Agenda: Distributed Meeting 2009-06-16

Agenda: W3C XML Security WG (XMLSec)
Teleconference 16 June 2009
Distributed Meeting #33

10-12:00 am Eastern Time
Information on meeting times in various time zones:
http://www.w3.org/2008/xmlsec/Group/Overview.html#phone

Zakim Bridge:
+1.617.761.6200 conference code 965732# ('XMLSEC')
IRC Chat:
irc.w3.org (port 6665), #xmlsec
Web-based IRC (member-only):
<http://cgi.w3.org/member-bin/irc/irc.cgi>

Please note that attendance of XMLSEC WG teleconferences is   
restricted  to registered WG participants and persons invited by the   
chair.

Publication Status available at
http://www.w3.org/2008/xmlsec/wiki/PublicationStatus

Chair: Frederick Hirsch

Regrets:

see http://www.w3.org/2008/xmlsec/Group/Overview.html#upcoming-meetings

1) Administrivia: scribe confirmation, next meeting, other

1a)  Cynthia Martin  is scheduled to scribe (again)

The current scribe list is at the end of this message, will rotate
through this list.

Scribe Instructions:
http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html

1b)   Meeting planning: upcoming meetings

This WG meets weekly on Tuesdays 10-12 Eastern unless a meeting is   
cancelled.

Upcoming meeting information is available on the WG Administrative page:
http://www.w3.org/2008/xmlsec/Group/Overview.html#upcoming-meetings

Next meeting:  23 June, scribe TBD
Teleconference 30 June cancelled.

TPAC registration open
TPAC Overview: http://www.w3.org/2009/11/TPAC/overview.html

Please register: http://www.w3.org/2002/09/wbs/35125/TPAC09/
Note registration fee increases after 21 September 2009.

XML Security Thursday and Friday 5-6 November as originally planned.

1c) Liaisons and Coordination

See status at members page
http://www.w3.org/2008/xmlsec/Group/Overview.html#coordination

1d) Announcements
i) NIST announces the adoption of FIPS 186-3, The Digital Signature
Standard
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/0039.html
ii) Randomized hashing reference
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/0030.html  
(Konrad)
2) Minutes Approval

Please review minutes, also please indicate corrections in attendance.

9 June 2009 teleconference
http://www.w3.org/2009/06/09-xmlsec-minutes.html

3) Editorial update status

Please remember to send note to public list when completing editing,   
indicating what has changed and associated action. Please mark action
as pending as well and update the explain.html document for XML   
Signature 1.1 or XML Encryption 1.1.

3a) Updated XML Signature 1.1 to Discourage use of RSA-SHA1 and ECDSA- 
SHA1, replace the reference to X9.62 with a reference to SEC 1 v2.0

http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/0032.html  
(Magnus)

3b) Updated Transform Simplification to include Byte Range use cases  
and requirements

http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/0034.html  
(Frederick)

3c) Updated XML Signature 1.1 and XML Encryption 1.1 to update  
FIPS-186-3 reference and fix broken anchors/links

http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/0042.html  
(Frederick)

3d) Updated XML Signature, Second Edition Errata

http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/0041.html  
(Thomas)

see http://www.w3.org/2008/06/xmldsigcore-errata.html

4) Proposed security consideration changes related to FIPS-186-3

http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/0040.html  
(Frederick)

5) References update proposals

5a) XML Encryption 1.1 references

http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/att-0044/xmlenc-ref.html 
  (Peter)

5b) XML Signature 1.1 references

6) XML Encryption 1.1 and Derived Keys

Continued discussion and decisions related to XML Encryption 1.1 and  
Derived Keys, whether to incorporate Derived Keys material in XML  
Encryption 1.1 and how.

Magnus, KEM and NIST
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/0038.html

Magnus, Kelvin's example reworked
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/0033.html

7) ACTION-298 resolution

http://lists.w3.org/Archives/Member/member-xmlsec/2009Jun/0001.html   
(Konrad)

8)  ISSUE-134: Camellia algorithm for section of 5.2 Block Encryption   
Algorithm and 5.6 Symmetric Key Wrap for XML Encryption 1.1

http://lists.w3.org/Archives/Public/public-xmlsec-comments/2009Jun/0000.html 
   (Satoru Kanno from NTT Software)

9) Publication and Roadmap

Discuss plans to publish

10) Interop Status

Updated wiki

http://lists.w3.org/Archives/Public/public-xmlsec/2009May/0052.html
(Pratik)

11) RetrievalMethod and Reference in v2

http://lists.w3.org/Archives/Public/public-xmlsec/2009May/0034.html
(Thomas)

http://lists.w3.org/Archives/Public/public-xmlsec/2009May/0035.html
(Scott)

