W3C

XML Security Specifications Maintenance WG Conference Call

4 Sep 2007

Agenda

See also: IRC log

Attendees

Present
Frederick Hirsch
Sean Mullan
Bruce Rich
Thomas Roessler
Hal Lockhart
Juan Carlos Cruellas
Konrad Lanz
Regrets
Rob Miller, Phill Hallam-Baker
Chair
Frederick Hirsch
Scribe
Thomas Roessler, Bruce Rich

Contents


<rdmiller> I will not be able to attend the call today. Sorry for the late notice.

<fjh> Agenda: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Aug/0066.html

<fjh> Agenda: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Aug/0066.html

<tlr> ScribeNick: tlr

RESOLUTION: last week's minutes approved, http://lists.w3.org/Archives/Member/member-xmlsec-maintwg/2007Aug/0016.html

action item review

jcc: test cases for scheme-based xpointers ??
... section 3.5 ...

<fjh> looking at this mail - http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jul/0054.html

jcc: document contains comments ...
... test case described about using xpointers and barenames ...
... thought this action was completed ...

<scribe> ScribeNick: brich

<klanz2> JC are you talking about this: http://www.w3.org/2007/xmlsec/interop/xmlsig-interop-doc/testcases.html#TestCases-SchemaBasedXPointers

<tlr> thanks klanz for the pointer, I was looking for that

<jcc> The signature will be an enveloping signature. The enveloped document will be the one shown at the begininning of this section. The value of the URI attribute will be "xpointer(id("e1ID"))"

<tlr> +1 to closing this action

<tlr> brich, you don't need to use the IRC nick name, something that matches the person should work.

<trackbot-ng> Sorry... I don't know how to close ACTION yet

action 68 close

ACTION 68 closed

ACTION-71 open

ACTION-68 closed

<trackbot-ng> Sorry... I don't know how to close ACTION yet

<fjh> action 68 closed

<fjh> action 75 done, 3.6.1

<jcc> 3.6.1 Test cases on differences identified in RFC 2253 and RFC 4514

<scribe> ACTION: 68 close [recorded in http://www.w3.org/2007/09/04-xmlsec-minutes.html#action01]

<trackbot-ng> Sorry, couldn't find user - 68

<tlr> http://www.w3.org/2007/xmlsec/interop/xmlsig-interop-doc/testcases.html#TestCases-DistinguishedName-RFC2253-RFC4514

<tlr> brich, if you start with "ACTION: ", you create a new action item, which in this case was on 68 to close :)

<fjh> action 74 open

<klanz2> 82, 83 keep open ...

ACTION 75 closed

<klanz2> 82, 83 keep open ...

ACTION 84 closed

<fjh> action 84 was for minuts of 21 AUG

<klanz2> can you excuse me for 3 minutes, I'll be right back

ACTION 85 closed

ACTION 86 closed

workshop

<klanz2> back

invitations sent, not much in the way of responses yet

<tlr> nothing else to add...

<klanz2> I like the term freefall ;-)

test cases / interop

interop format question

looking for some structure, but relatively free-form so far

<fjh> will want to produce interop test matrix summarizing results, also summarize issues

interop testcases

simple testcases for c14n11 being selected (possibly to go to xml core)

<fjh> +1 to separate c14n11 alone cases

so some for just c14n11, some for dsig

<klanz2> http://www.w3.org/2007/xmlsec/interop/xmlsig-interop-doc/testcases.html

<fjh> klanz2: created stand alone test case directories, also updated test cases document accordingly

<tlr> I'd suggest the public list for technical discussion.

<fjh> +1 to public list

<fjh> c14n11 cases http://www.w3.org/2007/xmlsec/interop/xmlsig-interop-doc/testcases.html#TestCases-Can-XMLAttributes

<klanz2> http://www.w3.org/2007/xmlsec/interop/xmlsig-interop-doc/testcases.html#XMLLANG

<fjh> ... links in table lead to source documents

<fjh> ... tests in 3.2 can also be done in 3.3 in context of signature as well

klanz2: will continue to update document listed in link above

<fjh> sean: generated sigs for xml:lang, xml:id and xml:space

<sean> zakim. mute me

klanz2: suggest report to core will just be c14n11, not dsig

tlr: original issues were raised in context of dsig, not c14n alone

<fjh> tlr: dealing with partial document c14N11 seems to be use case within dsig context

<tlr> I'm not feeling strongly either way.

