Author: Joseph Reagle

Audience: Workshop Attendees

Question: What will we accomplish at the workshop.

Description:

References:The W3C Signed XML Workshop

XML-DSig'99: The W3C Signed-XML Workshop

April 15th and 16th

DoubleTree Guest Suites Hotel,
Boston, Massachusetts

Agenda

I am going to use the next two days to gather information, concerns, requirements, and consensus so as to move quickly after this meeting.

Today

1. Introduction
2. Web of Trust
3. Signature Semantics
4. Canonicalization and Content Semantics
5. Applications

Tomorrow

1. Specifications
2. Forms
3. Consensus/Wrapup/Conclusion

Introduction

• Tim Berners-Lee, Semantic Web
• Don Eastlake, results of IETF meeting
• Daniel Veillard, status of XML Activities

Discussion

1. Think about the IETF/W3C issue, we will return to it tomorrow.
2. Any questions on the status of XML activities?
3. And dependencies that you do not think are relevant, or dependencies that have not been identified?

Signature Semantics

• Ralph Swick, Expressing Signature Semantics in RDF
• Martin Lee, Signing and Communicating Semantics
• Peter Lipp, Signature Semantics
• Paul Lambert, Validation and Semantics of XML Digital Signatures

Discussion

1. Why not just use S/MIME?
2. Do we have consensus that people can place unparsed data (e.g., X.509 blobs) in elements?
3. What do people think of using RDF syntax to represent assertion semantics?
4. Do we have consensus that we should have an explicit  data model?
5. Do we have consensus (from the proposed charter) that we focus on the simple semantic: signature=f(key+hash+resource)? That additional semantics should be able to be introduced through the namespace facility?

Content Semantics

• Hiroshi Maruyama, DOM HASH
• Ralph Swick, RDF Content Semantics
• Richard Himes and Todd Vincent, Legal System Semantics

Discussion

1. Do we have consensus that one needs a number of different semantic content depths (bits, XML, DOM, etc.)?
   1. What should we spend time on -- if any? Should we specify the bit method, rely upon XML-syntax WG for XML, and someone else for DOM-hash?
2. Unicode: should "e with acute" (composed form) be treated as different from "e" + "combining acute" (decomposed form) or the same?
3. Need canonicalized-XML be XML?
4. How do we sign the hash of a native document format, when the encoded format is what is generally available?
5. How do we feel about resolving external entities and resources?
6. How do we warn application designers to guard their proprietary semantics before canonicalization? Do we even need to?
7. Need signed-XML address XML-filters itself? Or should we defer to XPointer (advanced locators) and XSL-selectors?

Applications

• Ko Fujimura, XML Ticket: Generalized Digital Ticket Definition Language
• Milton Anderson, FSML and eCheck
• Michael Merz, Electronic Contracts
• Satoru Tezuka, Internet Marks

Discussion

1. What additional requirements/constraints are there based on these applications?

Specifications

• Milton Anderson, FSML & SDML
• Richard Brown, signed-XML draft

Discussion

1. Data model?
2. Do people like Richards syntax and DTD?
3. How much form work do we want to do?
4. How concerned are we about secrecy/confidentiality?

Forms

• Milton Anderson, Browser Support for Signing and Submitting XML Forms
• John Boyer, Extensible Forms Description Language

Discussion

1. Do we need to do forms, or do we focus on the signature and move onto that next?
2. Again, external references and entities?
3. Filters, do we need them?
   1. Should we rely upon advanced locators (X-pointer or XSL selectors) or create our own?
4. How will CGI scripts deal with signed form returns?

Consensus/Conclusion

• Joseph Reagle, Chair

1. W3C or IETF?
2. Depending on where, how do we coordinate, ensure wide review and robustness with the security and XML domains?
3. Did we answer all the questions?