12) Action Item and Issue Review

12a) Close Pending actions

These will be closed unless concern raised before or during meeting.   
Please review in advance of meeting.
[pending review] ACTION-282: Thomas Roessler to Check on state of DSA- 
sha256 - due 2009-05-19 [on ] http://www.w3.org/2008/xmlsec/track/actions/282

[pending review] ACTION-303: Kelvin Yiu to Correct doc on length of r  
and s - due 2009-06-09 [on Sig11 (XML Signature 1.1)] http://www.w3.org/2008/xmlsec/track/actions/303

[pending review] ACTION-304: Kelvin Yiu to Share information on status  
of RIPEMD-160 and strength to mailing list - due 2009-06-09 [on Sig11  
(XML Signature 1.1)] http://www.w3.org/2008/xmlsec/track/actions/304

[pending review] ACTION-310: Magnus Nyström to Add text to XMLDsig 1.1  
discouraging use of RSA-SHA1 and ECDSA-SHA1 - due 2009-06-16 [on Sig11  
(XML Signature 1.1)]
http://www.w3.org/2008/xmlsec/track/actions/310

[pending review] ACTION-311: Thomas Roessler to Teach Frederick how to  
tame the pubrules dragon - due 2009-06-16 [on ]
http://www.w3.org/2008/xmlsec/track/actions/311

[pending review] ACTION-312: Magnus Nyström to Check with IETF SMIME  
on KEM normative statements - due 2009-06-16 [on Enc11 (XML Encryption  
1.1)] http://www.w3.org/2008/xmlsec/track/actions/312

[pending review] ACTION-313: Thomas Roessler to Update errata document  
for XML Signature, adding E02 as distributed by Frederick Hirsch and  
marking E01 and E02 accepted - due 2009-06-16 [on ] http://www.w3.org/2008/xmlsec/track/actions/313

[pending review] ACTION-314: Magnus Nyström to Implement SEC 1  
resolution to update SEC 1 reference in Signature 1.1 to version 2.0,  
remove X.962 reference and refer to SEC 1 v2 instead - due 2009-06-16  
[on Sig11 (XML Signature 1.1)] http://www.w3.org/2008/xmlsec/track/actions/314

[pending review] ACTION-315: Frederick Hirsch to Add byte range use  
case and requirements - due 2009-06-16 [on ] http://www.w3.org/2008/xmlsec/track/actions/315

12b) Open Action Review

Open actions are listed in Tracker at http://www.w3.org/2008/xmlsec/track/actions/open

Procedure for closing actions: http://www.w3.org/2007/xmlsec/Group/Overview.html#closing-actions

Please review open action list and update your actions appropriately:

http://www.w3.org/2008/xmlsec/actions-open.html

13) Issues review

http://www.w3.org/2008/xmlsec/track/issues/open

14) Other Business

15) Adjourn

Scribing  list
----------------
Cynthia Martin, MITRE (9 June 2009)
Bruce Rich, IBM (17 July F2F am, 21 October 2008 F2F am)
Hal Lockhart, Oracle (9 December 2008)
Shivaram Mysore, Invited Expert ( F2F 14 January 2009, pm)\
Bradley Hill, Invited Expert (27 January 2009)
Konrad Lanz, IAIK (24 February 2009, 16 July F2F am)
Juan Carlos Cruellas, Universitat Politècnica de Catalunya (17
February 2009, 16 September 2008)
Chris Solc, Adobe (3 March 2009, 20 October 2008 F2F am)
Robert Miller, MITRE (10 March 2009, 20 October 2008 F2F pm)
Scott Cantor, invited expert (24 March 2009, 29 July 2008, 2 December
2008)
Ed Simon, Invited Expert (31 March 2009, 18 November 2008)
John Wray, IBM (21 April 2009, 16 December 2008)
Kelvin Yiu, Microsoft (28 April 2009, 21 October 2008 F2F, pm)
Sean Mullan, Sun (12 May 2009 F2F am, 3 February 2009)
Gerald Edgar, Boeing (12 May 2009 F2F pm, 7 April 2009, F2F 13 January
2009, pm)
Brian LaMacchia, Microsoft (13 May 2009 F2F am, F2F 14 January 2009, pm)
Pratik Datta, Oracle (14 May 2009 F2F pm, F2F 14 January 2009, pm, 10
February 2009)
Magnus Nyström, EMC (2 June, 2009, 17 March 2009)

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG

Received on Friday, 12 June 2009 22:14:00 UTC