See also: IRC log
<trackbot> Date: 20 October 2009
<fjh2> trackbot-ng, start telecon
<trackbot> Meeting: XML Security Working Group Teleconference
<trackbot> Date: 20 October 2009
<tlr> ScribeNick: pdatta
<tlr> Agenda: http://lists.w3.org/Archives/Public/public-xmlsec/2009Oct/0038.html
<fjh2> Chair: Frederick Hirsch
<fjh2> Important: F2F at TPAC 5-6 November, final registration deadline 21 October
<tlr> http://www.w3.org/mid/1255989879.3628.2.camel@XMLSEC-BIZ.phub.net.cable.rogers.com
tlr: Ed's email on EXI impact
<fjh2> http://lists.w3.org/Archives/Member/member-xmlsec/2009Oct/0016.html
<fjh2> http://www.w3.org/2009/10/13-xmlsec-minutes.html
RESOLUTION: Minutes from 13th Oct are approved
<fjh2> 2.0 FPWD Publication status
<tlr> more likely Thursday
<fjh2> issue-142?
<trackbot> ISSUE-142 -- Is a single schema needed for XML Signature 1.1 to validate against, given that we have 2nd edition schema plus 1.1 additional schema -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/142
<fjh2> action-396?
<trackbot> ACTION-396 -- Thomas Roessler to implement suggestion on multiple schemas http://lists.w3.org/Archives/Public/public-xmlsec/2009Oct/0023.html -- due 2009-10-20 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/396
<tlr> yup, and that action item continues
<fjh2> SP80056AConcatKDF in XML Encryption 1.1
<fjh2> http://lists.w3.org/Archives/Public/public-xmlsec/2009Oct/0029.html
<magnus> +
magnus: ordering of each ofthe sub elements
<fjh2> ACTION: magnus to make proposal on list to address SP80056AConcatKDF in XML Encryption 1.1 concern [recorded in http://www.w3.org/2009/10/20-xmlsec-minutes.html#action01]
<trackbot> Created ACTION-406 - Make proposal on list to address SP80056AConcatKDF in XML Encryption 1.1 concern [on Magnus Nystrom - due 2009-10-27].
magnus: for each of these sub
fields - PartyUinfo is composed of sub strings
... each substring is a fixed length or prefixed by
length
... there is a ordering of the substrings
<fjh2> ACTION-406: original issue http://lists.w3.org/Archives/Public/public-xmlsec/2009Oct/0029.html
<trackbot> ACTION-406 Make proposal on list to address SP80056AConcatKDF in XML Encryption 1.1 concern notes added
<fjh2> pratik asks why not represent as xml elements for clarity
<fjh2> magnus notes could avoid extra processing by staying close to SP80056A
<fjh2> pratik asks if receiver has to do processing, process cert, if so then xml format may be preferable
<fjh2> magnus notes comparing identifiers for identity that has already been established
<fjh2> can we capture some of this in the chat?
magnus: SP800 is very vague on
what the PArtyUInfo needs to be
... we can decide what we want to put in the PartyUInfo,
instead of certificate it could just be a name but certificate
is more natural
pdatta: I will look into this more closely and reply to the email chain. if we simplify the PartyUInfo, we don't need the xml restructuring
issue-91 ?
<trackbot> ISSUE-91 -- ECC can't be REQUIRED -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/91
<tlr> no news from me
<fjh2> Include XML Signature 1.1, XML Encryption 1.1, XML Security Generic Hybrid Ciphers, XML Signature Properties Publish a corresponding updated XML Security Algorithms Cross- Reference working draft
fjh2: agreed to have last call
a/agreed/will agree on F2F/
<fjh2> http://www.w3.org/2008/xmlsec/wiki/Interop
<fjh2> http://lists.w3.org/Archives/Public/public-xmlsec/2009Oct/0033.html
fjh2: normalizae the main
requirements doc with Transform doc
... specific changes and add a section on widget security
<fjh2> me, zakim who is here?
<fjh2> issue: link requirements to features
<trackbot> Created ISSUE-149 - Link requirements to features ; please complete additional details at http://www.w3.org/2008/xmlsec/track/issues/149/edit .
tlr: are we sure we want to
merge?
