W3C

XML Security Working Group Teleconference

26 Jan 2010

Agenda

See also: IRC log

Attendees

Present
Frederick, Hirsch, ThomasRoessler, Hal_Lockhart, Chris_Solc, Sean_Mullan, Pratik_Datta, Scott_Cantor, Bruce_Rich, Juan_Carlos_Cruellas, Shivaram_Mysore, GeraldEdgar, Gerald_Edgar, Cynthia_Martin, Brian_LaMacchia
Regrets
Ed, Simon
Chair
Frederick Hirsch
Scribe
ChrisSolc

Contents


<trackbot> Date: 26 January 2010

<tlr> ScribeNick: tlr

<scribe> ScribeNick: csolc

<tlr> Scribe: ChrisSolc

Administrative

<fjh> Note on testable conformance clauses

<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0104.html

Minutes Approval

<fjh> Approve 19 January minutes

<fjh> http://www.w3.org/2010/01/19-xmlsec-minutes.html

RESOLUTION: Approve 19 January minutes approved

Editorial Updates

<fjh> XML Signature 1.1, XML Signature Properties, XML Encryption 1.1

<fjh> Moved RNG schema material to separate draft, reference that draft

<fjh> "XML Security RELAXNG Schemas"

http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0122.html

<fjh> http://www.w3.org/2008/xmlsec/Drafts/xmlsec-rngschema/Overview.html

<fjh> Non-normative RELAXNG schema [RELAXNG-SCHEMA] information is

<fjh> available in a separate document [XMLSEC-RELAXNG]

<fjh> Proposed Resolution: Agree to moving RNG schema to separate draft for

<fjh> all documents

<Cynthia> Agree, move to separate draft

RESOLUTION: Agreed to moving RNG schema to separate draft for all documents

http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0115.html

<fjh> Makoto updated RNC schema, http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0115.html

<fjh> scott noted that one issue was whether elements could be reused, suggested they could

<fjh> scott noted some schema had lax some strict

<fjh> scott noted process contents

<tlr> indeed, it's obvious for KeyInfo

bal: you can reuse elements in other contexts.

scott: can I reuse the xpath element in other context

bal: yes

fjh: thinks the lax vs strict issues was just an oversite

<fjh> bal asks if strict/lax issue was introduced with 2nd edition

scott: prossess contents doesn't have the same interop issues

<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0120.html

<fjh> how should we deal with this, if at all

scott: can we do anything because it already in the schema

<fjh> issue: Why isn't processContents="lax" specified for <xsd:any>

<trackbot> Created ISSUE-185 - Why isn't processContents="lax" specified for <xsd:any> ; please complete additional details at http://www.w3.org/2008/xmlsec/track/issues/185/edit .

<fjh> within the dcl of CanonicalizationMethodType and that of SignatureMethodType?

scott: if we make things less strick means existing signatures will continue to validate
... however the converse is also true, may produce signatures that may not validate in older processors.

<Zakim> Thomas, you wanted to wonder whether there's a real problem ehre

tlr: are we allowed to make changes to the 1.0 schema?
... if we want to change it, do we know of test cases that wouldn't validate
... may have signatures that actually sign the xml signature schema

<fjh> scott notes should be using local schema copy, modified locally if needed

scott: don't know if it has any impact on the RNG schema.

tlr: would lean to leaving the xsd schema alone and change the RNG schema

fjh: should we put a not in the doc that lax is ok

<tlr> +1 to punting this issue to the other note

<fjh> could put note in RNG schema note

tlr: not sure if anything is actually broken, the change in the schema may make some groups easier yet harder for others.

<fjh> proposed resolution: Resolve ISSUE-185 with no change to XSD schema or XML Signature 1.1, but possible explanation in RNG Schemas docuemnt

RESOLUTION: Resolve ISSUE-185 with no change to XSD schema or XML Signature 1.1, but possible explanation in RNG Schemas document

<fjh> XML Encryption 1.1 and XML Signature 2.0 editorial updates noted in agenda

XML Signature 1.1 and XML Signature Properties Last Call

<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0123.html

Call for Consensus: http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0123.html

<fjh> issue-91?

<trackbot> ISSUE-91 -- ECC can't be REQUIRED -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/issues/91

<fjh> Can flag ECC mandatory as at risk entering CR, could go to Optional at end of CR.

<fjh> Definition of CR exit criteria can include number of objections by implementors for example

<tlr> > This Last Call Working Draft includes the ECDSAwithSHA256 signature algorithm, which is ECDSA over the P-256 prime curve specified in Section D.2.3 of FIPS 186-3 [[FIPS186-3]] (and using the SHA-256 hash algorithm) as a mandatory to implement algorithm. The Working Group may request <a href="http://www.w3.org/2005/10/Process-20051014/tr.html#cfi">transition to Candidate Recommendation</a> with this feature marked as "at risk". If issues about deployment of this

<tlr> feature are raised during Candidate Recommendation, the group would likely make this feature optional.

