12:44:54 RRSAgent has joined #xmlsec 12:44:54 logging to http://www.w3.org/2008/04/15-xmlsec-irc 12:44:56 RRSAgent, make logs public 12:44:56 Zakim has joined #xmlsec 12:44:58 Zakim, this will be XMLSEC 12:44:58 ok, trackbot-ng; I see T&S_XMLSEC()9:00AM scheduled to start in 16 minutes 12:44:59 Meeting: XML Security Specifications Maintenance Working Group Teleconference 12:44:59 Date: 15 April 2008 12:46:29 fjh has joined #xmlsec 12:46:50 zakim, who is here? 12:46:50 T&S_XMLSEC()9:00AM has not yet started, fjh 12:46:51 On IRC I see fjh, Zakim, RRSAgent, tlr, trackbot-ng 12:47:36 Agenda: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2008Apr/0016.html 12:47:42 Chair: Frederick Hirsch 12:48:12 Scribe: John Wray 12:50:01 T&S_XMLSEC()9:00AM has now started 12:50:08 + +1.978.888.aaaa 12:50:13 zakim, call thomas-781 12:50:13 ok, tlr; the call is being made 12:50:14 +Thomas 12:50:49 +Frederick_Hirsch 12:50:49 zakim, aaaa is jwray 12:50:51 +jwray; got it 12:51:43 zakim, who is here? 12:51:43 On the phone I see jwray, Thomas, Frederick_Hirsch 12:51:44 On IRC I see fjh, Zakim, RRSAgent, tlr, trackbot-ng 12:52:51 Topic: Administrative 12:54:35 sean has joined #xmlsec 12:54:45 CGI421 has joined #xmlsec 12:55:26 jcc has joined #xmlsec 12:57:53 Topic: Meeting Planning 12:58:53 +??P4 12:59:15 zakim, p4 is rob miller 12:59:15 I don't understand 'p4 is rob miller', fjh 12:59:37 zakim, ??P4 is rob miller 12:59:37 I don't understand '??P4 is rob miller', tlr 12:59:44 + +1.617.876.aabb 12:59:45 zakim, ??P4 is RobMiller 12:59:45 +RobMiller; got it 13:00:03 zakim, aabb is sean 13:00:03 +sean; got it 13:00:09 zakim, who is here? 13:00:09 On the phone I see jwray, Thomas, Frederick_Hirsch, RobMiller, sean 13:00:10 On IRC I see jcc, sean, fjh, Zakim, RRSAgent, tlr, trackbot-ng 13:00:11 +Ed_Simon 13:00:19 + +1.512.401.aacc 13:00:21 brich has joined #xmlsec 13:00:33 zakim, aacc is brich 13:00:33 +brich; got it 13:00:39 zakim, who is here? 13:00:39 On the phone I see jwray, Thomas, Frederick_Hirsch, RobMiller, sean, Ed_Simon, brich 13:00:41 On IRC I see brich, jcc, sean, fjh, Zakim, RRSAgent, tlr, trackbot-ng 13:01:45 PHB has joined #xmlsec 13:01:57 zakim, code? 13:01:57 the conference code is 965732 (tel:+1.617.761.6200 tel:+33.4.89.06.34.99 tel:+44.117.370.6152), PHB 13:02:07 +??P13 13:02:23 +PHB 13:02:23 EdS has joined #xmlsec 13:02:40 zakim, P13 is jcc 13:02:40 sorry, fjh, I do not recognize a party named 'P13' 13:02:41 pdatta has joined #xmlsec 13:02:49 zakim, ??P13 is jcc 13:02:49 +jcc; got it 13:02:56 zakim, who is here? 13:02:56 On the phone I see jwray, Thomas, Frederick_Hirsch, RobMiller, sean, Ed_Simon, brich, jcc, PHB 13:02:59 On IRC I see pdatta, EdS, PHB, brich, jcc, sean, fjh, Zakim, RRSAgent, tlr, trackbot-ng 13:03:17 +Hal_Lockhart 13:03:59 +James_Nurthen 13:04:19 zakim, James_Nurthen is really Pratik_Datta 13:04:31 +Pratik_Datta; got it 13:04:48 zakim, who is here? 13:04:53 On the phone I see jwray, Thomas, Frederick_Hirsch, RobMiller, sean, Ed_Simon, brich, jcc, PHB, Hal_Lockhart, Pratik_Datta 13:05:04 On IRC I see pdatta, EdS, PHB, brich, jcc, sean, fjh, Zakim, RRSAgent, tlr, trackbot-ng 13:05:08 klanz2 has joined #xmlsec 13:05:48 ScribeNick: tlr 13:06:14 shivaram has joined #xmlsec 13:06:37 zakim, call thomas-781 13:06:37 ok, tlr; the call is being made 13:06:39 +Thomas.a 13:06:46 zakim, drop Thomas 13:06:46 Thomas is being disconnected 13:06:47 -Thomas 13:06:52 + +1.408.907.aadd 13:07:05 next call is 6 May 13:07:14 zakim, aadd is shivaram 13:07:14 +shivaram; got it 13:07:29 Frederick: next meeting 6 May, Shivaram to scribe 13:07:46 zakim, mute me 13:07:46 shivaram should now be muted 13:08:01 frederick: sent material to WS-I 13:08:07 WAF widget signing: http://www.w3.org/TR/widgets-digsig/ 13:08:14 ... widget signing is FPWD now ... 13:08:22 ... you may want to review latest draft ... 13:08:33 minutes - http://www.w3.org/2008/04/01-xmlsec-minutes.html 13:08:34 topic: minutes from last meeting 13:08:43 RESOLUTION: approved 13:09:03 Dsig AC Reps http://www.w3.org/2002/09/wbs/33280/xmlsigper2008/ 13:09:08 +mscottm 13:09:10 zakim, ? is klanz2 13:09:10 sorry, klanz2, I do not recognize a party named '?' 