- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Fri, 1 May 2009 11:44:24 -0400
- To: XMLSec WG Public List <public-xmlsec@w3.org>
- Cc: Frederick Hirsch <frederick.hirsch@nokia.com>
Agenda: W3C XML Security WG (XMLSec) v2
Teleconference 5 May 2009
Distributed Meeting #30
v2
add best practices agenda item, add Cynthia Martin to regrets and
scribe list, update on newly published documents, minutes update, add
xml encryption agenda item
10-12:00 am Eastern Time
Information on meeting times in various time zones:
http://www.w3.org/2008/xmlsec/Group/Overview.html#phone
Zakim Bridge:
+1.617.761.6200 conference code 965732# ('XMLSEC')
IRC Chat:
irc.w3.org (port 6665), #xmlsec
Web-based IRC (member-only):
<http://cgi.w3.org/member-bin/irc/irc.cgi>
Please note that attendance of XMLSEC WG teleconferences is restricted
to registered WG participants and persons invited by the chair.
Roadmap and status of Draft deliverables (both editors drafts and
latest publications) are available at
http://www.w3.org/2008/xmlsec/wiki/RoadmapandPublicationStatus
Chair: Frederick Hirsch
Regrets: Cynthia Martin
see http://www.w3.org/2008/xmlsec/Group/Overview.html#upcoming-meetings
1) Administrivia: scribe confirmation, next meeting, other
1a) Bruce Rich is scheduled to scribe
The current scribe list is at the end of this message, will rotate
through this list.
Scribe Instructions:
http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html
1b) Meeting planning: weekly meetings
This WG meets weekly on Tuesdays 10-12 Eastern unless a meeting is
cancelled.
Upcoming meeting information is available on the WG Administrative page:
http://www.w3.org/2008/xmlsec/Group/Overview.html#upcoming-meetings
Next meeting: F2F #4: 12-13 May, 9:00-18:00 ET each day
Hosted by RSA (EMC), Bedford MA, logistics: http://lists.w3.org/Archives/Member/member-xmlsec/2009Mar/0015.html
1c) Liaisons and Coordination
See status at members page
http://www.w3.org/2008/xmlsec/Group/Overview.html#coordination
1d) Announcements
i) Please complete F2F Registration (12-13 May) Questionnaire
http://lists.w3.org/Archives/Member/member-xmlsec/2009Mar/0017.html
ii) Signature Properties published 30 April
http://lists.w3.org/Archives/Public/public-xmlsec/2009Apr/0067.html
http://www.w3.org/TR/2009/WD-xmldsig-properties-20090430/
iii) Widget Signature LCWD published 30 April
Please review and provide comment before 1 June 2009
http://lists.w3.org/Archives/Public/public-xmlsec/2009May/0000.html
iv) SHA-1 collisions in 2^52
http://lists.w3.org/Archives/Public/public-xmlsec/2009Apr/0064.html
(Thomas)
2) Minutes Approval
Please review and indicate corrections in attendance list.
Minutes from 28 April 2009, for approval:
http://www.w3.org/2009/04/28-xmlsec-minutes.html
Add Shivaram Mysore to attendees list.
3) New issues and Editorial update status (Completed and pending)
Please remember to send note to public list when completing editing,
indicating what has changed and associated action. Please mark action
as pending as well.
3i) New Issue, ISSUE-117, Key Wrap (XML Encryption Syntax and
Processing Maintenance)
The description of the traditional key wrap algorithms in XML
Encryption duplicates substantive specification material from the
normative specifications for these algorithms. That duplication of
material should be replaced by a reference to the relevant IETF
specifications.
