See also: IRC log
<trackbot> Date: 13 October 2009
<tlr> ScribeNick: brich
<tlr> http://lists.w3.org/Archives/Public/public-xmlsec/2009Oct/0020.html
Next meeting is 20 October
<tlr> Scribe next week: Pratik
Next meeting is 27 Oct, then F2F at TPAC
Please register for TPAC, even if not planning to attend
Aldrin joining WG, bio on mailing list
<tlr> http://www.w3.org/2009/10/06-xmlsec-minutes.html
<tlr> action-385?
<trackbot> ACTION-385 -- Frederick Hirsch to implement change in http://lists.w3.org/Archives/Public/public-xmlsec/2009Oct/0007.html , adding "to" before "obtain" -- due 2009-10-13 -- PENDINGREVIEW
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/385
<tlr> action-385 closed
<trackbot> ACTION-385 Implement change in http://lists.w3.org/Archives/Public/public-xmlsec/2009Oct/0007.html , adding "to" before "obtain" closed
<tlr> http://lists.w3.org/Archives/Public/public-xmlsec/2009Oct/0024.html
Please review intended updates
<tlr> http://lists.w3.org/Archives/Public/public-xmlsec/2009Oct/0019.html
<tlr> http://lists.w3.org/Archives/Public/public-xmlsec/2009Oct/0019.html
<tlr> http://lists.w3.org/Archives/Public/public-xmlsec/2009Oct/0023.html
<tlr> RESOLUTION: HT's suggestion on multiple schemas adopted
<tlr> ACTION: thomas to implement suggestion on multiple schemas http://lists.w3.org/Archives/Public/public-xmlsec/2009Oct/0023.html [recorded in http://www.w3.org/2009/10/13-xmlsec-minutes.html#action01]
<trackbot> Created ACTION-396 - Implement suggestion on multiple schemas http://lists.w3.org/Archives/Public/public-xmlsec/2009Oct/0023.html [on Thomas Roessler - due 2009-10-20].
<tlr> issue-142?
<trackbot> ISSUE-142 -- Is a single schema needed for XML Signature 1.1 to validate against, given that we have 2nd edition schema plus 1.1 additional schema -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/142
<tlr> issue-142: action-396 will take care of this
<trackbot> ISSUE-142 Is a single schema needed for XML Signature 1.1 to validate against, given that we have 2nd edition schema plus 1.1 additional schema notes added
<tlr> ISSUE-137?
<trackbot> ISSUE-137 -- Normative reference to DRAFT-HOUSLEY-KW-PAD -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/137
<tlr> ACTION-377?
<trackbot> ACTION-377 -- Brian LaMacchia to edit the reference to RFC-5649 -- due 2009-10-06 -- PENDINGREVIEW
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/377
<tlr> action-377 closed
<trackbot> ACTION-377 Edit the reference to RFC-5649 closed
<tlr> ISSUE-137 closed
<trackbot> ISSUE-137 Normative reference to DRAFT-HOUSLEY-KW-PAD closed
<tlr> issue-91?
<trackbot> ISSUE-91 -- ECC can't be REQUIRED -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/91
Current status is that negotiations continue on this front, hope to conclude these at F2F
<G-Edgar> I agree with this, that they did not raise objections..
Looking for an additional volunteer to review explanation documents
http://www.w3.org/2005/10/Process-20051014/tr#last-call
<tlr> ACTION: gerald to review xml signature 1.1 explain document and errata - due 2009-10-27 [recorded in http://www.w3.org/2009/10/13-xmlsec-minutes.html#action02]
<trackbot> Created ACTION-397 - review xml signature 1.1 explain document and errata [on Gerald Edgar - due 2009-10-27].
<tlr> ACTION: cynthia to review xml encryption 1.1 explain document and errata - due 2009-10-27 [recorded in http://www.w3.org/2009/10/13-xmlsec-minutes.html#action03]
<trackbot> Created ACTION-398 - review xml encryption 1.1 explain document and errata [on Cynthia Martin - due 2009-10-27].
pdatta: asks if interop is on critical path to last call
tlr: replies "no", usually follows last call
No discussion on this topic
<tlr> issue-32?
<trackbot> ISSUE-32 -- Define metadata that needs to be conveyed with signature, e.g. profile information -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/32
<jcruella> thomas, could you put the uri for the interop wiki in the chat?
<tlr> issue-45?
<trackbot> ISSUE-45 -- Multiple or layered signatures -- CLOSED
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/45
gerald: current text of requirements document seems to cover that issue quite well
<tlr> ISSUE-45: taken care of by current text of requirements document
<trackbot> ISSUE-45 Multiple or layered signatures notes added
<tlr> ISSUE-45: why does agenda say it's deferred till 2.0?
<trackbot> ISSUE-45 Multiple or layered signatures notes added
<tlr> issue-45?
<trackbot> ISSUE-45 -- Multiple or layered signatures -- CLOSED
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/45
<tlr> issue-32?