13:09:23 zakim, mscottm is really klanz2 13:09:23 +klanz2; got it 13:10:19 http://www.w3.org/2002/09/wbs/33280/xmlsec2008/ 13:10:24 frederick: please make sure your AC reps submit reviews for PER and charter 13:10:33 ... chartering deadline is 2 may 13:10:44 ... contacting AC reps now might be helpful 13:10:57 hal has joined #xmlsec 13:11:14 ... face-to-face schedule for kick-off getting tight 13:11:20 ... propose week of 14 July ... 13:11:33 ... how would that work? ... 13:11:42 that would be a problem for me 13:11:49 juan carlos: would be a problem - holiday starting on the 15th 13:12:20 q+ 13:12:30 hal: first time I heard the date 13:12:31 I would have to check for conflicts too. 13:12:38 q- 13:12:39 ... no conflicts off the top of my head 13:12:53 hal: location? 13:13:07 q+ 13:13:16 frederick: had two offers from Europe (Barcelona or Graz) ... 13:13:49 jcc: number? 13:14:00 frederick: 15-20 as wild guess 13:14:22 juan carlos: will check, may have some degrees of freedom 13:14:32 hal: Can host in Boston or Bay for < 30 13:15:04 frederick: please share possibilities on member-visible list, what dates work, etc. 13:15:27 frederick: konrad? 13:15:40 konrad: umh 13:15:47 tlr: talked to Peter last week, he said the offer is on 13:16:16 pbaker: please make Tue-Thu, not Mon or Fri 13:16:19 frederick: reasonable 13:16:30 ;-) 13:16:51 topic: test case document 13:16:59 s/;-)// 13:17:31 frederick: some editorial clean-up from Thomas, some content-wise from Sean 13:17:38 http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2008Apr/0015.htm 13:17:44 sean: main change in section 3.2 13:17:45 section 3.3.4 and fixed reference 13:17:51 s/3.2/3.3.4/ 13:18:06 ... explained optional behavior for generation, mandatory for verification ... 13:18:11 ... improved wording, added rationale, etc ... 13:18:18 ... tried to improve readability of section 13:18:24 frederick: don't know if people have reviewed 13:19:26 tlr: fixed markup, references, added text about conformance 13:19:40 ... added sectioning for individual test cases for ease of use 13:20:39 (discussion about make vs ant build processes) 13:21:39 frederick: process for moving forward? 13:21:47 tlr: moratorium ends 28 April 13:21:56 frederick: expect to proceed with publication if don't hear by then 13:22:19 topic: Relax NG schema 13:22:23 http://www.w3.org/2007/xmlsec/Drafts/xmldsig-rngschema/ 13:22:50 tlr: request on original xmlsig list related to Open Office XML 13:23:02 ... desire to have normative reference to Relax NG schema 13:23:15 ... original version from Joseph Reagle on W3C site 13:23:43 ... rather than having it copied, a Note might be preferable, especially since they wanted Compact Syntax which had not yet been created. 13:24:19 ... Proposal, have minimal WG Note with both Relax NG full and compact syntax. Not normative document. 13:24:42 ... Need review of Relax NG schema for correctness 13:24:53 s/review/WG review 13:25:25 http://www.w3.org/2007/xmlsec/Drafts/xmldsig-rngschema/ 13:25:26 we do not support Relax NG 13:26:01 How many support Relax NG? 13:26:22 RobMiller: put out call on internal list for review 13:26:30 ... will report back if/when there's more information ... 13:26:44 hal: not committing anything either 13:26:53 well, we can parse what xalan can parse, but we'll always the signautre itself against xmlschema 13:27:17 s/always the/always check/ 13:27:31 ack klanz2 13:27:34 frederick: what's your message in the chat saying? 13:28:06 klanz: we can try to validate a bunch of signatures against RNG schema 13:28:32 ack phb 13:29:24 frederick: konrad, if there's anything immediately noticeable, please say 13:29:39 topic: best practices 13:29:46 http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/ 13:30:42 frederick: tried to rework what Hal and Pratik had posted into that format 13:31:15 q+ 13:31:41 pratik: on xpath, had a list of xpath expressions 13:32:17 ... example there was complex xpath that was signing no node ... 