Author: Joseph Reagle
Audience: Workshop Attendees
Question: What will we accomplish at the workshop.
References:The W3C Signed XML Workshop
XML-DSig'99: The W3C
April 15th and 16th
DoubleTree Guest Suites Hotel,
I am going to use the next two days to gather information, concerns,
requirements, and consensus so as to move quickly after this meeting.
- Web of Trust
- Signature Semantics
- Canonicalization and Content Semantics
- Tim Berners-Lee, Semantic Web
- Don Eastlake, results of IETF meeting
- Daniel Veillard, status of XML Activities
- Think about the IETF/W3C issue, we will return to it tomorrow.
- Any questions on the status of XML activities?
- And dependencies that you do not think are relevant, or dependencies that have not been
- Ralph Swick, Expressing Signature Semantics in RDF
- Martin Lee, Signing and Communicating Semantics
- Peter Lipp, Signature Semantics
- Paul Lambert, Validation and Semantics of XML Digital Signatures
- Why not just use S/MIME?
- Do we have consensus that people can place unparsed data (e.g., X.509 blobs) in
- What do people think of using RDF syntax to represent assertion semantics?
- Do we have consensus that we should have an explicit data model?
- Do we have consensus (from the proposed charter) that we focus on the simple semantic:
signature=f(key+hash+resource)? That additional semantics should be able to be introduced
through the namespace facility?
- Hiroshi Maruyama, DOM HASH
- Ralph Swick, RDF Content Semantics
- Richard Himes and Todd Vincent, Legal System Semantics
- Do we have consensus that one needs a number of different semantic content depths (bits,
XML, DOM, etc.)?
- What should we spend time on -- if any? Should we specify the bit method, rely upon
XML-syntax WG for XML, and someone else for DOM-hash?
- Unicode: should "e with acute" (composed form) be treated as different
from "e" + "combining acute" (decomposed form) or the same?
- Need canonicalized-XML be XML?
- How do we sign the hash of a native document format, when the encoded format is what is
- How do we feel about resolving external entities and resources?
- How do we warn application designers to guard their proprietary semantics before
canonicalization? Do we even need to?
- Need signed-XML address XML-filters itself? Or should we defer to XPointer (advanced
locators) and XSL-selectors?
- Ko Fujimura, XML Ticket: Generalized Digital Ticket Definition Language
- Milton Anderson, FSML and eCheck
- Michael Merz, Electronic Contracts
- Satoru Tezuka, Internet Marks
- What additional requirements/constraints are there based on these applications?
- Milton Anderson, FSML & SDML
- Richard Brown, signed-XML draft
- Data model?
- Do people like Richards syntax and DTD?
- How much form work do we want to do?
- How concerned are we about secrecy/confidentiality?
- Milton Anderson, Browser Support for Signing and Submitting XML Forms
- John Boyer, Extensible Forms Description Language
- Do we need to do forms, or do we focus on the signature and move onto that next?
- Again, external references and entities?
- Filters, do we need them?
- Should we rely upon advanced locators (X-pointer or XSL selectors) or create our own?
- How will CGI scripts deal with signed form returns?
- W3C or IETF?
- Depending on where, how do we coordinate, ensure wide review and robustness with the
security and XML domains?
- Did we answer all the questions?