... we should not split it up again later on
fjh2: we don't have a clear 1.1 requirement and a 2.0 requirement
pdatta: requirements have general principles that have already been solved in 1.0, 1.1, 2.0. Need something which identifies all the new requirements of 2.0
fjh2: suggest to take another
look at it, rather than implement it right away
... many different editing styles in requirements doc - because
of many contributors
<tlr> works for me
fjh2: want to get wrapped up by F2F
<fjh2> issue-63?
<trackbot> ISSUE-63 -- Namespace requirements: undeclarations, QNames, use of partial content in new contexts -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/63
<fjh2> action-389?
<trackbot> ACTION-389 -- Gerald Edgar to propose requirements text for issue-63 -- due 2009-10-13 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/389
<fjh2> issue-68?
<trackbot> ISSUE-68 -- Enable generic use of randomized hashing -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/68
fjh2: if we don't have any volunteers for this we will close this
<fjh2> issue-131?
<trackbot> ISSUE-131 -- Is semantic equivalence robustness in requirements document -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/131
<fjh2> action-391?
<trackbot> ACTION-391 -- Gerald Edgar to see if issue-131 is covered in requirements doc -- due 2009-10-13 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/391
<fjh2> issue-136?
<trackbot> ISSUE-136 -- Is normalization of prefixes a goal for 2.0 c14n -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/136
<fjh2> action-402?
<trackbot> ACTION-402 -- Frederick Hirsch to document issue-136 requirement -- due 2009-10-20 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/402
<fjh2> http://lists.w3.org/Archives/Public/public-xmlsec/2009Oct/0041.html
<fjh2> http://www.w3.org/2008/xmlsec/Drafts/transform-note/Overview.html#id83777
<fjh2> Canonical XML should support the option of namespace prefix re- writing. In this case namespace prefixes are not guaranteed to be preserved, possibly breaking the meaning of QNames. The advantage of using this option is avoiding the complexity and confusion of prefixes that are used for different namespaces in different subtrees, avoiding mapping issues and the need to store additional information for each node for this mapping.
<fjh2> ed mentions that we may want to consider different design decisions
<fjh2> possible copy/move material from signature 2.0 to rqmts
<fjh2> pratik notes use of xsi:type
<fjh2> action-402: add text regarding xsi:type
<trackbot> ACTION-402 Document issue-136 requirement notes added
pdatta: the requirement for qnames in content is related to this
<fjh2> issue-139?
<trackbot> ISSUE-139 -- Need to collect streaming XPath requirements -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/139
<fjh2> action-403?
<trackbot> ACTION-403 -- Thomas Roessler to introduce Pratik D, Michael Kay -- due 2009-10-20 -- PENDINGREVIEW
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/403
<fjh2> action-403: closed
<trackbot> ACTION-403 Introduce Pratik D, Michael Kay notes added
<trackbot> If you meant to close ACTION-403, please use 'close ACTION-403'
<fjh2> close ACTION-403
<trackbot> ACTION-403 Introduce Pratik D, Michael Kay closed
<fjh2> should we invite Michael Kay to XMLSec WG session
tlr: Michael Kay is doing streaming XSLT
<fjh2> FPWD will have XPath subset appendix
<fjh2> ACTION: fjh to contact Michael Kay re F2F or call in [recorded in http://www.w3.org/2009/10/20-xmlsec-minutes.html#action02]
<trackbot> Created ACTION-407 - Contact Michael Kay re F2F or call in [on Frederick Hirsch - due 2009-10-27].
<fjh2> http://lists.w3.org/Archives/Public/public-xmlsec/2009Oct/0030.html
<fjh2> http://lists.w3.org/Archives/Public/public-xmlsec/2009Oct/0032.html
<fjh2> WS-Fragment, levels
<fjh2> scribenick: fjh2
pratik: can align subsets, xmlsec
with ws-fragment
... streaming another issue
... implies separate subsets
... hierarchy of subsets
... named subsets
<tlr> +1 to fjh's nervousness
concerned that we are building in complexity, adding number of choices, layers etc. is it necessary?