<fhirsch> http://lists.w3.org/Archives/Member/member-xmlsec/2010Jan/0008.html

<fjh> text above for sotd

<fjh> also change ECC note to say "Feature is at Risk when entering CR, if issues about deployment of this eature are raised during Candidate Recommendation, the group would likely make this feature optional."

brich: normally this is reserved for things that there is lack of implementation experience

<Gerald-E> it may be that not many people have this implementation - because of IPR issues

<Gerald-E> only commercial companies with licences would have implementations, limiting the implementations available

tlr: can go from CR back to last call.

<fjh> tlr notes or could go from last call to another last call

fjh: whe should have more info when we exit last call.

<fjh> we say in sotd what we plan so we should be ok with this now

<fjh> issue-179?

<trackbot> ISSUE-179 -- Update ECC warning for last call -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/issues/179

<Cynthia> I believe marking it "at risk" gives us the time we need, go forward with recommendation from Thomda

<fhirsch> http://lists.w3.org/Archives/Member/member-xmlsec/2010Jan/0008.html

<Gerald-E> +1

<fhirsch> proposed resolution: resolve ISSUE-179 with text proposed in http://lists.w3.org/Archives/Member/member-xmlsec/2010Jan/0008.html, adding to note in body of document that if issues about deployment of this eature are raised during Candidate Recommendation, the group would likely make this ffeature optional.

<fjh> proposal - change "would likely" to "might elect to"

<bal> i like this wording change

<Cynthia> I like it also, use the new wording

RESOLUTION: resolve ISSUE-179 with text proposed in http://lists.w3.org/Archives/Member/member-xmlsec/2010Jan/0008.html, adding to note in body of document that if issues about deployment of this feature are raised during Candidate Recommendation, the group may elect to make this feature optional.

<fhirsch> same sentence changed in sotd as well

<bal> adding to note in body of document that if issues about deployment of this eature are raised during Candidate Recommendation, the group may elect to make this feature optional.

<Gerald-E> for RIM to join woujld make this much easier

<fhirsch> ACTION: tlr to update sotd and note in document with change for ISSUE-179 [recorded in http://www.w3.org/2010/01/26-xmlsec-minutes.html#action01]

<trackbot> Created ACTION-506 - Update sotd and note in document with change for ISSUE-179 [on Thomas Roessler - due 2010-02-02].

fjh: when are we going to publish

<fhirsch> issue-172?

<trackbot> ISSUE-172 -- Acknowledge WG in Signature Properties -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/issues/172

<fhirsch> plan to adopt text from signature re 1.1 WG

Proposed resolution: The XML Security WG agrees that XML Signature 1.1 and XML Signature Properties should enter Last Call for a six week last call period. The WG believes the only open issue is ISSUE-91, a non-technical issue that should not delay entering Last Call.

<tlr> The remaining open issue is ISSUE-91. The WG has outlined a process to handle this issue during Candidate Recommendation, and therefore does not wish to delay entering Last Call for it.

RESOLUTION: The XML Security WG agrees that XML Signature 1.1 and XML Signature Properties should enter Last Call for a six week last call period. The remaining open issue is ISSUE-91. The WG has outlined a process to handle this issue during Candidate Recommendation, and therefore does not wish to delay entering Last Call for it.

Additional Publications

Proposed Resolution: The WG agrees to publish a FPWD of XML Security RELAXNG Schemas draft" http://www.w3.org/2008/xmlsec/Drafts/xmlsec-rngschema/Overview.html

RESOLUTION: The WG agrees to publish a FPWD of XML Security RELAXNG Schemas draft" http://www.w3.org/2008/xmlsec/Drafts/xmlsec-rngschema/Overview.html

<fjh> issue-171?

<trackbot> ISSUE-171 -- Review references in XML Security 1.1 requirements and XML Security 2.0 requirements -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/issues/171

Proposed Resolution: The WG agrees to publish an updated WD of XML Security 1.1 Requirements and Design Considerations http://www.w3.org/2008/xmlsec/Drafts/xmlsec-reqs/Overview.html

RESOLUTION: The WG agrees to publish an updated WD of XML Security 1.1 Requirements and Design Considerations http://www.w3.org/2008/xmlsec/Drafts/xmlsec-reqs/Overview.html

<fjh> shortname - xmlsec-reqs2

Proposed Resolution: The WG agrees to publish an updated WD of XML Security 2.0 Requirements and Design Considerations http://www.w3.org/2008/xmlsec/Drafts/transform-note/Overview.html

<fjh> Proposed Resolution: The WG agrees to publish a FPWD of XML

<fjh> Security 2.0 Requirements and Design Considerations, with shortname xmlsec-reqs2, noting in sotd that based on earlier transform simplification document