<trackbot> ISSUE-32 -- Define metadata that needs to be conveyed with signature, e.g. profile information -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/32
scantor: not sure how this issue was connected to me, minutes are unclear who originated it
<tlr> - signature properties document introduces profile URI
<tlr> - we're not using that to distinguish between processing models in 2.0, however
<tlr> - current 2.0 design closes this issue
<tlr> scantor: I'm innocent in raising this issue
<tlr> RESOLUTION: ISSUE-32 closed
<tlr> ISSUE-32 closed
<trackbot> ISSUE-32 Define metadata that needs to be conveyed with signature, e.g. profile information closed
<tlr> issue-60
<tlr> issue-60?
<trackbot> ISSUE-60 -- Define requirements for XML Security and EXI usage -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/60
<tlr> action-388?
<trackbot> ACTION-388 -- Gerald Edgar to propose text for requirements for issue-60 -- due 2009-10-13 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/388
gerald: the use of EXI in both
signature and encryption is documented in the EXI
standard
... Best Practices and Security Impacts
<G-Edgar> http://www.w3.org/TR/exi-impacts
gerald: only caveat is that there might be a new MIME type required
thomas: have we reviewed this doc?
gerald: no, don't believe so
<tlr> ACTION: thomas to ask Ed Simon to review /TR/exi-impacts [recorded in http://www.w3.org/2009/10/13-xmlsec-minutes.html#action04]
<trackbot> Created ACTION-399 - Ask Ed Simon to review /TR/exi-impacts [on Thomas Roessler - due 2009-10-20].
gerald: there is also an EXI Best Practices paper, don't currently have link
<tlr> http://www.w3.org/TR/2007/WD-exi-best-practices-20071219/
<tlr> http://www.w3.org/TR/2007/WD-exi-best-practices-20071219/#security
thomas: there is a note that the EXI folks reviewed with us at the 2007 TPAC
<tlr> RESOLUTION: no specific requirements arising out of interaction with EXI, but make sure EXI-impact is reviewed by this group
<tlr> ISSUE-60 closed
<trackbot> ISSUE-60 Define requirements for XML Security and EXI usage closed
<tlr> ACTION-388 closed
<trackbot> ACTION-388 Propose text for requirements for issue-60 closed
<tlr> ISSUE-63?
<trackbot> ISSUE-63 -- Namespace requirements: undeclarations, QNames, use of partial content in new contexts -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/63
<tlr> ACTION-389
<tlr> ACTION-389/
<tlr> ACTION-389?
<trackbot> ACTION-389 -- Gerald Edgar to propose requirements text for issue-63 -- due 2009-10-13 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/389
<tlr> s#ACTION-389/##
<tlr> ACTION-389 continued
<tlr> ISSUE-63: concerns spurious validation errors; see http://www.w3.org/2007/xmlsec/ws/papers/09-lockhart-bea/
<trackbot> ISSUE-63 Namespace requirements: undeclarations, QNames, use of partial content in new contexts notes added
<tlr> ACTION: hal to propose concrete next steps to address ISSUE-63 in 2.0 - due 2009-11-03 [recorded in http://www.w3.org/2009/10/13-xmlsec-minutes.html#action05]
<trackbot> Created ACTION-400 - propose concrete next steps to address ISSUE-63 in 2.0 [on Hal Lockhart - due 2009-11-03].
<tlr> ISSUE-68?
<trackbot> ISSUE-68 -- Enable generic use of randomized hashing -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/68
bal: We talked about this last
week, the WG needs to review, we decided to pass on it for 1.1,
still possible for 2.0
... two papers at the workshop on this, one from IBM, one from
Konrad, may require schema validation changes
thomas: will need someone to pick this up and work it, else would propose it be dropped
<tlr> ACTION: thomas to send note to WG calling for volunteers on randomized hashing [recorded in http://www.w3.org/2009/10/13-xmlsec-minutes.html#action06]
<trackbot> Created ACTION-401 - Send note to WG calling for volunteers on randomized hashing [on Thomas Roessler - due 2009-10-20].
<tlr> ISSUE-131?
<trackbot> ISSUE-131 -- Is semantic equivalence robustness in requirements document -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/131
<tlr> ACTION-391?
<trackbot> ACTION-391 -- Gerald Edgar to see if issue-31 is covered in requirements doc -- due 2009-10-13 -- CLOSED
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/391
<tlr> trackbot, reopen action-391
<trackbot> ACTION-391 See if issue-31 is covered in requirements doc re-opened
<tlr> ACTION-391: is about issue-131
<trackbot> ACTION-391 See if issue-31 is covered in requirements doc notes added
<tlr> action-391?
<trackbot> ACTION-391 -- Gerald Edgar to see if issue-131 is covered in requirements doc -- due 2009-10-13 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/391
<tlr> issue-136?
