XML Security Spec Maintenance WG
22 May 2007

Present

EdSimon, Thomas, +1.617.876.aaaa, sean, Hal_Lockhart, +1.410.695.aabb, rmiller3, GregWhitehead, R_Salz, jcc, PHB, [IBMCambridge], klanz2

Regrets

FrederickHirsch, GilesHogben, AlekseySanin, PeterLipp

Chair

tlr

Scribe

phb

 

 

<tlr> Date: 22 May 2007

<tlr> scribe: phb

<tlr> agendum 2=last meeting's minutes

<tlr> agendum 3= action item review

<tlr> hi greg

<grw> hi

<tlr> interesting

<tlr> ScribeNick: hal

convene, administrivia

last meeting's minutes

resolution: next meeting May 29

<tlr> http://www.w3.org/2007/05/15-xmlsec-minutes

resolution: minutes accepted

action item review

<tlr> ACTION-5 closed

<trackbot-ng> Sorry... I don't know how to close ACTION yet

<tlr> ACTION-6 continued; Konrad absent

<tlr> ACTION-22 done

<tlr> ACTION-26 continue

workshop planning

<tlr> http://www.w3.org/2007/xmlsec/ws/cfp.html

<jcc> q

jcc: noticed typo what would be the limits on number of people from each org?

tlr: if we have excessive numbers we will limit attendance... standard escape hatch hope to close cfp as soon as possible final closure in 2 weeks

<scribe> ScribeNick: PHB2

 

ACTION: hal to propose additional types of contributions for workshop CFP [recorded in http://www.w3.org/2007/05/22-xmlsec-minutes.html#action01]

<trackbot-ng> Created ACTION-28 - Propose additional types of contributions for workshop CFP [on Hal Lockhart - due 2007-05-29].

 

<tlr> http://www.w3.org/2002/09/wbs/40279/workshop-timing/results

Tlr: Timeline for the workshop, form open, Sept 25-27 days where no known conflicts aim for that

proposal 25,26 Tues and Wed

(no objections)

jcc: : may be an issue regarding availability of hotels

 

Thomas: ok don't do catalonia Do meeting of follow-up group Keep offer in grateful consideration for the followup work sometime next year

Thomas: should we do east or west coast? takeup Hal's offer

Hal: given likely number of participants, any likely issues?

Thomas: given number of attewndees (40+) consider AV support

 

<tlr> ACTION: thomas to go through hosting requirements with Hal [recorded in http://www.w3.org/2007/05/22-xmlsec-minutes.html#action02]

<trackbot-ng> Created ACTION-29 - Go through hosting requirements with Hal [on Thomas Roessler - due 2007-05-29].

 

Thomas: next steps need to discuss chair, have candidates, need approval from W3C management

Thomas: Once approved everyone must send in a position paper (inc. members) Participation is open to broad community, not just W3C

 

<tlr> ACTION: thomas to propose detailed timeline for CFP by mail [recorded in http://www.w3.org/2007/05/22-xmlsec-minutes.html#action03]

<trackbot-ng> Created ACTION-30 - Propose detailed timeline for CFP by mail [on Thomas Roessler - due 2007-05-29].

 

HAL: Is there a special protocol for members?

Thomas: no everyone must submit a paper

Status of drafts: C14N11 (from XML Core)

<tlr> http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0028.html

<tlr> http://lists.w3.org/Archives/Public/public-xml-core-wg/2007May/0040

Thomas: status of CR-Recommendation from XML-Core ... good time to raise issues

EdSimon: In the minutes we said we don't expect to give further feedback to XMLCore, this is respect to C14N 1.1 item

Thomas: yes, this is the case ... no extensive discussion on 1.1 C18N other issues are open

Status of drafts: DSig Core

<tlr> http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/

Progress issue, 3 months after CR status and 2 interoperable implementations

<tlr> http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/changes.html

<EdS> c18n should be c14n

Need to walk through draft once more to see that people are OK with changes that have taken place

<tlr> http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec-CoreGeneration

<tlr> The Reference Processing Model (section 4.3.3.2) requires that validators use Canonical XML 1.0 [XML-C14N] when a transformation that would expect an octet-stream as input is applied to a node-set. We RECOMMEND that generators do not rely on this default behavior, but explicitly identify the transformation that is applied to perform this mapping. In cases in which inclusive canonicalization is desired, we RECOMMEND that Canonical XML 1.1 [XML-C14N11] be used.

jcc: if an operation is applied on the input, it is not applied to the node set,

thomas: replace applied to a node set with better wording

<tlr> "is applied to a node-set" -> "would be applied to a nodeset"?

<tlr> The Reference Processing Model (section 4.3.3.2) requires that validators use Canonical XML 1.0 [XML-C14N] when a transformation that would expect an octet-stream as input is applied to a node-set.

Thomas: can everyone live with that

<tlr> The Reference Processing Model (section 4.3.3.2) requires that validators use Canonical XML 1.0 [XML-C14N] when a transformation that would expect an octet-stream as input +++ WOULD BE +++ applied to a node-set.

Thomas: the point being that the transformation cannot be applied to the node set

<jcc> would expecte an octet-stream as input receives a node-set

jcc: not quite

Thomas: propose wordsmithing change to the mailing list.

