See also: IRC log
frederick: welcome back
frederick: minutes from October 30 meeting accepted?
RESOLUTION: October 30 minutes approved
http://www.w3.org/2007/10/30-xmlsec-minutes
frederick: face-to-facce minutes accepted?
RESOLUTION: face-tof-ace minutes accepted
http://www.w3.org/2007/11//08-xmlsec-minutes
http://www.w3.org/2007/11/09-xmlsec-minutes
frederick: updated draft
according to discussion at face-to-face ...
... redline is available ...
... hope people had chance to look ...
<shivaram> I am still dialing in ...
<FrederickHirsch> http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Nov/0018.html
frederick: section that was
changed is section 4 ...
... also, removed "Applications must be able to parse URI
syntax" ...
<FrederickHirsch> clean http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/nochanges.html#sec-URI
<FrederickHirsch> removed XML signature applications MUST be able to parse URI syntax.
frederick: clean version shows section without the removed stuff
tlr: where does "a string as" come from?
frederick: believe face-to-face?
<FrederickHirsch> using a string as a URI-Reference - change introduced at F2F in discussion, konrad?
<klanz2> did people hear what I said ?
<FrederickHirsch> is this better: The URI attribute string value identifies a data object as a URI-Reference
<FrederickHirsch> see "klanz: should say "using a string as a URI reference"" in 8 Nov minujt
<FrederickHirsch> sean agrees with tlr
<FrederickHirsch> The URI attribute identifies a data object using as a URI-Reference
tlr: Don'T think the "as string" helps; more likely to cause confusion. Underlying concern unfounded, as we sayi n the next paragraph that there is a mapping.
<FrederickHirsch> choice #1
sean: agree
The URI attribute identifies a data object using a URI-Reference"
<brich> +1
RESOLUTION: revert first sentence in 4.3.3.1 to "The URI attribute identifies a data object using a URI-Reference"
frederick: any other issues?
PROPOSED RESOLUTION: considering all issues with dsig-core closed
RESOLUTION: considering all issues with dsig-core closed
frederick: sent a new redline to xml core
<FrederickHirsch> sent a new redline to xml core reflecting changes and examples
<FrederickHirsch> http://www.w3.org/2007/xmlsec/c14n11/07-11-20-redline/
frederick: have people looked at this?
tlr: my browser history says this is what I looked at, and I didn'T find any issues
frederick: would like to walk through some
<FrederickHirsch> The "Remove Dot Segments" algorithm is modified to ensure that a combination of two xml:base attribute
<FrederickHirsch> values that include relative path components (i.e., path components that do not begin with a '/'
<FrederickHirsch> character) results in an attribute value that is a relative path component.
<FrederickHirsch> -- added this as bullet
frederick: putting key changes
into IRC...
... modifying algorithm to combine relative path components
...
... also, add examples from previous discussion ...
... third change, to +++ATH ...
<FrederickHirsch> 1. added bullet, 2. added examples, see document, 3. change to xml:id in examples, 4. give link for `appendix A content
<FrederickHirsch> Two questions: (1) any issue with this change from inspection
<FrederickHirsch> (2) implementations to enable xml core to accept
bruce: Looking for the examples
<FrederickHirsch> http://www.w3.org/2007/xmlsec/c14n11/07-11-20-redline/
frederick: in the document
bruce: where?
<FrederickHirsch> http://www.w3.org/2007/xmlsec/c14n11/07-11-20-redline/c14n11-update-clean.pdf
<FrederickHirsch> lines 108 to 128
tlr: lines 119++?
<FrederickHirsch> 3 bullets and removal of b and c from xml example
tlr: 108-111 examples for combining URI references, 119+ XML example
brich: in the original test suite?
tlr: no, discovered at tech plenary
klanz2: similar test cases for
appendix a
... can be seen in mail ...
... mentioned "ending in .." problem ...
... should have been exercised in appendix a ...
<FrederickHirsch> Question can we test these 4 cases explicitly, 3 Remove-Dot-Segment test and the one XML input and output
tlr: this occurs while input for appendix a algorithm is prepared
klanz2: ??
