W3C

XML Security Specifications Maintenance Working Group Teleconference
4 Dec 2007

Agenda

Member-confidential full minutes

See also: IRC log

Attendees

Present
Thomas Roessler, Bruce Rich, Sean Mullan, Konrad Lanz, Hal Lockhart, Rob Miller, Pratik Datta
Regrets
Ed Simon, Frederick Hirsch, Shivaram Mysore
Chair
tlr
Scribe
tlr

Contents


 

 

administrivia

Next meeting: 11 December

tlr: Any reviewers for access-control document from WAF?

hal: don't think problem / requirements statement is clear. Planning to work on that aspect.
... might involve general review ...

tlr: ok, that can probably be tracked in at least 2 WGs.

http://www.w3.org/2007/11/27-xmlsec-minutes.html

RESOLUTION: minutes approved

XML Signature

tlr: please review latest draft-eastlake

c14n changes

http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Nov/0013.html

http://www.w3.org/2007/xmlsec/c14n11/07-12-03-redline/

tlr: revert xml:id related change

sean: checked in document, fyi

tlr: sean, please introduce xml:id related change

sean: at face-to-face, decided that test cases / examples in c14n 1.1 should use xml:id
... agreed to test that ...
... took some weeks to go around to that ...
... discovered that there's xpath expression that depends on id() function ...
... unfortunately, xpath 1.0 does not support xml:id ...
... those examples don't work with xpath 1.0 ...
... don't work with majority of existing software ...

<brich> +1, i'm ok with this

sean: propose reverting to existing examples, to avoid any troubles ...
... existing interop tests don't need to be changed; they used the older version of example

<pdatta> i'm also ok with this

sean: no need to regenerate anything ...

RESOLUTION: WG agrees to revert to old set of examples

http://www.w3.org/2007/xmlsec/interop/xmlsig-interop-doc/testcases.html#XMLID

http://www.w3.org/2007/xmlsec/interop/xmlsig-interop-doc/testcases.html#XMLBASE_C14N11SPEC

sean: Those test actually existed.

<sean> http://www.w3.org/2007/xmlsec/interop/xmlsig-interop-doc/testcases.html#XMLBASE_C14N11SPEC

Test case c14n11/xmlbase-c14n11spec-103

sean: at face-to-face, added test case for the example that is in the c14n 1.1 specification
... for xml:base propagation ...
... we actually added two ...
... one was slightly different ...
... never updated interop document ...
... added 3.2.4.2
... same format as the rest ...
... documents test case ...
... added third one, based on example that we discussed at f2f ...
... with xml:base fix-up ...
... illustrating illustration to remove_dot_segments algorithm ...
... three new test cases ...
... believe all these should be required ...

tlr: review, running of these test cases?

pratik: not yet

brich: reviewed raw XML last night
... not yet a chance to run them ...

tlr: let's check in on that next week
... what was test case naming change about, again?

sean: I raised that. The naming was ...

brich: ... ad-hoc ...

sean: proposed more consistent naming
... will go ahead and rename all test vectors to these names, unless there are objections ...
... mostly want to hear from bruce and pratik ...
... konrad ain't here, don't expect trouble from him ...

bruce: ok

pratik: can rename them

<scribe> ACTION: sean to rename test cases as proposed [recorded in http://www.w3.org/2007/12/04-xmlsec-minutes.html#action01]

<trackbot-ng> Created ACTION-120 - Rename test cases as proposed [on Sean Mullan - due 2007-12-11].

interop update (member-confidential)

Participants discussed product plans and the current state of running certain elements of the test suite. The full discussion is minuted in the full minutes (member-confidential).

interop report (public)

tlr: will prepare template this week

http://www.w3.org/Signature/2000/10/10-c14n-interop.html

... to serve as starting point ...

<klanz2> we usually run most of them as regression tests

tlr: where are we on legacy test cases?

sean: run them as functional test
... not enhancing them ...

<klanz2> there should be a link in the test cases document

pratik: ran these a long time ago
... part of regressions ...

<sean> http://www.w3.org/Signature/2001/04/05-xmldsig-interop.html

brich: can check with dev team ...
... have test bucket, not sure how that maps to these things ...

chartering update

ACTION-119?

<trackbot-ng> ACTION-119 -- Thomas Roessler to work with comm team on AC advance notice -- due 2007-12-04 -- PENDINGREVIEW

<trackbot-ng> http://www.w3.org/2007/xmlsec/Group/track/actions/119

ACTION-119 closed

<trackbot-ng> ACTION-119 Work with comm team on AC advance notice closed

ACTION-118?

<trackbot-ng> ACTION-118 -- Thomas Roessler to send message to public-xmlsec-discuss to solicit feed-back -- due 2007-12-04 -- PENDINGREVIEW

<trackbot-ng> http://www.w3.org/2007/xmlsec/Group/track/actions/118

ACTION-118 closed

<trackbot-ng> ACTION-118 Send message to public-xmlsec-discuss to solicit feed-back closed

tlr: believe there's some input from RSA coming in; let's look at that next time

best practices

tlr: anything?

-- silence ---

action item closures

ACTION-102 closed

<trackbot-ng> ACTION-102 Write up choice re 4.3.3.1 closed

ACTION-104 closed

<trackbot-ng> ACTION-104 Contact Martin D, get handle on HRRI / IRI / charmod issues closed

ACTION-109 closed

<trackbot-ng> ACTION-109 Provide example for "isolated .." case closed

ACTION-113 closed

<trackbot-ng> ACTION-113 Update testcase document closed

ACTION-114 closed

<trackbot-ng> ACTION-114 Ensure that result from ACTION-109 goes into test suite closed

any other business?

sean: regrets for 11 December

Summary of Action Items

[NEW] ACTION: sean to rename test cases as proposed [recorded in http://www.w3.org/2007/12/04-xmlsec-minutes.html#action01]
 
[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.128 (CVS log)
$Date: 2007/12/11 14:09:30 $