See also: IRC log
<trackbot> Date: 28 April 2009
<jcruella> P54 is Juan Carlos
<shivaram> mute me
<bal> ScribeNick: bal
<fjh> Next meeting: 5 May, Bruce Rich is scheduled to scribe
F2F is 5/12-5/13, Bedford, MA
<fjh> F2F #4: 12-13 May, Bedford MA, logistics: http://lists.w3.org/Archives/Member/member-xmlsec/2009Mar/0015.html
Logistics for F2F: 9-6 both days, w/ 1hr break for lunch
RESOLUTION: F2F will be 9am-6pm each day, with 1hr for lunch
Request for help with the F2F agenda.
<hlockhar> having trouble getting on zakim
fjh: Want to make good use of everyone's time
<fjh> Sent question regarding DTDs and updated question on elliptic curve to
<fjh> oASIS SSTC, WS-SX, Liberty TEG and W3C XML CG
<fjh> Please complete F2F Registration (12-13 May) Questionnaire
<fjh> http://lists.w3.org/Archives/Member/member-xmlsec/2009Mar/0017.html
fjh: Registration questionnaire
for F2F only shows responses
... Please respond even if you're not coming to the F2F
<fjh> Widget Signature published, please review now
fjh: Widget Signature has been published, going to last call
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2009Mar/0061.html
fjh: If you have comments today, still send them in
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2009Apr/0048.html
fjh: Widgets Sig WG agreed to ECC
being a SHOULD in their spec
... and did not object to it being a MUST in XMLDSIG
<fjh> Namespace prefix undeclaring not being added to Namespace 1.0
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2009Apr/0043.html
fjh: New member of the WG
Cynthia_Martin: (new WG member) gives brief introduction
<fjh> http://lists.w3.org/Archives/Member/member-xmlsec/2009Apr/att-0006/21-xmlsec-minutes.html
RESOLUTION: Minutes of 21 April as contained in fjh's message & link above are approved
<fjh> Updated XML Encryption 1.1 redline
<fjh> Updated Roadmap and Publication status, with next publication dates
<fjh> http://www.w3.org/2008/xmlsec/wiki/RoadmapandPublicationStatus
Please review http://www.w3.org/2008/xmlsec/wiki/RoadmapandPublicationStatus
<fjh> Agree to publish Signature Properties
<fjh> http://www.w3.org/2008/xmlsec/Drafts/xmldsig-properties/Overview.html
fjh: Widgets need us to publish a new draft of Signature Properties
RESOLUTION: WG agrees to publish a new draft of the Signature Properties document this week
<fjh> ACTION: fjh to make publication request for signature properties for this thursday, 30 April [recorded in http://www.w3.org/2009/04/28-xmlsec-minutes.html#action01]
<trackbot> Created ACTION-264 - Make publication request for signature properties for this thursday, 30 April [on Frederick Hirsch - due 2009-05-05].
<fjh> ACTION: tlr to update signature properties for publication and place in proper location [recorded in http://www.w3.org/2009/04/28-xmlsec-minutes.html#action02]
<trackbot> Created ACTION-265 - Update signature properties for publication and place in proper location [on Thomas Roessler - due 2009-05-05].
<fjh> URI Reference processing, References, RNG schema, other?
fjh: There are probably some
things missing in our 1.1 spec that I can use the WG's help in
cleaning up
... If you're aware of anything missing in the 1.1 spec, now is
the time to raise these issues.
