- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Tue, 6 Jan 2009 19:30:41 -0500
- To: XMLSec WG Public List <public-xmlsec@w3.org>
- Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, ext Taki Kamiya <tkamiya@us.fujitsu.com>, John Schneider <john.schneider@agiledelta.com>
- Message-Id: <94C587B0-FF6A-4976-9F35-6A0AD2BAECEB@nokia.com>
Agenda: W3C XML Security WG (XMLSec) v2
F2F 13-14 January 2009
F2F #3
9-6 PT each day, arrival and setup at 8:30 am
Information on meeting times in various time zones:
http://www.w3.org/2008/xmlsec/Group/Overview.html#phone
Zakim Bridge:
+1.617.761.6200 conference code 965732# ('XMLSEC')
IRC Chat:
irc.w3.org (port 6665), #xmlsec
Web-based IRC (member-only):
<http://cgi.w3.org/member-bin/irc/irc.cgi>
F2F logistics
http://lists.w3.org/Archives/Member/member-xmlsec/2008Nov/0035.html
Please note that attendance of XMLSEC WG teleconferences is restricted
to registered WG participants and persons invited by the chair.
Chair: Frederick Hirsch
Attendees, Dial-in Attendees and Regrets listed on admin page at
http://www.w3.org/2008/xmlsec/Group/Overview.html#f2f3
Tuesday 13 January
1) Welcome, Introductions, Administrivia (9 - 9:30 am PT)
1a) Introductions as needed, Local logistics
1b) Scribe confirmation
13 January AM
13 January PM
14 January AM
14 January PM
The current scribe list is at the end of this message, will rotate
through this list.
Scribe Instructions:
http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html
1c) Meeting planning: weekly meetings
This WG meets weekly on Tuesdays 10-12 Eastern unless a meeting is
cancelled.
Upcoming meeting information is available on the WG Administrative page:
http://www.w3.org/2008/xmlsec/Group/Overview.html#upcoming-meetings
20 January 2009 Teleconference cancelled
27 January 2009 Teleconference #17, 10-12 Eastern
1d) Liaisons and Coordination
See status at members page
http://www.w3.org/2008/xmlsec/Group/Overview.html#coordination
No new updates.
1e) Announcements
Verisign has joined the WG.
2) Minutes Approval
2a) Minutes from 6 January 2009 for approval:
http://www.w3.org/2009/01/06-xmlsec-minutes.html
3) Issues
No new issues.
4) Editorial updates
4a) Initial draft of Security Algorithms
http://www.w3.org/2008/xmlsec/Drafts/xmlsec-algorithms/Overview.html
5) XML Security 1.1 (9:30 - 10:45 am PT)
5a) XML Signature 1.1
Algorithms - review and agreement
NIST re key lengths - update?
Errata incorporation
RFC reference changes
Separate Normative and informative
versioning text addition
Editorial fixes
5b) XML Encryption 1.1
review Draft (to be distributed in advance of meeting)
Algorithms
Errata
RFC reference changes, separate normative and informative references
versioning text addition
5d) Algorithm Note
Review draft note of Algorithms, URIs and references for those
algorithms
http://www.w3.org/2008/xmlsec/Drafts/xmlsec-algorithms/Overview.html
5d) Next steps before publication, time schedule
6) Break (15 min, 10:45 - 11)
7) XML Security 1.1 test cases and interop (11:00 -11:30)
Actions to draft test cases
Interop planning - distributed interop?
8) Widget Signature review and Signature Properties (11:30 - 12:30)
8a) Review update of signature properties
http://www.w3.org/2008/xmlsec/Drafts/xmldsig-properties/Overview.html
(to be updated with notice on email list)
8b) Walk through latest draft of Widget Signature
http://dev.w3.org/2006/waf/widgets-digsig/
(to be updated with notice on email list)
9) Lunch 12:30 - 1:30
7) XML Security 2.0 (1:30 - 3:00)
7a) Review Transform Simplification update
Add explicit "see what you sign" stage?
7b) Additional streaming discussion
7c) Backward compatibility, profiles/levels, interoperability,
extensibility mechanisms
7d) Simple Signing next steps, requirements, PI use
7e) KeyInfo discussion
8) Break (15 min, 3:00 - 3:15)
9) Canonicalization simplification and next steps, QNames,Namespaces,
Infoset (3:15 - 4:15)
Review and work through issues and technical approaches, requirements.