4) Interop Status and Planning
See wiki page
http://www.w3.org/2008/xmlsec/wiki/InteropPlanning (Frederick)
5) Algorithm URIs
http://lists.w3.org/Archives/Public/public-xmlsec/2009Apr/0062.html
(Thomas)
6) F2F Agenda review and planning
Please review F2F Agenda and note missing items or other suggestions
http://lists.w3.org/Archives/Public/public-xmlsec/2009Apr/0065.html
7) Best Practices
7a) ACTION-126: Call out local system access risks regarding XSLT
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0001.html
(Ken)
7b) ACTION-127 trade-off between different extensibility mechanisms
request for intermediary use cases
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0003.html
(Thomas)
7c) Best practice on XPath Filter 2.0 preference
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0062.html
(Sean)
7d) Best practices review comment
http://lists.w3.org/Archives/Public/public-xmlsec/2008Oct/0030.html
(Juan Carlos)
switch order of BP 1 and 2, rename BP 1
"Mitigate denial of service attacks by validating the references (that
might imply potentially dangerous operations ) only after the
verification of SignedInfo has been completed"
see current practice and comment:
http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/#denial-of-service
8) XML Encryption 1.1
8a) AES KeyWrap with padding
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jan/0077.html
(Thomas)
http://lists.w3.org/Archives/Public/public-xmlsec/2009Feb/0100.html
Added to section 5.6.4 as OPTIONAL, time to revisit?
http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.htm#sec-Alg-SymmetricKeyWrap
Need to add to section 5.1 list of algorithms?
http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.htm#sec-AlgID
8b) Table of contents to one level deeper?
9) Use cases and requirements
9a) Missing byte range use case and requirements?
http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0023.html
(Chris)
10) Action Item and Issue Review
10a) Close Pending actions
[pending review] ACTION-264: Frederick Hirsch to Make publication
request for signature properties for this thursday, 30 April - due
2009-05-05 [on ]
http://www.w3.org/2008/xmlsec/track/actions/264 (Completed by Thomas)
[pending review] ACTION-265: Thomas Roessler to Update signature
properties for publication and place in proper location - due
2009-05-05 [on ]
http://www.w3.org/2008/xmlsec/track/actions/265
10b) Open Action Review
Open actions are listed in Tracker at http://www.w3.org/2008/xmlsec/track/actions/open
Procedure for closing actions: http://www.w3.org/2007/xmlsec/Group/Overview.html#closing-actions
Please review open action list and update your actions appropriately:
http://www.w3.org/2008/xmlsec/actions-open.html
11) Issues review
http://www.w3.org/2008/xmlsec/track/issues/open
12) Other Business
13) Adjourn
Scribing list
----------------
Cynthia Martin, MITRE ()
Bruce Rich, IBM (17 July F2F am, 21 October 2008 F2F am)
Hal Lockhart, Oracle (9 December 2008)
Phillip Hallam-Baker, Verisign (F2F 13 January 2009, am)
Shivaram Mysore, Invited Expert ( F2F 14 January 2009, pm)
Brian LaMacchia, Microsoft ( F2F 14 January 2009, pm)
Bradley Hill, Invited Expert (27 January 2009)
Sean Mullan, Sun (3 February 2009)
Pratik Datta, Oracle ( F2F 14 January 2009, pm, 10 February 2009)
Konrad Lanz, IAIK (24 February 2009, 16 July F2F am)
Juan Carlos Cruellas, Universitat Politècnica de Catalunya (17
February 2009, 16 September 2008)
Chris Solc, Adobe (3 March 2009, 20 October 2008 F2F am)
Robert Miller, MITRE (10 March 2009, 20 October 2008 F2F pm)
Magnus Nyström, EMC (17 March 2009, 11 November 2008)
Scott Cantor, invited expert (24 March 2009, 29 July 2008, 2 December
2008)
Ed Simon, Invited Expert (31 March 2009, 18 November 2008)
Gerald Edgar, Boeing (7 April 2009, F2F 13 January 2009, pm)
John Wray, IBM (21 April 2009, 16 December 2008)
Kelvin Yiu, Microsoft (28 April 2009, 21 October 2008 F2F, pm)
regards, Frederick
Frederick Hirsch, Nokia
Chair XML Security WG
Received on Friday, 1 May 2009 15:45:08 UTC