... Regarding RNG schema, fjh contacted someone who's an RNG
schema expert and he has agreed to help us once he's got some
cycles
+q
<fjh> bal suggests interop on first day of f2f
<fjh> bal notes this allows time for follow up, also some might have to leave early on day two, e.g. 3pm
<scribe> ScribeNick: kyiu
<fjh> http://www.w3.org/2008/xmlsec/wiki/InteropPlanning
need to start a wiki page interop
SHA256, RSA, verify can add OCSP response, AES key wrap
have a couple of algs (exc-c14n and xpath 2.0) - not sure if it changed status
we need to do ECDSA with ECKeyValue and ECDH as well as KeyValue
if you are planning to interop, take a look at the wiki and update with your plans
<bal> +q
bal: recommend to create a table of people who plan to do inteorp and the set of tests they expect to interop
<fjh> wiki is publicly readable, writable requires account
thomas will make sure everyone who is doing interop will have access to wiki
<tlr> http://www.w3.org/2008/xmlsec/Group/interop will be the space for that work
<fjh> if you need access to interop directory please let thomas know
<tlr> everybody who does not have editors' access already, please send me a note
<fjh> sean suggests preparing by next week for interop, with signatures generated, info in them to make easy to validate
fjh: we have a 2 day f2f, but have not decided on which day we'll do the interop
sean, bal and pratik are confirmed for interop.
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2009Apr/0045.html
pdatta: try to show the
complexity of the topic
... defined 9 cases, but have only seen 4 in practice
fjh: part of the goal is to define and agree on the cases and when to stop
pdatta: case 1 - 90% of the cases
refers to a single subtree
... case 2: also common. eg enveloped signature transform where
you exclude the signature
... case 3: could represent the case where you countersign a
bunch of elements
<fjh> pratik suggests we stop with case 4, including support for that, multiple subtrees with exclusions
<fjh> pratik notes 5 is harder but doable, probably not do
pdatta: cannot exclude namespace attributes because it leads to a lot of complications
<klanz2> well isn't the only difference that the missing ancestors in the mittle have to be inspected vs. being plainly skipped, ...
<fjh> pratik notes case 6 increases complexity and 7 significantly
<fjh> what is impact of not supporting cases 5-9?
pdatta: case 8 is when you end up with if the xpath implementation doesn't completely expand all nodesets
<klanz2> I sense, ... that if inheritable attributes/namespaces are treated irrespective of their inclusion in the input node-set or not - implementation can be performed by a very simple stack architecture pushing down the information into orphaned nodes
fjh: what do we lose if we do only 1-4?
<fjh> case 5 example, include keyinfo in enveloped signature..
<fjh> not just one reference
which is the same as most implementations that use 1.0
fjh: can we eliminate some of the cases without harm?
klanz: expect engine to process
xpath and do it correctly
... very hard to estimate impact of removing some cases
fjh: trying to determine whether there is a compelling need for each of the cases
klanz: it's not that hard to process a nodeset
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2009Apr/0040.html
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2009Apr/0041.html
could be done with pratik's proposal
<fjh> pratik notes that we can go with XPath Filter 2.0 approach that selects and includes subtrees
<fjh> pratik notes that XPath Filter 2.0 is already defined, now profiling to say only one intersect for example
pdatta: we are just limiting xpath 2,0 filter to just intersect and union
<fjh> pratik notes it is important to look at XPath 2.0 filter, not XPath 1.0.
pdatta: xpath filter 2 does not evaluate against every node
klanz: how do you profile xpath 2 properly?
<fjh> working to profile XPath Filter 2.0
<fjh> pratik notes that the transform simplification note outlines how to do this
pdatta: simplification comes from constraining xpath to select only elements
<fjh> selecting elements
pdatta: most people use very
simple xpath
... which always selects subtree
<fjh> constraining XPath to select a subtree
pdatta: xpointer doesn't support exclusion
fjh: should we be starting a new specification for the xpath profile?
pdatta: thinks klanz's proposal is equivalent to supporting cases 1-8 in pratik's proposal
<fjh> is konrad saying that implementation should ignore certain choices that can be expressed, while pratik proposal limits what can be expressed to match what is done?