10) EXI Discussion (4:30 - 5:30)
11) Review of day, new actions and agenda (5:30 - 5:45)
12) Other Business Day 1
13) Recess (6 pm)
Wednesday 14 January (9 am - 6 pm)
14) Welcome, Administrative
16) Requirements Review (9:00 - 11:00)
Charter milestones
http://www.w3.org/2008/02/xmlsec-charter.html#milestones
16a) Canonicalization Requirement discussion
http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0006.html
(Juan Carlos)
16b) Requirements document walkthrough
http://www.w3.org/2008/xmlsec/Drafts/xmlsec-reqs/Overview.html
16c) Additional requirements - working session
List additional requirements associated with approaches taken, reflect
1.1 and 2.0
Also list non-requirements
e.g., for discussion
"is an XML only serialization required for KeyInfo, maybe we do not
want this requirement"
17) Break (15 min, 10:30 - 10:45)
18) Review Open Actions and Issues associated with requirements, Next
steps for requirements (10:45 - 11:15)
Publish First Public Working Draft?
19) XML Security 2.0 Technical Discussion (11:15 - 12:30)
Additional technical discussion based on previous discussions
20) Lunch (12:30 - 1:30)
21) Best Practices (1:30 - 2:30)
21a) review open issues and actions associated with best practices
ACTION-77 Update best practices document for section titles
Sean Mullan
ACTION-103 Provide updated email on best practices issue
Juan Carlos Cruellas
ACTION-125 draft best practice around xpath filter 2
Sean
ACTION-127 draft text on trade-off between different
extensibility mechanisms, for BP draft,
Thomas
ISSUE-52, Rules for syntax of KeyInfo child elements should be
unambiguous
ISSUE-56 Add references related to timestamping
ISSUE-62 Clarify best practice related to order of schema validation
and xml security processing for 2nd Edition
ISSUE-64 How to use XML Signature for various applications, e.g. Mail,
unstructured content
ISSUE-69 Update example file to avoid empty XPath result
21b) Comments received from public working draft?
21c) Next steps for Best Practices
Publish revision?
22) Schema and DTD for 2.0 (2:30 - 3:00)
Schema changes needed. Continue to provide DTDs?
23) Additional KeyInfo and other 2.0 technical discussion (3:00 - 4:00)
10) Action Item and Issue Review (4:00 - 4:30)
10a) Close Pending actions
http://www.w3.org/2008/xmlsec/actions-pending.html
10b) Open Action Review
Open actions are listed in Tracker at http://www.w3.org/2008/xmlsec/track/actions/open
Procedure for closing actions: http://www.w3.org/2007/xmlsec/Group/Overview.html#closing-actions
Please review open action list and update your actions appropriately:
http://www.w3.org/2008/xmlsec/actions-open.html
11) Meeting summary, lessons learned, new issues and actions, future
meetings and planning (4:30 - 5:15)
http://www.w3.org/2008/xmlsec/Group/Overview.html#upcoming-meetings
F2F discussion
12) Other Business (5:15 - 6:00)
13) Adjourn (6:00)
Scribing list
----------------
Konrad Lanz, IAIK (16 July F2F am)
Pratik Datta, Oracle (19 August 2008)
Subramanian Chidambaram, Nokia (26 August)
Brian LaMacchia, Microsoft (2 September 2008)
Bradley Hill, Invited Expert (9 September 2008)
Juan Carlos Cruellas, Universitat Politècnica de Catalunya (16
September 2008)
Gerald Edgar, Boeing (7 October 2008)
Chris Solc, Adobe (20 October 2008 F2F am)
Robert Miller, MITRE (20 October 2008 F2F pm)
Bruce Rich, IBM (17 July F2F am, 21 October 2008 F2F am)
Kelvin Yiu, Microsoft (21 October 2008 F2F, pm)
Shivaram Mysore, Invited Expert (4 November 2008)
Magnus Nyström, EMC (11 November 2008)
Ed Simon, Invited Expert (18 November 2008)
Scott Cantor, invited expert (29 July 2008, 2 December 2008)
Hal Lockhart, Oracle (9 December 2008)
John Wray, IBM (16 December 2008)
Sean Mullan, Sun (6 January 2009)
regards, Frederick
Frederick Hirsch, Nokia
Chair XML Security WG
Received on Wednesday, 7 January 2009 00:31:36 UTC