<tlr> I won't keep anybody from doing more test cases :)

<fjh> jcc: in favor of keeping stand alone c14n11 test cases

<fjh> ... useful to have independent test cases, easier to detect issues

<fjh> klanz2: dom uses c14n

<Zakim> Thomas, you wanted to ask whether we're sure everybody has the necessary APIs to test the standalone document subset cases

<sean> I don't think it should be a requirement to pass standalone c14n cases

<fjh> +1 to standalone c14n11 use cases, if feasible and practical to do

<fjh> sean: ok for standalone cases, but should not be required test matrix case

<fjh> brich: +1 to sean, useful to have, e.g. for debugging, but not a requirement

tlr: what will the output from the interop look like, want matchup in functions tested

klanz2: separation of testcases allows reporting of subset c14n to interested parties

tlr: +1 to have two ways to test, one for c14n and one in a dsig env.

<fjh> klanz2: single table entry that has both c14n11 standalone and sig with same input

<tlr> "do it" also meaning to have the linked test cases

<tlr> ACTION: klanz2 to document approach to subset expressions in a README file along with the test cases [recorded in http://www.w3.org/2007/09/04-xmlsec-minutes.html#action02]

<trackbot-ng> Created ACTION-87 - Document approach to subset expressions in a README file along with the test cases [on Konrad Lanz - due 2007-09-11].

frederick: question about value of negative testcases

<sean> +1 to negative test cases

<klanz2> http://www.w3.org/2007/xmlsec/interop/xmlsig-interop-doc/testcases.html#TestCases.xmldsig_c14n11

<fjh> klanz: what about implementation that always returns true for all sigs

<fjh> hal: but produce sig value...

<fjh> tlr: do we need test case to discern c14n10 and c14n11 implementations, not negative case per se

<tlr> the hashing / looking at output documents obviates need for negative test cases.

<tlr> We just don't want to have a test suite that yes(1) can pass

<fjh> note - issue for discern c14n10 and c14n11

<klanz2> ;-)

<fjh> ACTION: jcc to remove negative test cases from test case document, save in repository in new document [recorded in http://www.w3.org/2007/09/04-xmlsec-minutes.html#action03]

<trackbot-ng> Created ACTION-88 - Remove negative test cases from test case document, save in repository in new document [on Juan Carlos Cruellas - due 2007-09-11].

<klanz2> What about existing, test cases? Merlin an so on ...

<klanz2> @brich: http://www.w3.org/2007/xmlsec/interop/c14n11/

<klanz2> http://www.w3.org/2007/xmlsec/interop/xmldsig/c14n11/

sean: do we send out reminder about interop?

fjh: need stable draft of interop doc by next week

klanz2: what IPR applies to contributed testcases? can we unpack zip?

<fjh> ACTION: tlr to review whether original XML Sig test cases can be used for derivative work (IPR etc), e.g. merlin.zip [recorded in http://www.w3.org/2007/09/04-xmlsec-minutes.html#action04]

<trackbot-ng> Created ACTION-89 - Review whether original XML Sig test cases can be used for derivative work (IPR etc), e.g. merlin.zip [on Thomas Roessler - due 2007-09-11].

<klanz2> sorry, I was dropped, Ihate my viop client ;-(

<tlr> http://www.w3.org/2004/10/27-testcases.html

<klanz2> back

fjh: are we going to remove duplicate tests?

<fjh> acck

<fjh> ac

sean: not worth work to remove

best practices

fjh: trying to use wiki for this pupose, lacks weight of a document
... suggest continued use of wiki, pending different decision

<klanz2> bye bye

<jcc> exit

Summary of Action Items

[NEW] ACTION: 68 close [recorded in http://www.w3.org/2007/09/04-xmlsec-minutes.html#action01]
[NEW] ACTION: jcc to remove negative test cases from test case document, save in repository in new document [recorded in http://www.w3.org/2007/09/04-xmlsec-minutes.html#action03]
[NEW] ACTION: klanz2 to document approach to subset expressions in a README file along with the test cases [recorded in http://www.w3.org/2007/09/04-xmlsec-minutes.html#action02]
[NEW] ACTION: tlr to review whether original XML Sig test cases can be used for derivative work (IPR etc), e.g. merlin.zip [recorded in http://www.w3.org/2007/09/04-xmlsec-minutes.html#action04]
 
[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.128 (CVS log)
$Date: 2007/09/12 10:03:13 $