See also: IRC log
<trackbot-ng> Date: 15 April 2008
<scribe> ScribeNick: tlr
<fjh> next call is 6 May
Frederick: next meeting 6 May,
Shivaram to scribe
... sent material to WS-I
<fjh> WAF widget signing: http://www.w3.org/TR/widgets-digsig/
frederick: widget signing is FPWD
now ...
... you may want to review latest draft ...
<fjh> minutes - http://www.w3.org/2008/04/01-xmlsec-minutes.html
RESOLUTION: approved
<fjh> Dsig AC Reps http://www.w3.org/2002/09/wbs/33280/xmlsigper2008/
<fjh> http://www.w3.org/2002/09/wbs/33280/xmlsec2008/
frederick: please make sure your
AC reps submit reviews for PER and charter
... chartering deadline is 2 may
... contacting AC reps now might be helpful
... face-to-face schedule for kick-off getting tight
... propose week of 14 July ...
... how would that work? ...
<brich> that would be a problem for me
juan carlos: would be a problem - holiday starting on the 15th
hal: first time I heard the date
<EdS> I would have to check for conflicts too.
hal: no conflicts off the top of
my head
... location?
frederick: had two offers from Europe (Barcelona or Graz) ...
jcc: number?
frederick: 15-20 as wild guess
juan carlos: will check, may have some degrees of freedom
hal: Can host in Boston or Bay for < 30
frederick: please share
possibilities on member-visible list, what dates work,
etc.
... konrad?
konrad: umh
tlr: talked to Peter last week, he said the offer is on
pbaker: please make Tue-Thu, not Mon or Fri
frederick: reasonable
frederick: some editorial clean-up from Thomas, some content-wise from Sean
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2008Apr/0015.htm
sean: main change in section 3.3.4
<fjh> section 3.3.4 and fixed reference
sean: explained optional behavior
for generation, mandatory for verification ...
... improved wording, added rationale, etc ...
... tried to improve readability of section
frederick: don't know if people have reviewed
<fjh> tlr: fixed markup, references, added text about conformance
<fjh> ... added sectioning for individual test cases for ease of use
(discussion about make vs ant build processes)
frederick: process for moving forward?
tlr: moratorium ends 28 April
frederick: expect to proceed with publication if don't hear by then
<fjh> http://www.w3.org/2007/xmlsec/Drafts/xmldsig-rngschema/
<fjh> tlr: request on original xmlsig list related to Open Office XML
<fjh> ... desire to have normative reference to Relax NG schema
<fjh> ... original version from Joseph Reagle on W3C site
<fjh> ... rather than having it copied, a Note might be preferable, especially since they wanted Compact Syntax which had not yet been created.
<fjh> ... Proposal, have minimal WG Note with both Relax NG full and compact syntax. Not normative document.
<fjh> ... Need WG review of Relax NG schema for correctness
http://www.w3.org/2007/xmlsec/Drafts/xmldsig-rngschema/
<klanz2> we do not support Relax NG
<shivaram> How many support Relax NG?
RobMiller: put out call on
internal list for review
... will report back if/when there's more information ...
hal: not committing anything either
<klanz2> well, we can parse what xalan can parse, but we'll always check signautre itself against xmlschema
frederick: what's your message in the chat saying?
klanz: we can try to validate a bunch of signatures against RNG schema
frederick: konrad, if there's anything immediately noticeable, please say
http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/
frederick: tried to rework what Hal and Pratik had posted into that format
pratik: on xpath, had a list of
xpath expressions
... example there was complex xpath that was signing no node
...
frederick: more on nodes?
hal: need bunch of
references
... plan to do 5 more or so on the topics ...
... depth, different issues ...
... there's also some controversial issues ...
... will attempt to identify where people might disagree
...
... question what's most expedient
<fjh> ws-i bsp "threats and countermeasures"
klanz2: think we should do some
more referencing
... where others have done work ...
... there are some that are narrow xmldsig, some are about
stuff on top of xmldsig ...
... time stamps are more broadly ...
<fjh> wider sense - e.g. application usage of xml signature
klanz2: xpath and
canonicalization are narrower ...
... think there's a natural partition ...
<fjh> narrow sense - detail of xml signature standard itself
hal: agree there's a logical
division, not sure how easy to do
... and how useful to the reader ...
