[1]W3C   [2]XML Encryption WG

      [1] http://www.w3.org/
      [2] http://www.w3.org/Encryption/2001/Overview.html

  2001-April-23
  Chair: Joseph Reagle
  Note Taker: Joseph Reagle [3]text]

      [3] http://www.w3.org/Encryption/2001/Minutes/010423-tele,text

Participants

     * Joseph Reagle, W3C
     * Blair Dillaway, Microsoft
     * Shivaram Mysore, Sun Microsystems
     * Frederick Hirsch, Zolera
     * Katherine Betz, IBM
     * Eric E. Cohen, PricewaterhouseCoopers LLP
     * Donald Eastlake 3rd, Motorola
     * Mark Scherling, RSA
     * John Velissarios, PricewaterhouseCoopers LLP
     * John Messing, Law on Line
     * Amir Herzberg, NewGenPay

Status of documents < 5 minutes

     * Requirements - Published as first W3C Working Draft
     * Syntax and Processing - Reagle redid Overview comments on
       list need response.

Reviewing [4]Previous Items

      [4] http://www.w3.org/Encryption/2001/Minutes/010319-tele.html

    1. Eastlake: draft a more complete algorithm section include
       algorithm profiles and IV checksum cipher text values.
       Pending.
    2. Maruyama: update the Encryption/Signature Transform. Update
       Security Considerations, add a scenario or two (and maybe
       borrow "enc:DataRef" instead of using
       "EncryptedReference").
       Pending
    3. Maruyama: an email exploring the question of our processing
       model and the relationship between DOM, Infoset, and
       serialization and the issue related to using current
       parsers to get a pointer to a byte where element starting
       "<" is.
       Pending
    4. [DEL: Reagle: "Review the use of a URI versus an ID
       and NameKey in an EncryptedKey element?" :DEL]
       [DEL: Done :DEL]
    5. [DEL: Reagle: Inform Don Davis of new requirements document
       when complete and that issue 6.2 was dropped. :DEL]
       [DEL: Done :DEL]

Requirements

     * Now that it's published, please have another look and let
       me know if I dropped anything on the floor or didn't get it
       right.

Draft

     * Schema reuse: Reagle [5]investigated, looks like we can not
       use more sophisticated ds:KeyInfo reuse, but instead use
       the ds:KeyInfo ANY and create "orphaned" elements
       (KeyRetrievalMethod and EncryptedKey) in the encryption
       namespace/schema.
     * Reagle: Can we move away from KeyRetrievalMethod, and just
       use dsig's RetrievalMethod with a particular type? (This
       was the intent of ds:RetrievalMethod).
       <RetrievalMethod URI=[6]"http://someKey"
       Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey"/>
          + Dillaway: could be done.
          + Deferred to list for discussion and opposition.
     * Thoughts on [7]rewritten section 2?
          + None on the call, though there has been discussion on
            the list that needs to be addressed.
     * Algorithm progress?
          + Eastlake, hopes to post something within the next few
            days.
     * Imamura: [8]Does this mean the KeyRetrievalMethod element
       must not occur within the KeyInfo element of an
       EncryptedKey element?
          + Dillaway will send tweaked text to generalize to the
            list.
     * Imamura: [9]Does CipherData include CryptoBinary or a set
       of Transforms? Reagle: We probably need a new element, what
       should we call it?
          + Need some new structure, two candidates include
              1. Reagle: Two children of CipherData: Reference and
                 Value.
              2. Eastlake: Two alternatives to replace CipherData:
                 Cipher(Data|Value) and CipherReference
            Deferred to more discussion on list.
     * [10]NameKey, should we think of a better name?
          + Herzberg: Make it of the form of (prefix)KeyName (like
            "friendly")
          + Reagle: where prefix communicates that this is the
            name of the (symmetric) key encrypted and carried in
            the EncryptedKey CipherData.
     * [11]Processing Model
          + Reagle: Any thoughts on this section? I definitely
            need feedback.
          + None yet.

      [5] http://lists.w3.org/Archives/Public/xml-encryption/2001Apr/0027.html
      [6] http://someKey/
      [7] http://www.w3.org/Encryption/2001/04/06-proposal.html#sec-Overview
      [8] http://lists.w3.org/Archives/Public/xml-encryption/2001Apr/0011.html
      [9] http://lists.w3.org/Archives/Public/xml-encryption/2001Apr/0016.html
     [10] http://lists.w3.org/Archives/Public/xml-encryption/2001Apr/0005.html
     [11] http://www.w3.org/Encryption/2001/04/06-proposal.html#sec-Processing-XML

   Misc
     * Reagle: Next call on May 14. Reagle  will be in Asia April
       25 - May 8 for WWW10/W3C-AC and Europe from May 22 -May
       29th for XML 2001 Europe. So productivity and ability to
       convene teleconferences will be low but discussion can
       happen on list and I can still have a bridge made available
       for discussion.
     * Reagle: Also, reminder to ourselves to think about FTF in
       June/July.