pdatta: there is a perf gain to avoid expanding elements into array
klanz: problem is now you have to
educate people on our requirements on xpath and the parts that
are not supported
... thinks we can improve the description in c14n
fjh: seems constraining by elements and subtrees should be easy to understand
klanz: we could define difference conformance levels
<fjh> concern about performance expectations matching what can be delivered in general case, when allowing arbitrary expressions
<fjh> not convinced one change to the generic algorithm will be successful though it could be
the difference is expanding all nodes versus expanding only the root element of the subtree
<fjh> it seems clear that constraining what is expressed and supported can result in performance improvement and implementation simplification
<fjh> konrad noted that cost can be in xpath processing versus nodeset processing
<fjh> issues might apply to both
<fjh> pratik notes soap body can be huge, so is input to c14n the one element or all the children as a nodeset
klanz: it's question of constraining xpath expression so it's more of a profile than a new spec
fjh: next step: start working on a profile of xpath filter 2
<klanz2> http://www.w3.org/TR/xmldsig-core/#sec-Reference
<klanz2> Type
<klanz2> What about defining a value for the Type of the reference that indicates that a reference is constrained / profiled in the way pratik is suggested
<fjh> sean notes a number implemenations already have material to improve performance, using subtrees etc, so will we get improvement
<fjh> pratik notes it would be useful to have in spec
<klanz2> Isn't this more a requirement / best practice for Users how to use XPath correctly
<klanz2> ... and a profile
<fjh> brad notes complexity of implementation has been barrier, easy for first few use cases
<fjh> pratik noted then too hard.
<fjh> so not only performance but also complexity of implementation
<klanz2> http://www.w3.org/TR/xmldsig-core/#sec-Same-Document
<klanz2> What is the problem with propagating XPointer?
<klanz2> besides it's spec status
fjh: looks like there is some agreement on pratik's proposal
<fjh> pratik plans to share some sample code, possible next step, to get numbers
pdatta: perhaps we can prove the perf difference with numbers
<klanz2> q
<fjh> chris notes that many have done optimizations but it is hard to figure out when you can do optimizations
<fjh> chris notes may be better to be clear that can be done for all
<fjh> konrad agrees with simplification, limiting use of transforms etc
<fjh> konrad may want it to be clear that simplication
klanz: agrees with simplification, but we should flag the fact that simplification is used and also continue to allow the full feature set
<fjh> simplification would allow digesting while signing, additional improvements and optimizations are enabled
<scribe> ACTION: pratik to start email discussion on how different inputs to canonicalization could start ... [recorded in http://www.w3.org/2009/04/28-xmlsec-minutes.html#action03]
<trackbot> Created ACTION-266 - Start email discussion on how different inputs to canonicalization could start ... [on Pratik Datta - due 2009-05-05].
<scribe> ACTION: klanz: simplify canonicalization note [recorded in http://www.w3.org/2009/04/28-xmlsec-minutes.html#action04]
<trackbot> Created ACTION-267 - Simplify canonicalization note [on Konrad Lanz - due 2009-05-05].
<fjh> talking about profiling XPath
<fjh> konrad notes should be able to constrain what user can express
<klanz2> http://www.w3.org/TR/2003/REC-xptr-framework-20030325/#NT-Pointer
<klanz2> [1] Pointer ::= Shorthand | SchemeBased
<klanz2> [2] Shorthand ::= NCName
<klanz2> no sheme however maybe, pratik ?
<fjh> discuss next week, ed will distribute some more materials
postpone until next week
<klanz2> @pratik, http://www.w3.org/TR/2002/WD-xptr-xpointer-20021219/#NT-xpointerschemedata
<fjh> http://www.w3.org/2008/xmlsec/track/actions/open
<tlr> ACTION-262 closed
<trackbot> ACTION-262 Provide interop script for producing result tables as used before closed
ACTION-262 close
<fjh> action-261?
