IETF W3C   XML Signature WG

Chairs: Donald Eastlake and Joseph Reagle
Note Taker: Joseph Reagle [text]



Review Outstanding Action Items

Issues from Irvine FTF:

Agenda and Open Issues

URI versus XLink in core/manifest syntax, c14n,

Reagle post-facto thinking: It seems we are toying with a couple of variables with respect to extract, Xptr, DOM, and core versus some other spec.

  1. Reagle wants to keep the core small and easy since we need to start implementing in about a month's time. Argues for removing Xptr/extract to manifest level and only permitting simple URIs at the higher level.
  2. Solo wants symmetry between the signature reference and manifest reference, such that one could use either without the signature breaking. This argues for core and manifest references to look alike.
  3. Boyer wants the ability to force the client to validate the thing actually being signed. You can only do this by  placing it in the object. If you place it in the manifest, its up to the application to decide what to validate, Boyer lost his ability to define what is critical. (Reagle reconsiders the idea of flags in the manifest which state whether the resource needs to be checked or not so as to achieve point 1.) Also, if you reference the actual resource (instead of a manifest) in the object, then you naturally need Xptr to extract from it, which conflicts with point 1.
  4. Don's doesn't seem to think exclude tags are out of contention.

Status of scenarios document?

Status of requirements document?

Status of Data Model document?

Interoperability scenarios