<klanz2> http://www.w3.org/2007/xmlsec/interop/c14n11/appendixa/inputs.txt
<klanz2> http://www.w3.org/2007/xmlsec/interop/c14n11/appendixa/outputs.txt
tlr: problem is that trailing path segment of left-hand side is removed in 3986, which is wrong if that left-hand side is relative URI reference with trailing ..
<klanz2> http://www.w3.org/2007/xmlsec/interop/xmlsig-interop-doc/testcases.html#XMLBASE_ANNEXA
klanz2: should have same results now as at the interop
frederick: would like to have
this in c14n 1.1 document
... would like to be able to say that we have tested the
examples provided ...
... this seems to be a small, slightly different set ...
... can we test and include with core?
klanz2: Can we use the old examples?
frederick: is this really covered with test suite
tlr: same question, not sure I heard that at the f2f
sean: was under impression we're
adding this as new test case
... waiting for tlr ...
<hal> the link near the end of the doc is broken
<hal> http://lists.w3.org/Archives/Public/public-xml-core-187wg/2007Jun/att-0050/Apendix_20060625.html
tlr: sorry to have slacked on this
sean: wanted to update some other material in test suite as well
<FrederickHirsch> Sean - do you have list of what else to be updated?
tlr: let's stay on after this call and try to get this test case in right away.
klanz2: yes, need an integrated
test; agree
... had another look at the test cases ...
frederick: rejoining;
confused
... do we have remove_dot_segments "unit tests"?
<klanz2> http://www.w3.org/2007/xmlsec/interop/c14n11/appendixa/outputs.txt
<klanz2> http://www.w3.org/2007/xmlsec/interop/c14n11/appendixa/inputs.txt
klanz2: confident that we can
split these at any forward slash, combine, and get same
results
... but agree that we should have integrated test ...
frederick: 3 tests needed
... 1. example in redline
... 2. bullets in redline
... think we have mechanism to test that as well
... any need for actions?
tlr: umh, no, still have that one
frederick: wait for sean, thomas to come back
tlr: yes, think so
frederick: worked on this at
face-to-face
... thought we reached pretty good point ...
... distribute to wider audience for feed-back ...
<hal> +1
frederick: any problems with sharing this ...
+1 to sharing with -discuss
scribe: and sending heads-up to aC
<FrederickHirsch> tlr: share with workshop participants and send heads up to AC, before formal team process occurs
<FrederickHirsch> 4 week AC review is later step in process
<FrederickHirsch> now considering AC advanced notice.
tlr: (explains process)
proposed: to share with workshop participants, work with comm team to send advance notice
RESOLUTION: to share current material with workshop participants, work with comm team to send advance notice
<scribe> ACTION: thomas to send message to public-xmlsec-discuss to solicit feed-back [recorded in http://www.w3.org/2007/11/27-xmlsec-minutes.html#action01]
<trackbot-ng> Created ACTION-118 - Send message to public-xmlsec-discuss to solicit feed-back [on Thomas Roessler - due 2007-12-04].
<scribe> ACTION: thomas to work with comm team on AC advance notice [recorded in http://www.w3.org/2007/11/27-xmlsec-minutes.html#action02]
<trackbot-ng> Created ACTION-119 - Work with comm team on AC advance notice [on Thomas Roessler - due 2007-12-04].
frederick: think we're
ready
... next step is template and fill it in
tlr: yes
... another overdue action item, sorry ...
frederick: c14n 1 closure is the other action item here, so we don't rework stuff
frederick: ed, think nobody ever
responded
... to ASN.1 issue ...
ed: ?? got back to me, couldn't
see security issue
... don't have that e-mail in front of me ...
... totally swamped last three weeks ...
... we can probably close this issue ...
... if anything new, will point that out ...
frederick: anything we need to do as result of this question?
ed: idea was to consult with
ASN.1 expert to take look
... still a bit confused as to security considerations in RFC
...
... whether they are applicable as security considerations
...
... RFC 4514 ...
... not sure why it wouldn't affect work we#re doing ...
... tend to agree there isn't much of a hole there ...
... hard to say anything defnitive right now
<FrederickHirsch> Did we ever decide on which wording of the best practice we desired?
frederick: anything we should
record and distill from this?
... don't want to just close this ...
... other question is hal and who else were interested to look
at some material ...