13:33:41 frederick: more on nodes? 13:33:46 hal: need bunch of references 13:33:57 ... plan to do 5 more or so on the topics ... 13:34:02 ... depth, different issues ... 13:34:28 ... there's also some controversial issues ... 13:34:34 ... will attempt to identify where people might disagree ... 13:34:35 q+ 13:34:58 hal: question what's most expedient 13:35:09 ack klanz 13:35:11 ack klanz 13:35:23 ack klanz2 13:36:06 ws-i bsp "threats and countermeasures" 13:36:10 klanz2: think we should do some more referencing 13:36:15 ... where others have done work ... 13:36:39 ... there are some that are narrow xmldsig, some are about stuff on top of xmldsig ... 13:36:44 ... time stamps are more broadly ... 13:36:55 wider sense - e.g. application usage of xml signature 13:36:57 ... xpath and canonicalization are narrower ... 13:37:03 ... think there's a natural partition ... 13:37:10 narrow sense - detail of xml signature standard itself 13:37:28 hal: agree there's a logical division, not sure how easy to do 13:37:32 ... and how useful to the reader ... 13:37:45 ... I'd think you'd always want to put in a time stamp ... 13:38:00 question of defining roles, target audience for individual best practices 13:38:04 ... some of the other concerns only a few people will run into ... 13:38:31 klanz: some applications might simply assume "signature was made during validity period" 13:39:14 ... some points here go into PKI validation ... 13:39:23 ... time stamping belongs there, too ... 13:39:32 frederick: there are different audiences 13:39:58 hal: want to talk about references 13:40:09 ... what we learned doing in WSS ... 13:40:16 ... what things turned out to be bad ideas ... 13:40:19 ... are deprecated .. 13:40:22 ... lots of stuff around that ... 13:40:42 need to discuss referencing 13:40:45 q? 13:40:48 ack jcc 13:40:48 acc jcc 13:40:51 ack jcc 13:40:57 jcc: what are the plans for the production of best practices 13:41:10 ... do we expect people to provide material, and people may comment on the material ... 13:41:24 ... what's the expectation? 13:41:49 frederick: two aspects to this question 13:41:54 ... first one, what's WG process 13:42:03 ... second one, what are the broader implications 13:42:07 ... this is obviously a draft ... 13:42:15 ... need agreement in the WG ... 13:42:29 ... trying to put something down, then correct ... 13:42:36 ... as opposed to inching toward it piecewise ... 13:42:40 ... do stuff on list, get it started ... 13:42:52 ... so, please comment ... 13:43:01 ... broader question - how play out in general community ... 13:43:13 ... is it important for us to get external feedback? 13:43:16 ... e.g., WS-I, OASIS? 13:43:19 q+ 13:43:26 ... what's the right process 13:44:12 +1 13:44:12 I would suggest an informal notice to all of these groups and have them comment on public mailing list. We can then invite them as needed. 13:45:00 tlr: Intended to be a Note 13:45:39 ... we can do a Deliverable like this in the next WG even without having it in the charter (process wise) 13:45:58 tlr: can start and hand off to follow on WG 13:46:28 tlr: we can make working tdafts to notes 13:46:41 tlr: can produce version, can publish as public WD to have continued by follow on wg, and seek input 13:46:43 s/tdafts/drafts/ 13:46:52 s/input/external input 13:46:59 q+ 13:47:00 q+ 13:47:21 q- 13:47:23 jcc: personal feeling is that external review would be extremely useful 13:47:30 ack jcc 13:47:34 .... e.g., etsi has time-stamp related formats on top of dsig 13:47:46 ack klanz 13:48:02 q+ 13:48:02 http://lists.w3.org/Archives/Public/public-xmlsec-comments/ 13:48:04 klanz2: can we use the comments mailing list? 13:48:18 ... for people to send input? 13:48:19 tlr: yes 13:48:23 tlr: this list is appropriate 13:48:47 frederick: will take a bit of time to have an initial version that we're comfortable with 13:48:52 ... can start public review at that point ... 13:48:59 ... something to do before we have to worry about that ... 