Agenda: XMLSec WG distributed meeting 2 - 2007-05-15 v3 from Frederick Hirsch on 2007-05-15 (public-xmlsec-maintwg@w3.org from May 2007)

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Tue, 15 May 2007 08:18:55 -0400
To: XMLSec <public-xmlsec-maintwg@w3.org>
Cc: Hirsch Frederick <frederick.hirsch@nokia.com>, Roessler Thomas <tlr@w3.org>
Message-Id: <AF5C6966-7B98-4FAA-99C2-BA39EC6AB90E@nokia.com>
Agenda (v3): W3C XML Security Specifications Maintenance WG (XMLSec)  
Teleconference 15 May 2007
Distributed Meeting #2

(v3 added AI 23, 24, test case notes, venue review notes, regrets)

15 May 2007, 9-10 am Eastern (6-7 PT)
See <http://www.w3.org/2007/xmlsec/Group/Overview.html> for time in  
other time zones.

Zakim Bridge: +1.617.761.6200 conference code 965732# ('XMLSEC')
IRC Chat: irc:irc.w3.org (port 6665), #xmlsec
Web-based IRC (member-only): <http://cgi.w3.org/member-bin/irc/irc.cgi>

Please note that attendance of XMLSEC WG telecons is restricted to  
registered WG participants and persons invited by the chair.

1) Administrative: Scribe confirmation, Attendance, Agenda review  
(9:00 am Eastern)

1a) Regrets: Donald Eastlake, Gregory Berezowsky

1b) Scribe Selection

Juan Carlos Cruellas (15 May 2007, confirmed)
---------------------
Elisabetta Carrara
Donald Eastlake
Phillip Hallam-Baker
Giles Hogben
Konrad Lanz
Peter Lipp
Hal Lockhart
Ram Mohan
Anthony Nadalin
Chris Nautiyal
Rich Salz
Daniel Schutzer
Ed Simon
Andrew Sullivan
Panagiotis Trimintzios
Tarun Tyagi
Thomas Roessler (17 Apr 07)
Greg Whitehead (F2F 2 May 07 am)
Rob Miller  (F2F 2 May 07 pm)
Gregory Berezowsky (F2F 3 May 07 am)
Sean Mullan (F2F 3 May 07 pm)

Scribe instructions:
<http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html>

2) Review and Approval of WG minutes

2a) Review and approval of 2 May F2F draft minutes:
<http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/ 
0012.html>

2b) Review and approval of 3 May F2F draft minutes:
<http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/ 
0013.html>

3) Future WG Meetings

3a) 22 May - Thomas Roessler, chair pro-tem
3b) 29 May - Thomas Roessler, chair pro-tem

4) Action Item Review

Open Action items:
Member Only: <http://www.w3.org/2007/xmlsec/Group/track/actions/open>

ACTION-3, Frederick Hirsch
Update scribe instructions
Member Only:
Done - see <http://lists.w3.org/Archives/Member/member-xmlsec-maintwg/ 
2007May/0003.html>

ACTION-4, Frederick Hirsch
Provide instructions on using bugzilla
Done - <http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/ 
2007May/0016.html>

ACTION-5, Thomas Roessler
Teach tracker about common aliases

ACTION-6, Konrad Lanz
Share example for transform that depends on information beyond the  
transform input nodeset

ACTION-8, Thomas Roessler
Propose spec wording for conformance-affecting changes to xmldsig- 
core per dsig-usage note proposal
Done

See editorial update, <http://lists.w3.org/Archives/Public/public- 
xmlsec-maintwg/2007May/0019.html>

ACTION-9 Sean Mullan
Review E01 <http://www.w3.org/2001/10/xmldsig-errata>
Done

See <http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/ 
2007May/0022.html>

ACTION-12 Frederick Hirsch
Contact participants in previous interop testing

ACTION-13 Thomas Roessler
Put up WBS form to ask about interop testing interest
Done

See Member-only <http://lists.w3.org/Archives/Member/member-xmlsec- 
maintwg/2007May/0005.html>

ACTION-15 Frederick Hirsch
Raise on XML coordination list the need for XML security  
considerations with regards to xml namespace additions
Member Only:
Done - <http://lists.w3.org/Archives/Member/member-xmlsec-maintwg/ 
2007May/0004.html>

