- From: <Frederick.Hirsch@nokia.com>
- Date: Mon, 17 Jan 2011 22:47:17 +0100
- To: <public-xmlsec@w3.org>
- CC: <Frederick.Hirsch@nokia.com>
Agenda: W3C XML Security WG Distributed Meeting #93, 18 January 2011 Distributed Meeting
Logistics details and links to information at the bottom of this email.
1) Administrivia: Scribe confirmation, Agenda review, Meeting Planning, Liaisons, Announcements
proposed RESOLUTION: Cancel the teleconference 1 February 2011.
2) Minutes Approval
Approve minutes, 11 January 2011
http://lists.w3.org/Archives/Public/public-xmlsec/2011Jan/att-0030/minutes-2011-01-11.html
Proposed RESOLUTION: Minutes from 11 January 2011 are approved.
3) ECC, ISSUE-91
Update on status and next steps from Thomas.
New information to alter decision whether to make ECC Optional?
WG discussion of http://lists.w3.org/Archives/Public/public-xmlsec/2011Jan/0035.html ?
WG decision regarding formation of a PAG?
Information on PAG from W3C process: http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-PAG-formation and http://www.w3.org/2007/04/patent-exception-management
proposed ACTION: tlr to update XML Signature 1.1 and XML Encryption 1.1 status sections for ECC status.
4) XML Security 1.1 CR
Process for CR: http://www.w3.org/2005/10/Process-20051014/tr.html#cfi
Documents for CR: XML Signature 1.1, XML Encryption 1.1, XML Security Properties, XML Security Generic Hybrid Ciphers
4a) Explain and reference review
http://lists.w3.org/Archives/Public/public-xmlsec/2011Jan/0039.html (Magnus), ACTION-767
Editorial updates completed:
http://lists.w3.org/Archives/Public/public-xmlsec/2011Jan/0042.html (Frederick)
Open:
+ Need direct link for X9.44 (not a blocker for CR)
+ Need RFC for ECC-ALGS (but not a blocker for CR)
+ Update 1.1 cross references when going to CR
Need review of XML Signature explain document, references (Cynthia?)
4b) base64 placement,
ACTION-766 Implement change for base64 Brian LaMacchia
4c) WG decision on at risk items
Items not core to specification that might not achieve interop and might be removed without triggering a new Last Call cycle.
XML Signature 1.1 - At risk: ECC ECKeyValue, DEREncodedKeyValue, XPath 2.0
XML Encryption 1.1 - At risk: ECDH KeyValues, AES Keywrap with padding, ECDH-ES, Derived Keys
XML Security Properties - At risk: from last week, "RESOLUTION: mark the Created/Expires/ReplayProtect properties as "at risk" and move the entire Signature Properties document to CR along with the other 1.1 CR drafts.", http://lists.w3.org/Archives/Public/public-xmlsec/2011Jan/att-0030/minutes-2011-01-11.html#item05
XML Security Generic Hybrid Ciphers - At risk: nothing.
A whole spec cannot be at risk, if if does not achieve exit criteria it stays at CR indefinitely (Thomas to confirm)
4d) WG decision on Exit Criteria
Two interoperable implementations for all mandatory and optional features?
4e) Publication Schedule
Agree this week, 18 January to bring the following to Candidate Recommendation (CR) status:
XML Signature 1.1, XML Encryption 1.1, XML Security Properties, XML Security Generic Hybrid Ciphers
(see roadmap, http://www.w3.org/2008/xmlsec/wiki/Roadmap)
Hold Director's call week of 24 January, publish 27 January 2011.
5) XML Security 2.0
5a) Make PositionAssertion verification mandatory if present.
http://lists.w3.org/Archives/Public/public-xmlsec/2011Jan/0031.html (Henrich)
5b) CURIEs
http://lists.w3.org/Archives/Public/public-xmlsec/2011Jan/0032.html (Thomas)
proposed RESOLUTION: Remove CURIES from XML Signature 2.0 QNameAware description, add note that they are not in scope since they have their own prefix binding mechanism.