<trackbot> ISSUE-136 -- Is normalization of prefixes a goal for 2.0 c14n -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/136
thomas: wonder if we actually cover that in the requirements document
<tlr> RESOLUTION: issue-136 implemented in c14n 2.0 draft; needs documentation in requirements document
<tlr> ACTION: frederick to document issue-136 requirement [recorded in http://www.w3.org/2009/10/13-xmlsec-minutes.html#action07]
<trackbot> Created ACTION-402 - Document issue-136 requirement [on Frederick Hirsch - due 2009-10-20].
<tlr> ISSUE-139?
<trackbot> ISSUE-139 -- Need to collect streaming XPath requirements -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/139
thomas: question here was what
useful subset of XPath that we can pull in
... two open pieces - documenting requirements, check in with
XSL WG
<tlr> Michael Kay
thomas: XSL WG will not meet at TPAC, nor will Michael be attending
<tlr> ACTION: thomas to introduce Pratik D, Michael Kay [recorded in http://www.w3.org/2009/10/13-xmlsec-minutes.html#action08]
<trackbot> Created ACTION-403 - Introduce Pratik D, Michael Kay [on Thomas Roessler - due 2009-10-20].
http://lists.w3.org/Archives/Public/public-xmlsec/2009Oct/0015.html
http://lists.w3.org/Archives/Public/public-xmlsec/2009Oct/0016.html
thomas: does anyone have strong feeling about original reasoning?
bal: thought we didn't want DerKeyValue down there
scantor: would prefer it to be in KeyValue
bal: think sean is right, that there is an issue...is an impl of DSig required to have an ASN.1 parser?
<tlr> http://www.w3.org/TR/xmldsig-core/#sec-KeyValue
thomas: has extensible content
model
... why is a particular child to KeyValue mandatory to
implement?
bal: if not defined in the spec,
can't be mandatory to implement
... KeyValue purpose was for bare XML encoding of keys
... extensible for key algorithms, not values
scantor: XML syntax not elegant
bal: how much do we accommodate the ASN.1 community?
thomas: would like to see language added to explain addition of markup for "other stuff", are not adding it to KeyValue
<tlr> ACTION: brian to draft language that codifies history why DERKeyValue is not child of KeyValue (for section 4.4 of xmldsig-core1) [recorded in http://www.w3.org/2009/10/13-xmlsec-minutes.html#action09]
<trackbot> Created ACTION-404 - Draft language that codifies history why DERKeyValue is not child of KeyValue (for section 4.4 of xmldsig-core1) [on Brian LaMacchia - due 2009-10-20].
<tlr> http://lists.w3.org/Archives/Public/public-xmlsec/2009Sep/0006.html
<tlr> ACTION-297?
<trackbot> ACTION-297 -- Konrad Lanz to propose change to 1.1 to address issue-105 -- due 2009-05-20 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/297
<tlr> http://www.w3.org/2008/xmlsec/track/issues/105
thomas: first piece is specifying divisible by 8 (so octets)
<tlr> RESOLUTION: Konrad's proposed erratum accepted
thomas: second piece is errata for 1.0, the output of the last partial octet might be ignored
<tlr> ACTION: thomas to update xml signature 1.0 errata page with proposed text [recorded in http://www.w3.org/2009/10/13-xmlsec-minutes.html#action10]
<trackbot> Created ACTION-405 - Update xml signature 1.0 errata page with proposed text [on Thomas Roessler - due 2009-10-20].
<tlr> ACTION-405: http://lists.w3.org/Archives/Public/public-xmlsec/2009Sep/0006.html
<trackbot> ACTION-405 Update xml signature 1.0 errata page with proposed text notes added
<tlr> ISSUE-124?
<trackbot> ISSUE-124 -- Does w3c support conformance clauses for specification and minimum conformance levels, how to do properly -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/124
<tlr> issue-124 closed
<trackbot> ISSUE-124 Does w3c support conformance clauses for specification and minimum conformance levels, how to do properly closed
<tlr> action-373 closed
<trackbot> ACTION-373 Discuss ISSUE-124 with tlr closed
<tlr> ACTION-380 closed
<trackbot> ACTION-380 See if xmlspec can include strikeouts and inserts markup closed
<tlr> ACTION-384 closed
<trackbot> ACTION-384 Ask xml coordination about use of multiple schemas and validation closed
<tlr> ACTION-385 closed
<trackbot> ACTION-385 Implement change in http://lists.w3.org/Archives/Public/public-xmlsec/2009Oct/0007.html , adding "to" before "obtain" closed
<tlr> ACTION-390?
<trackbot> ACTION-390 -- Frederick Hirsch to consolidate ISSUE-127 and issue-60 -- due 2009-10-13 -- PENDINGREVIEW
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/390
<tlr> ACTION-309 closed
<trackbot> ACTION-309 Create errata for XML Second Edition to remove material from section 9 other than schema, per http://www.w3.org/2009/05/12-xmlsec-minutes.html#item09 closed
<tlr> adjourned