ACTION-16 Juan Carlos Cruellas
Look into workshop hosting
<http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/ 
0021.html>

ACTION-17 Thomas Roessler
Draft Workshop Call for Participation

ACTION-18 Thomas Roessler
Send e-mail about interop testing dependencies with Core

ACTION-19 Konrad Lanz
Get test case for E01

ACTION-20 Frederick Hirsch
Feedback to XML CG on November plenary
Member Only:
Done - <http://lists.w3.org/Archives/Member/member-xmlsec-maintwg/ 
2007May/0001.html>

ACTION-21 Frederick Hirsch
Provide comments from XMLSec to XML Core on C14N11
Done - <http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/ 
2007May/0010.html>

ACTION-22 Thomas Roessler
Provide URI for additional algorithms

ACTION-23 Phillip Hallam-Baker
C14N11 QName proposal
This was not recorded by RRSAgent, since Phil was not recognized. Do  
we still need this action?

ACTION-24 All, recorded as Thomas since All not possible in Tracker.
Investigate interop capabilities


5) Editorial Status

5a) Review status of XML Signature draft

<http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/>

Editorial update: <http://lists.w3.org/Archives/Public/public-xmlsec- 
maintwg/2007May/0019.html>

E01 - message from Sean Mullan:
<http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/ 
0022.html>

 From REC:
1. At least one element, from the following set of element types; any  
of these may appear together or more than once iff (if and only if)  
each instance describes or is related to the same certificate:

* The X509IssuerSerial element, which contains an X.509 issuer  
distinguished name/serial number pair that SHOULD be compliant with  
RFC2253 [LDAP-DN],
* The X509SubjectName element, which contains an X.509 subject  
distinguished name that SHOULD be compliant with RFC2253 [LDAP-DN],


5b) Review status Decryption Transform draft

<http://www.w3.org/2007/xmlsec/Drafts/xmlenc-decrypt.html>

6. Coordination update

6a) XML Core, C14N11

Proposed changes accepted.

Revision from Konrad
<http://lists.w3.org/Archives/Public/public-xml-core-wg/2007May/ 
0014.html>

Minor correction
<http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/ 
0018.html>

Revised Draft
<http://www.w3.org/XML/Group/2007/05/CR-xml-c14n11-20070509>

6b) XML CG  - Security and Canonicalization Considerations

<http://lists.w3.org/Archives/Member/w3c-xml-cg/2007May/0008.html>

(subsequent emails have some corrections).

7. Workshop Planning

7a) Workshop venue review
- Spain, Juan-Carlos
- CA, BEA
- ?

7b) Workshop dates review

Number of days, which weeks are possible.

Notice requirement - 3 months?

7c) Review of Call for Participation

8) Interop Planning

8a) Test Cases
i)Regression tests - original XML Signature and Decryption Transform  
cases
Action to review and summarize?

ii) test defined in new C14N11 example (as updated)
<http://www.w3.org/XML/Group/2007/05/CR-xml-c14n11-20070509>

iii)E01 - see ACTION-19
Agreed at F2F that no tests needed for E02-E05

iii)Action to review and summarize test for E06, test for base64 URI?  
Test exists but not well-defined?

iv) Action to summarize dditional tests?
greg: test case for 1.0 as default see if 1.1 by mistake
<hal> test case which checks for correct sig when xml:base is present
<hal> test case which checks for correct sig when xml:id is present
<fjh> thomas: generate sig over doc subset, must include c14n11 as  
final transform
<fjh> greg: new generators not rely on default c14n
<klanz2> Test case for conversion NodeSetData to OctetStreamData:
<klanz2> Use case: Generate a signature having a reference with some  
xpath transform selecting NodeSetData
<klanz2> then we add a XSLT transform that clearly needs OctetStreamData
<klanz2> Check on verification: if the resulting signature actually  
made the use of c14n 1.1 explicit in the chain of transforms

9) Any Other Business

10) Adjourn

regards, Frederick

Frederick Hirsch, Nokia
Chair, XML Security Specifications Maintenance WG
Received on Tuesday, 15 May 2007 12:19:10 UTC