed union of XPaths, only allow
primary expressions or simple attribute value tests
pdatta: allow most nodeset functions, but disallow a few related to position, especially last
<esimon2> *I have to leave now for a meeting.
fjh: asked about id function
pdatta: disallowing functions that require a full nodeset
<fjh> can use id in reference
<fjh> konrad notes cannot guarantee ids are unique with respect with what has already been seen
pdatta: reviewing examples of
what's streamable and not
... discussed reason for disallowing element text value
predicates
... could allow this if we limit implementation requirements for
size of content
<fjh> scott asks, references are absolute with respect to portion of document selected by ds:Reference?
<fjh> pratik indicates that makes sense
<fjh> scott or always document root
<fjh> issue: clarify how XPath is interpreted relative to entire document and ds:Reference
<trackbot> Created ISSUE-140 - Clarify how XPath is interpreted relative to entire document and ds:Reference ; please complete additional details at http://www.w3.org/2008/xmlsec/track/issues/140/edit .
klanz: may be worth reaching out to other implementors for thoughts
<fjh> sounds like an action item we should record
<fjh> ACTION: pratik get feedback from implementers on XPath approach [recorded in http://www.w3.org/2009/09/08-xmlsec-minutes.html#action01]
<trackbot> Created ACTION-364 - Get feedback from implementers on XPath approach [on Pratik Datta - due 2009-09-15].
<fjh> discussed using tools to check grammar
<fjh> does anyone in WG have streaming xpath implementation
<csolc> sorry I don't have anything available
<scantor> suggest an extension point in Transform to define what the selection grammar is
<scribe> ACTION: scantor: Propose extension point for include/exclude grammar in 2.0 draft [recorded in http://www.w3.org/2009/09/08-xmlsec-minutes.html#action03]
<trackbot> Created ACTION-365 - Propose extension point for include/exclude grammar in 2.0 draft [on Scott Cantor - due 2009-09-15].
klanz: still evaluating solutions
<Gerald-e> Randomized hashing is related to Issue-68
klanz: only outstanding issue is
whether salt can/should be reused
... could write up 2 proposals, and then get rid of one
<Gerald-e> Issue-68 is "Enable generic use of randomized hashing"
klanz: don't think we need to tie this to 1.1 release
<fjh> http://www.w3.org/2008/xmlsec/track/actions/open
klanz: will review open actions
<klanz> I'm doing now
fjh: asks Hal about BSP activity
hlockhar: will check
<fjh> issue-9?
<trackbot> ISSUE-9 -- Review WS-I BSP constraints on DSig -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/9
<fjh> related to KeyInfo
<fjh> for 2.0, issue with new namespace, or new child elements to fix existing ones etc
<fjh> issue-116?
<trackbot> ISSUE-116 -- C14N clarification and errata as noted by Konrad wrt ACTION-259 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/116
<fjh> issue-116: errata proposed, action completed
<trackbot> ISSUE-116 C14N clarification and errata as noted by Konrad wrt ACTION-259 notes added
<fjh> issue-116 closed
<trackbot> ISSUE-116 C14N clarification and errata as noted by Konrad wrt ACTION-259 closed
<fjh> issue-98?
<trackbot> ISSUE-98 -- Reference format needs to be unified -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/98
<fjh> issue-98: addressed in 2.0 draft
<trackbot> ISSUE-98 Reference format needs to be unified notes added
<fjh> issue-98 closed
<trackbot> ISSUE-98 Reference format needs to be unified closed
<fjh> issue-91?
<trackbot> ISSUE-91 -- ECC can't be REQUIRED -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/91
<fjh> issue-138?
<trackbot> ISSUE-138 -- What interoperability and security issues arise out of schema validation behavior? -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/138
fjh: none
... not meeting for two weeks, time to review and complete
actions
<klanz> Updated the notes of http://www.w3.org/2008/xmlsec/track/actions/257 http://www.w3.org/2008/xmlsec/track/actions/297
[NEW]
ACTION: pratik get feedback from implementers on
XPath approach [recorded in http://www.w3.org/2009/09/08-xmlsec-minutes.html#action01]
[NEW] ACTION: Propose extension
point for include/exclude grammar in 2.0 draft [recorded in
http://www.w3.org/2009/09/08-xmlsec-minutes.html#action02]
[NEW] ACTION: scantor: Propose
extension point for include/exclude grammar in 2.0 draft
[recorded in http://www.w3.org/2009/09/08-xmlsec-minutes.html#action03]
[End of minutes]