Thomas is the normative intent of this change acceptable?

 

<tlr> ACTION: jcc to propose rewording of "Reference processing model" sentence on mailing list [recorded in http://www.w3.org/2007/05/22-xmlsec-minutes.html#action04]

<trackbot-ng> Sorry, couldn't find user - jcc

<tlr> ACTION: juan-carlos to propose rewording of "Reference processing model" sentence on mailing list [recorded in http://www.w3.org/2007/05/22-xmlsec-minutes.html#action05]

<trackbot-ng> Sorry, couldn't find user - juan-carlos

<tlr> ACTION: cruellas to propose rewording of "Reference processing model" sentence on mailing list [recorded in http://www.w3.org/2007/05/22-xmlsec-minutes.html#action06]

<trackbot-ng> Created ACTION-31 - Propose rewording of \"Reference processing model\" sentence on mailing list [on Juan Carlos Cruellas - due 2007-05-29].

<tlr> PROPOSED RESOLUTION: normative changes in 3.1.1 agreed

 

sean: first time validator and generator used in text, should be defined?

Thomas (explains terms)

sean: fine with the terms, just should we put in a definitio

hal: hard to see how can have a recomendation without an actor, will someone take a recomendation?

Thomas: sean will you volunteer?

Sean: give it a shot

 

<tlr> ACTION: sean to propose language for "validator" and "generator" that is more in line with rest of rec's style [recorded in http://www.w3.org/2007/05/22-xmlsec-minutes.html#action07]

<trackbot-ng> Created ACTION-32 - Propose language for \"validator\" and \"generator\" that is more in line with rest of rec\'s style [on Sean Mullan - due 2007-05-29].

<tlr> http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec-RetrievalMethod

<tlr> http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0006.html

<tlr> "For example, a reference that results in the digesting of an |Object| element containing a |SignatureProperties| element is still of type |#Object|"

 

thomas: current languahge in 4.4.3

<klanz2> sorry for being late

thomas: proposal from greg whitehead to add above

<tlr> http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0011.html

red text agreed in cambridge, greg proposes adding text

hal: makes it a lot clearer nothing like a good for example

 

Thomas: propose accepting change

 

(confusion as to where we are)

 

Proposal is to change 4.3.3.1

<tlr> http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec-URI

Greg: proposal was to change text, was refining JCC's proposal

 

<tlr> PROPOSED change: "For example, a reference that identifies an Object element containing a SignatureProperties element is still of type #Object." -> "For example, a reference that results in the digesting of an |Object| element containing a |SignatureProperties| element is still of type |#Object|"

<tlr> RESOLUTION: proposed edit from http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0011.html

 

Thomas: test case, any news?

Question about 19

 

Konrad: havent done up to now, should not be too hard should be done today

 

<tlr> ACTION-19 hopefully closed today

<tlr> E01 remains unresolved

 

Thomas: Changes to e05 agreed? As are ?? changes to the schema confirming proposed normative changes

 

jcc: issue with the change

thomas: its a browser issue will change the formatting to make it readable

 

<tlr> ACTION: thomas to change formatting of 4.4.3 note [recorded in http://www.w3.org/2007/05/22-xmlsec-minutes.html#action08]

<trackbot-ng> Created ACTION-33 - Change formatting of 4.4.3 note [on Thomas Roessler - due 2007-05-29].

<tlr> http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec-c14nAlg

 

thomas: c14n algorithms

<tlr> This specification REQUIRES implementation of both Canonical XML 1.0 [XML-C14N] and Canonical XML 1.1 [XML-C14N11]. We RECOMMEND that generators chose Canonical XML 1.1 [XML-C14N11] when inclusive canonicalizatoin is desired.

people please review and approve this text

 

<tlr> sean: fix canonicalizatoin to canonicalization!

jcc: query resolution

thomas: clarify
... 6.5.2, (describe changes)
... identifiers left open for now renew identifier proposed for last call or come up with a new one if the text changes may need new identifier, otherwise reuse old one

 

<tlr> ACTION: konrad to verify that CR version of C14N11 has no conformance-affecting changes against http://www.w3.org/TR/2006/WD-xml-c14n11-20061220/ [recorded in http://www.w3.org/2007/05/22-xmlsec-minutes.html#action09]

<trackbot-ng> Created ACTION-34 - Verify that CR version of C14N11 has no conformance-affecting changes against http://www.w3.org/TR/2006/WD-xml-c14n11-20061220/ [on Konrad Lanz - due 2007-05-29].

jcc: request clarification

thomas: describe changes to note in 6.5.2, grammar changes only

<tlr> ed simon: move note above 6.5.1

<tlr> so resolved

<tlr> http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec-c14nAlg

<tlr> Note: The Reference Generation Model (section 3.1.1) includes further restrictions on the reliance of implicitly defined default transformations by signature generators.

<tlr> of -> upon

<klanz2> btw. : CR http://www.w3.org/XML/Group/2007/05/CR-xml-c14n11-20070509

Thomas: ok everyone? nobody objects? ... done with the agenda

adjorned