<tlr> +1

<fjh> Proposed Resolution: The WG agrees to publish an updated WD of the Algorithms Cross Reference

RESOLUTION: The WG agrees to publish a FPWD of XML Security 2.0 Requirements and Design Considerations, with shortname xmlsec-reqs2, noting in sotd that based on earlier transform simplification document

<fjh> Proposed Resolution: The WG agrees to publish an updated WD of the Algorithms Cross Reference after edited by TLR with call for objections on mailing list

<fjh> Proposed Resolution: The WG agrees to publish an updated WD of XML

<fjh> Signature Best Practices

RESOLUTION: The WG agrees to publish an updated WD of the Algorithms Cross Reference after edited by TLR with call for objections on mailing list15

<Cynthia> You are correct.

RESOLUTION: The WG agrees to publish an updated WD of XML Signature Best Practices http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/

XML Encryption 1.1, Generic Hybrid Ciphers

<fjh> action-500?

<trackbot> ACTION-500 -- Thomas Roessler to update namespace section in Encryption 1.1 -- due 2010-01-26 -- PENDINGREVIEW

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/500

<fjh> action-473?

<trackbot> ACTION-473 -- Thomas Roessler to update xml enc processing proposal with more detail and addressing wg concerns -- due 2010-01-31 -- PENDINGREVIEW

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/473

<fjh> http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.htm#sec-Processing

<fjh> tlr notes not talk normatively about application in revision

<fhirsch> mtl from 4.5 has moved to 4.2

<fjh> scott will review the xml encryption 1.1 changes, already has action, ACTION-452

<fjh> ACTION-452?

<trackbot> ACTION-452 -- Scott Cantor to review the XML ENC v1.1 document -- due 2009-11-24 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/452

<fjh> ACTION-475?

<trackbot> ACTION-475 -- Frederick Hirsch to review xml encryption 1.1 -- due 2010-01-29 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/475

<fjh> ACTION-453?

<trackbot> ACTION-453 -- Ed Simon to review XML ENC v1.1 -- due 2009-11-24 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/453

<fjh> ACTION: bal to review XML Encryption 1.1, including proposed processing model changes [recorded in http://www.w3.org/2010/01/26-xmlsec-minutes.html#action02]

<trackbot> Created ACTION-507 - Review XML Encryption 1.1, including proposed processing model changes [on Brian LaMacchia - due 2010-02-02].

<fjh> ACTION: pdatta to review Encryption 1.1, including proposed processing model changes [recorded in http://www.w3.org/2010/01/26-xmlsec-minutes.html#action03]

<trackbot> Created ACTION-508 - Review Encryption 1.1, including proposed processing model changes [on Pratik Datta - due 2010-02-02].

<fjh> Suggest we complete review before call on the 9th Feb, then decide whether to publish updated WD or to fix changes and then publish

<fjh> Prefer to have updated publication by mid-Feb.

Canonical XML 2.0 and XML SIgnature 2.0

http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0119.html

<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2010Jan/0119.html

Patrick: examples have been updated

scantor; need to agree on terminology

<fjh> http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-20/Overview.src.html#sec-Processing

scribe: and styling

<fjh> ACTION: fjh to review bibliography issues [recorded in http://www.w3.org/2010/01/26-xmlsec-minutes.html#action04]

<trackbot> Created ACTION-509 - Review bibliography issues [on Frederick Hirsch - due 2010-02-02].

fjh: what are the next steps

<fjh> pratik planning to send out c14n 2.0 draft revision

<fjh> Pratik asks Scott to review, some changes to proposal

<fjh> Scott asks for revision of compatibility mode terms as early as possible

<fjh> action-481?

<trackbot> ACTION-481 -- Frederick Hirsch to check on follow-up status on WS-RA discussion -- due 2010-01-12 -- PENDINGREVIEW

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/481

<fjh> in progress, no response yet

<fjh> common document would enable wider interop

<fjh> pratik also notes enable reuse without requiring normative reference to entire XML Signature

<fjh> pratik says we could have note comparing subsets - xml schema, ws-transfer and xml signature

Summary of Action Items

[NEW] ACTION: bal to review XML Encryption 1.1, including proposed processing model changes [recorded in http://www.w3.org/2010/01/26-xmlsec-minutes.html#action02]
[NEW] ACTION: fjh to review bibliography issues [recorded in http://www.w3.org/2010/01/26-xmlsec-minutes.html#action04]
[NEW] ACTION: pdatta to review Encryption 1.1, including proposed processing model changes [recorded in http://www.w3.org/2010/01/26-xmlsec-minutes.html#action03]
[NEW] ACTION: tlr to update sotd and note in document with change for ISSUE-179 [recorded in http://www.w3.org/2010/01/26-xmlsec-minutes.html#action01]
 
[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.135 (CVS log)
$Date: 2010/02/02 15:53:46 $