... I'd think you'd always want to put in a time stamp ...
<fjh> question of defining roles, target audience for individual best practices
hal: some of the other concerns only a few people will run into ...
klanz: some applications might
simply assume "signature was made during validity period"
... some points here go into PKI validation ...
... time stamping belongs there, too ...
frederick: there are different audiences
hal: want to talk about
references
... what we learned doing in WSS ...
... what things turned out to be bad ideas ...
... are deprecated ..
... lots of stuff around that ...
<fjh> need to discuss referencing
<fjh> acc jcc
jcc: what are the plans for the
production of best practices
... do we expect people to provide material, and people may
comment on the material ...
... what's the expectation?
frederick: two aspects to this
question
... first one, what's WG process
... second one, what are the broader implications
... this is obviously a draft ...
... need agreement in the WG ...
... trying to put something down, then correct ...
... as opposed to inching toward it piecewise ...
... do stuff on list, get it started ...
... so, please comment ...
... broader question - how play out in general community
...
... is it important for us to get external feedback?
... e.g., WS-I, OASIS?
... what's the right process
<hal> +1
<shivaram> I would suggest an informal notice to all of these groups and have them comment on public mailing list. We can then invite them as needed.
<klanz2> tlr: Intended to be a Note
<klanz2> ... we can do a Deliverable like this in the next WG even without having it in the charter (process wise)
<fjh> tlr: can start and hand off to follow on WG
<klanz2> tlr: we can make working drafts to notes
<fjh> tlr: can produce version, can publish as public WD to have continued by follow on wg, and seek external input
jcc: personal feeling is that
external review would be extremely useful
... e.g., etsi has time-stamp related formats on top of
dsig
<klanz2> http://lists.w3.org/Archives/Public/public-xmlsec-comments/
klanz2: can we use the comments
mailing list?
... for people to send input?
tlr: yes
<fjh> tlr: this list is appropriate
frederick: will take a bit of
time to have an initial version that we're comfortable
with
... can start public review at that point ...
... something to do before we have to worry about that
...
... sounds like we don't have a problem ...
... main thing is to write down things we've learned in this
group ...
hal: 3-5 more mails of the same
size, then might want to flush that out
... speaking to what JCC said, looking forward to comment
...
... would be surprised if I got it all right ...
... another point, very true and general comments can end up
being unintelligible ...
frederick: yes, value of concrete examples
<jcc> Sorry, was kicked off
klanz: think this is a good thing to lead us from this group to the next one
<jcc> dialing again
frederick: anything else on best
practices
... also, anybody who has material to contribute, please send
to public list ...
... hoping to make progress on draft between now and next call
...
trackbot-ng, close ACTION-147
<trackbot-ng> ACTION-147 Update the test cases document; polish for publication as a Note closed
<fjh> see http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2008Apr/0010.html
trackbot-ng, close ACTION-148
<trackbot-ng> ACTION-148 Send comments to EXI group as circulated to the XMLSEC closed
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2008Apr/0009.html
trackbot-ng, close ACTION-149
<trackbot-ng> ACTION-149 Clarify DName testing in test case document closed
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2008Apr/0015.html
ACTION-150?
<trackbot-ng> ACTION-150 -- Phillip Hallam-Baker to distribute a draft regarding identifiers registry -- due 2008-04-15 -- OPEN
<trackbot-ng> http://www.w3.org/2007/xmlsec/Group/track/actions/150
http://www.w3.org/2007/xmlsec/Group/track/actions/pendingreview
trackbot-ng, close ACTION-121
<trackbot-ng> ACTION-121 Fix CR/LF issue for test case 103 closed
trackbot-ng, close ACTION-126
<trackbot-ng> ACTION-126 Check consistency of 4.3.3.1 and references closed
trackbot-ng, close ACTION-127
<trackbot-ng> ACTION-127 Propose change to charter draft that opens encryption, in a limited way closed
frederick: reminders again: Please ask AC representatives to complete questionnaires on XML Signature PER and Security Activity/XMLSec chartering. Also work on list for Best Practices before next call, and review of Relax NG schemas.
frederick: RNG schema
... prod ac reps
... review best practices
adjourned
<fjh> Scribe: Thomas Roessler, Frederick Hirsch