5c) Namespace Prefixes in XPath profile
http://lists.w3.org/Archives/Public/public-xmlsec/2011Jan/0033.html (Meiko)
5d) Status of 2.0 related actions
ACTION-476 Review xml signature 2.0 Frederick Hirsch 2010-08-18 XML Signature 2.0
ACTION-538 Provide proposal related to namespace wrapping attacks once XPath profile available Meiko Jensen
ACTION-619 Review Meiko proposal for ACTION-538 Ed Simon
ACTION-717 Document the Performance improvements with 2.0 Pratik Datta
ACTION-732 Add example to signature 2.0 once Meiko shares text on list, see ACTION-711 Frederick Hirsch
ACTION-753 Work on creating 2.0 example for Signature 2.0 Scott Cantor
ACTION-759 Update requirements section of c14n2 with context/exclusive c14n requirement and description Pratik Datta 2011-01-11
ACTION-763 Review ISSUE-198 and where algorithm should be placed Pratik Datta 2011-01-11
http://lists.w3.org/Archives/Member/member-xmlsec-commits/2011Jan/0023.html
6) Action and Issue Review
6a) Close Pending actions
These will be closed after the meeting unless concern raised before or during meeting. Please review in advance of meeting.
ACTION-700 Review xml signature properties interop status re widget signature Frederick Hirsch
ACTION-729 Highlight potential issue with non-support for xml:base through removal of inclusive in xml signature and c14n2 drafts Pratik Datta
ACTION-747 Update XPath profile for Option 1 in proposal associated with ACTION-737 Pratik Datta
ACTION-758 Update abstract and intro of c14N2 to remove relationship to C14N1 and exclusive in abstract and explain relationship in intro Pratik Datta
ACTION-760 Help simplify and clarify processing for Curie in C14N2 Thomas Roessler
ACTION-761 Explain importance and need for Curie support Thomas Roessler
ACTION-765 Review 1.1 requirements and signature 1.1 and encryption 1.1 explain documents Frederick Hirsch
ACTION-767 Review XML Encryption 1.1 references to external document sections, explain document and requirements Magnus Nystrom
ACTION-768 Follow up on ISSUE-226 and byte range with Henrich Meiko Jensen
7) Other Business
8) Adjourn
Scribing list
----------------
Thomas Roessler (31 August 2010, 4 May, 2010, 20 April 2010)
Magnus Nystrˆm, Microsoft (7 Sept 2010, 27 April, 2010, 2 June, 2009)
Chris Solc, Adobe (14 Sept 2010, 26 January 2010, 8 December 2009)
Shivaram Mysore, Invited Expert (28 Sept 2010, 7 Sept 2010, 6 November 2009 F2F, 23 June 2009)
Brian LaMacchia, Microsoft (19 October 2010, 25 May 2010, 6 November 2009 F2F)
Scott Cantor, invited expert (19 October 2010, 31 August 2010, 1 June 2010, 24 Nov 2009)
Meiko Jensen (2 November 2010 F2F, 21 Sept 2010, 11 May, 2010)
Bruce Rich, IBM (1 & 2 November 2010 F2F, 30 March 2010)
Cynthia Martin, MITRE (30 November 2010, 26 October 2010, 6 July 2010, 2 March 2010)
Ed Simon, Invited Expert (7 December 2010, 15 June 2010, 25 January 2010)
Gerald Edgar, Boeing (14 December 2010, 16 November 2010, 10 August 2010, 22 June 2010, 13 April 2010)
Pratik Datta, Oracle (4 January 2010, 27 July 2010, 20 October 2009)
Hal Lockhart, Oracle (11 January 2011, 17 August 2010, 2 February 2010, 27 October 2009)
Not seen recently:
Bradley Hill, Invited Expert (14 July 2009)
John Wray, IBM (15 Dec 2009, 1 Sept 2009)
Sean Mullan, Oracle (12 January 2010, 6 October 2009)
Aldrin d'Souza, EMC (9 Feb 2010)
Karel Wouters IBBT, (9 March 2010)
Logistics Info:
10-12:00 am Eastern Time
Information on meeting times in various time zones:
http://www.w3.org/2008/xmlsec/Group/Overview.html#phone
Zakim Bridge:
+1.617.761.6200 conference code 965732# ('XMLSEC')
IRC Chat: irc.w3.org (port 6665), #xmlsec
Web-based IRC (member-only): <http://irc.w3.org/?channels=xmlsec>
Please note that attendance of XMLSEC WG teleconferences is restricted to registered WG participants and persons invited by the chair.
Scribe Instructions: <http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html
Liaison information: <http://www.w3.org/2008/xmlsec/Group/Overview.html#coordination
Publication Status available at <http://www.w3.org/2008/xmlsec/wiki/PublicationStatus
Roadmap at <http://www.w3.org/2008/xmlsec/wiki/Roadmap>
---
regards, Frederick
Frederick Hirsch, Nokia
Chair XML Security WG
Received on Monday, 17 January 2011 21:48:21 UTC