... Hal and Sean, I think ...
sean: yes
<hal> I am interested, may start in Dec
<FrederickHirsch> tlr: started team process for extension of this WG through March
<FrederickHirsch> 2008
tlr: note that this does not imply overlap between this group and the follow-up group
<FrederickHirsch> next step would be message to AC indicating group extended, no additional work for WG
tlr: aim of the process is that after director decides, extension announced to AC ...
ACTION-74 continued
ACTION-105 continued
frederick: Sean and Hal to work on the Wiki? What's the plan?
ACTION-105?
<trackbot-ng> ACTION-105 -- Frederick Hirsch to start issues list for best practices -- due 2007-10-30 -- OPEN
<trackbot-ng> http://www.w3.org/2007/xmlsec/Group/track/actions/105
<sean> wiki is fine for me
ACTION-105 continued; might be overtaken
ACTION-109?
<trackbot-ng> ACTION-109 -- Thomas Roessler to provide example for "isolated .." case -- due 2007-11-15 -- OPEN
<trackbot-ng> http://www.w3.org/2007/xmlsec/Group/track/actions/109
ACTION-110?
<trackbot-ng> ACTION-110 -- Frederick Hirsch to update redline and share with xml:core -- due 2007-11-15 -- OPEN
<trackbot-ng> http://www.w3.org/2007/xmlsec/Group/track/actions/110
trackbot-ng, close ACTION-110
<trackbot-ng> ACTION-110 Update redline and share with xml:core closed
ACTION-111?
<trackbot-ng> ACTION-111 -- Frederick Hirsch to review examples in C14N 1.1 and propose detailed changes to use xml:Id -- due 2007-11-15 -- OPEN
<trackbot-ng> http://www.w3.org/2007/xmlsec/Group/track/actions/111
trackbot-ng, close ACTION-111
<trackbot-ng> ACTION-111 Review examples in C14N 1.1 and propose detailed changes to use xml:Id closed
ACTION-112?
<trackbot-ng> ACTION-112 -- Thomas Roessler to prepare interop report template -- due 2007-11-15 -- OPEN
<trackbot-ng> http://www.w3.org/2007/xmlsec/Group/track/actions/112
ACTION-113?
<trackbot-ng> ACTION-113 -- Sean Mullan to update testcase document -- due 2007-11-15 -- OPEN
<trackbot-ng> http://www.w3.org/2007/xmlsec/Group/track/actions/113
frederick: sean, waht was that about again?
sean: there's test case that's in
suite, not in document
... just generally review document to make sure it's consistent
with test suite
frederick: time line?
sean: this week
ACTION-113 continued
ACTION-114?
<trackbot-ng> ACTION-114 -- Thomas Roessler to ensure that result from ACTION-109 goes into test suite -- due 2007-11-15 -- OPEN
<trackbot-ng> http://www.w3.org/2007/xmlsec/Group/track/actions/114
ACTION-115?
<trackbot-ng> ACTION-115 -- Juan Carlos Cruellas to review EXI with respect to correct XML Security usage -- due 2007-12-10 -- OPEN
<trackbot-ng> http://www.w3.org/2007/xmlsec/Group/track/actions/115
frederick: Juan Carlos told us he's working on this
ACTION-116?
<trackbot-ng> ACTION-116 -- Frederick Hirsch to remind Donald to review XML Signature and Encryption home pages for accuracy -- due 2007-11-16 -- OPEN
<trackbot-ng> http://www.w3.org/2007/xmlsec/Group/track/actions/116
frederick: haven't yet done,
should do
... scribe for next meeting?
... ed? ...
<FrederickHirsch> ed - scribed oct 30
ed: can do, but scribed October
30
... would rather not ...
sean: will scribe
... btw, regrets two weeks from now ...
<EdS> I will scribe for Dec. 13
frederick: hope we're in better
shape wrt test cases and c14n 1.1 testing
... if we can get impl testing under way, that would be great
...
... will coordinate wiht XML Core ...
ed, there is no meeting on Dec 13. It's Dec 11
frederick: anything else?
shivaram: XML Conf in Boston next week?
<EdS> OK, Dec. 11
shivaram: anybody going? ...
Frederick: won't be there
shivaram: might be interesting to meet up
<klanz2> no
frederick: if people get
together, that's of course great
... shivaram, why don't you post to the list ...
-- adjourned --