<fjh2> why do we need separate things for python
Not sure why we need to adjust spec for scripting languages - not sure what is special here
<tlr> we don't want to build a mutual depedency on WS-Fragment
goal - avoid choices, complexity
<tlr> if we think we have right set of features in Xpath, then let us run with it
<tlr> if it is close enough, then we should share
pratik notes including text and position makes xmlsec subset a superset of WS-Fragment
<scribe> ACTION: fjh see if WS-Fragment joint discussion possible at TPAC [recorded in http://www.w3.org/2009/10/20-xmlsec-minutes.html#action03]
<trackbot> Created ACTION-408 - See if WS-Fragment joint discussion possible at TPAC [on Frederick Hirsch - due 2009-10-27].
action-408: chair and Pratik conversation offline
<trackbot> ACTION-408 See if WS-Fragment joint discussion possible at TPAC notes added
<scribe> ACTION: pratik to revisit text with regards to XPath profile [recorded in http://www.w3.org/2009/10/20-xmlsec-minutes.html#action04]
<trackbot> Created ACTION-409 - Revisit text with regards to XPath profile [on Pratik Datta - due 2009-10-27].
<esimon2> +1 to text()
http://lists.w3.org/Archives/Public/public-xmlsec/2009Oct/0036.html
<tlr> ACTION: ed to review updated relaxng schema [recorded in http://www.w3.org/2009/10/20-xmlsec-minutes.html#action05]
<trackbot> Created ACTION-410 - Review updated relaxng schema [on Ed Simon - due 2009-10-27].
http://www.w3.org/2008/xmlsec/track/actions/open
<tlr> action-399?
<trackbot> ACTION-399 -- Thomas Roessler to ask Ed Simon to review /TR/exi-impacts -- due 2009-10-20 -- PENDINGREVIEW
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/399
ction-146?
<tlr> action-146?
<trackbot> ACTION-146 -- Kelvin Yiu to add rfc 3279 to references -- due 2009-01-20 -- CLOSED
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/146
<tlr> action-416?
<trackbot> ACTION-416 does not exist
issue-146?
<trackbot> ISSUE-146 -- Determine impact of 2.0 transform model on XML Encryption, and any needed changes to XML Encryption -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/146
issue-146: use of select transform would be helpful
<trackbot> ISSUE-146 Determine impact of 2.0 transform model on XML Encryption, and any needed changes to XML Encryption notes added
are we going to want an XML Encryption 2.0?
<esimon2> maybe we don't rev the whole XML Encrption 2.0, but only the transsform section
<esimon2> continue working on new transform for XML Signature 2.0, but not forget about how it impacts encryption
<tlr> issue-122?
<trackbot> ISSUE-122 -- Explain why peformance improvements and rationale, relationship to earlier -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/122
issue-122?
<trackbot> ISSUE-122 -- Explain why peformance improvements and rationale, relationship to earlier -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/122
<pdatta> for the numbers we looked for an old implementation that follows the spec exactly, but couldn't locate one
issue-86?
<trackbot> ISSUE-86 -- Document performance criterial and benchmarks -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/86
issue-86: related to issue-122
<trackbot> ISSUE-86 Document performance criterial and benchmarks notes added
<pdatta> we have numbers on how expensive nodeset is vs a subtree
<fjh2> need an number for octets -> nodeset -> octets conversion time
<fjh2> is it too much work to run the various old implementations that followed the spec
<scribe> ACTION: pratik to perform measurement related to transform octet conversion [recorded in http://www.w3.org/2009/10/20-xmlsec-minutes.html#action06]
<trackbot> Created ACTION-411 - Perform measurement related to transform octet conversion [on Pratik Datta - due 2009-10-27].
issue-115?
<trackbot> ISSUE-115 -- XPath Filter Transform and Namespace Declarations for Qualified Nodes, see http://lists.w3.org/Archives/Public/public-xmlsec/2009Apr/0025.html -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/115
ed asked about security risk related to SignedInfo namespace declarations
ed noted use of Xpath transform, specify namespaces as attributes of transform, no issue
ed notes some toolkits take namespace declaration elsewhere, in document, but possibly not signed
ed notes not necessarily risk, but should state where to put namespace delarations
<pdatta> the spec says "The set of namespace declarations in scope for the XPath expression"
<G-Edgar> I have to drop off.
section 6.6.3 xml signature 1.1
<scribe> ACTION: ed to review ISSUE-115 [recorded in http://www.w3.org/2009/10/20-xmlsec-minutes.html#action07]
<trackbot> Created ACTION-412 - Review ISSUE-115 [on Ed Simon - due 2009-10-27].
<scribe> Chair: Frederick_Hirsch