13:49:08 ... sounds like we don't have a problem ... 13:49:15 q- 13:49:17 ... main thing is to write down things we've learned in this group ... 13:49:41 hal: 3-5 more mails of the same size, then might want to flush that out 13:49:53 ... speaking to what JCC said, looking forward to comment ... 13:49:58 ... would be surprised if I got it all right ... 13:50:10 -jcc 13:50:16 ... another point, very true and general comments can end up being unintelligible ... 13:50:23 frederick: yes, value of concrete examples 13:50:32 q? 13:50:36 q? 13:50:52 Sorry, was kicked off 13:51:05 klanz: think this is a good thing to lead us from this group to the next one 13:51:22 dialing again 13:51:36 frederick: anything else on best practices 13:51:46 ... also, anybody who has material to contribute, please send to public list ... 13:52:09 ... hoping to make progress on draft between now and next call ... 13:52:13 topic: action item review 13:52:35 trackbot-ng, close ACTION-147 13:52:36 ACTION-147 Update the test cases document; polish for publication as a Note closed 13:52:47 +??P7 13:52:59 see http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2008Apr/0010.html 13:53:05 zakim, P7 is jcc 13:53:05 sorry, fjh, I do not recognize a party named 'P7' 13:53:13 zakim, ??P7 is jcc 13:53:13 +jcc; got it 13:53:25 trackbot-ng, close ACTION-148 13:53:25 ACTION-148 Send comments to EXI group as circulated to the XMLSEC closed 13:53:52 http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2008Apr/0009.html 13:54:00 trackbot-ng, close ACTION-149 13:54:00 ACTION-149 Clarify DName testing in test case document closed 13:54:11 http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2008Apr/0015.html 13:54:20 ACTION-150? 13:54:20 ACTION-150 -- Phillip Hallam-Baker to distribute a draft regarding identifiers registry -- due 2008-04-15 -- OPEN 13:54:20 http://www.w3.org/2007/xmlsec/Group/track/actions/150 13:54:30 -jwray 13:55:08 http://www.w3.org/2007/xmlsec/Group/track/actions/pendingreview 13:55:20 trackbot-ng, close ACTION-121 13:55:20 ACTION-121 Fix CR/LF issue for test case 103 closed 13:55:25 trackbot-ng, close ACTION-126 13:55:25 ACTION-126 Check consistency of 4.3.3.1 and references closed 13:55:40 trackbot-ng, close ACTION-127 13:55:40 ACTION-127 Propose change to charter draft that opens encryption, in a limited way closed 13:56:36 topic: aob 13:57:21 frederick: reminders again 13:57:21 thx 13:57:23 ... RNG schema 13:57:25 ... prod ac reps 13:57:27 ... review best practices 13:57:29 adjourned 13:57:31 zakim, list participants 13:57:31 -Hal_Lockhart 13:57:33 As of this point the attendees have been +1.978.888.aaaa, Thomas, Frederick_Hirsch, jwray, +1.617.876.aabb, RobMiller, sean, Ed_Simon, +1.512.401.aacc, brich, PHB, jcc, 13:57:35 ... Hal_Lockhart, Pratik_Datta, Thomas.a, +1.408.907.aadd, shivaram, klanz2 13:57:35 -shivaram 13:57:36 -Pratik_Datta 13:57:37 -RobMiller 13:57:38 -brich 13:57:38 -sean 13:57:39 -PHB 13:57:41 -Thomas.a 13:57:43 -jcc 13:57:45 -Ed_Simon 13:57:46 jcc has left #xmlsec 13:57:51 zakim, who is here? 13:57:51 On the phone I see Frederick_Hirsch, klanz2 13:57:55 On IRC I see klanz2, PHB, brich, fjh, Zakim, RRSAgent, tlr, trackbot-ng 13:58:03 -klanz2 13:58:11 -Frederick_Hirsch 13:58:13 T&S_XMLSEC()9:00AM has ended 13:58:17 Attendees were +1.978.888.aaaa, Thomas, Frederick_Hirsch, jwray, +1.617.876.aabb, RobMiller, sean, Ed_Simon, +1.512.401.aacc, brich, PHB, jcc, Hal_Lockhart, Pratik_Datta, Thomas.a, 13:58:20 ... +1.408.907.aadd, shivaram, klanz2 13:58:42 Zakim, list participants 13:58:44 sorry, fjh, I don't know what conference this is 13:59:16 RRSAgent, make log public 13:59:29 RRSAgent, generate minutes 13:59:29 I have made the request to generate http://www.w3.org/2008/04/15-xmlsec-minutes.html fjh 14:00:29 Scribe: Thomas Roessler, Frederick Hirsch 14:00:53 RRSAgent, generate minutes 14:00:53 I have made the request to generate http://www.w3.org/2008/04/15-xmlsec-minutes.html fjh 14:02:13 rrsagent, make record public 14:02:15 rrsagent, excuse us 14:02:15 I see no action items