<trackbot> ACTION-261 -- Thomas Roessler to update xmlsec-algorithms draft to include aes key wrap with padding uris -- due 2009-04-27 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/261
<klanz2> @pratik,
<klanz2> http://www.w3.org/TR/xpath#NT-Expr
<klanz2> maybe only allowing
<klanz2> http://www.w3.org/TR/xpath#NT-AbsoluteLocationPath
<fjh> action-260?
<trackbot> ACTION-260 -- Pratik Datta to respond to the proposed change -- due 2009-04-14 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/260
<fjh> action-259?
<trackbot> ACTION-259 -- Konrad Lanz to propoal for the C14N spec change -- due 2009-04-14 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/259
<fjh> action-267?
<trackbot> ACTION-267 -- Konrad Lanz to simplify canonicalization note -- due 2009-05-05 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/267
<fjh> ACTION-267 is to write simpler and smaller C14N spec, and ACTION-259 can be closed
<fjh> action-259 closed
<trackbot> ACTION-259 Propoal for the C14N spec change closed
<fjh> Konrad proposed C14N clarification and errata language, should follow up
<fjh> issue: C14N clarification and errata as noted by Konrad wrt ACTION-259
<trackbot> Created ISSUE-116 - C14N clarification and errata as noted by Konrad wrt ACTION-259 ; please complete additional details at http://www.w3.org/2008/xmlsec/track/issues/116/edit .
<fjh> action-257?
<trackbot> ACTION-257 -- Konrad Lanz to follow up and provide unified proposal for changes to support randomized hashing and signing -- due 2009-04-14 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/257
<fjh> still in progress
<fjh> action-256?
<trackbot> ACTION-256 -- Thomas Roessler to update xref note with addtl type Uris -- due 2009-04-14 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/256
<fjh> still open, additional URIs for RetrievalMethod Type attribute, to be added to document
<fjh> action-248?
<trackbot> ACTION-248 -- Thomas Roessler to put together strawman for additional algorithm RFC -- due 2009-04-13 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/248
<fjh> still open
<klanz2> btw. any news frm Donald Eastlake?
<fjh> action-245 closed
<trackbot> ACTION-245 Update issues closed
<fjh> action-246
<fjh> action-246 closed
<trackbot> ACTION-246 Update Issues closed
<fjh> action-247?
<trackbot> ACTION-247 -- Gerald Edgar to rework ISSUE-45 -- due 2009-04-07 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/247
<fjh> action-247 closed
<trackbot> ACTION-247 Rework ISSUE-45 closed
<fjh> action-239?
<trackbot> ACTION-239 -- Magnus Nyström to investigate alternative source for material in X9.62 -- due 2009-03-31 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/239
<fjh> action-238?
<trackbot> ACTION-238 -- Konrad Lanz to update the proposal associated with ACTION-222 and send to list. -- due 2009-03-24 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/238
<tlr> action-222?
<trackbot> ACTION-222 -- Konrad Lanz to make proposal RIPE algorithms -- due 2009-03-03 -- CLOSED
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/222
<fjh> relates to ACTION-248
<fjh> konrad needs to create proposal here.
<fjh> define work with encoding and anchors
<fjh> action-174?
<trackbot> ACTION-174 -- Pratik Datta to update the transforms related to ISSUE-69 -- due 2009-01-21 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/174
<fjh> ISSUE-69?
<trackbot> ISSUE-69 -- Update example file to avoid empty XPath result -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/69
<jcruella> I am sorry,.... I must leave now...talk to you next week
<fjh> action-150?
<trackbot> ACTION-150 -- Sean Mullan to check Java API dependencies/compatibility -- due 2009-01-20 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/150
<klanz2> added notes to http://www.w3.org/2008/xmlsec/track/actions/248
<fjh> ACTION-150 closed
<trackbot> ACTION-150 Check Java API dependencies/compatibility closed
<fjh> no major issues with ecc algorithms with Java APIs
<fjh> http://www.w3.org/2008/xmlsec/Group/Scribe-Instructions.html