06:43:25 RRSAgent has joined #xmlsec 06:43:25 logging to http://www.w3.org/2008/10/20-xmlsec-irc 06:43:27 RRSAgent, make logs member 06:43:27 Zakim has joined #xmlsec 06:43:27 klanz2 has joined #xmlsec 06:43:29 Zakim, this will be XMLSEC 06:43:29 ok, trackbot; I see T&S_XMLSEC()2:30AM scheduled to start 13 minutes ago 06:43:30 Meeting: XML Security Working Group Teleconference 06:43:30 Date: 20 October 2008 06:43:57 zakim, who is on the phone? 06:43:57 T&S_XMLSEC()2:30AM has not yet started, tlr 06:43:59 On IRC I see klanz2, Zakim, RRSAgent, csolc, pdatta, tlr, bal, fhirsch3, trackbot 06:44:35 brich has joined #xmlsec 06:45:29 Hello everyone and good morning. 06:45:37 Agenda: http://lists.w3.org/Archives/Public/public-xmlsec/2008Oct/0037.html 06:45:42 Chair: Frederick Hirsch 06:45:43 kyiu has joined #xmlsec 06:46:05 Scribe: Gerald Edgar 06:46:07 rdmiller has joined #xmlsec 06:46:12 zakim, who is here? 06:46:12 T&S_XMLSEC()2:30AM has not yet started, fhirsch3 06:46:13 On IRC I see rdmiller, kyiu, brich, klanz2, Zakim, RRSAgent, csolc, pdatta, tlr, bal, fhirsch3, trackbot 06:46:35 zakim, call Executive_6 06:46:35 ok, tlr; the call is being made 06:46:36 T&S_XMLSEC()2:30AM has now started 06:46:36 +Executive_6 06:46:46 zakim, who is on the phone? 06:46:46 On the phone I see Executive_6 06:47:09 zakim, who is here? 06:47:09 On the phone I see Executive_6 06:47:10 On IRC I see rdmiller, kyiu, brich, klanz2, Zakim, RRSAgent, csolc, pdatta, tlr, bal, fhirsch3, trackbot 06:48:50 ScribeNick: csolc 06:52:57 Agenda review 06:53:04 Welcome all 06:54:14 G_Edgar has joined #xmlsec 06:55:57 bal has joined #xmlsec 06:59:03 Topic: Liaisons 06:59:21 +??P4 06:59:23 -??P4 06:59:23 +??P4 06:59:29 zakim, ??P4 is klanz2 06:59:29 +klanz2; got it 07:00:25 http://www.w3.org/2008/10/07-xmlsec-minutes 07:00:39 TOPIC: Minuites Approval 07:01:07 Resolution: 10/07 minutes are approved 07:02:00 Topic: Best Practices 07:03:16 brich: want to confirm that it will be published as first working working draft 07:03:40 bal: does publishing it start any w3c clock 07:03:51 tlr: no clock will be started 07:04:28 okay, with me 07:04:54 Resolution: Group agrees to publish the Best Practices doc as first working draft 07:05:11 ACTION: thomas to prepare best practices for publication 07:05:12 Created ACTION-83 - Prepare best practices for publication [on Thomas Roessler - due 2008-10-27]. 07:05:26 rrsagent, where am i? 07:05:26 See http://www.w3.org/2008/10/20-xmlsec-irc#T07-05-26 07:07:04 rdmiller: does he wait to send best practice to RSA 07:07:25 r/RSA/NSA 07:08:00 fh: wait to send doc untill tlr has doc published 07:09:37 Topic:Requirements updates I 07:11:01 ACTION-73, Title, contents update (Magnus) 07:11:01 http://lists.w3.org/Archives/Public/public-xmlsec/2008Oct/0029.html 07:11:04 ACTION-73, Title, contents update (Magnus) 07:11:04 http://lists.w3.org/Archives/Public/public-xmlsec/2008Oct/0029.html 07:13:11 bal: do we need a section on assumptions? 07:14:31 bal: proposals to add a section between 4 and 5 for opperation assumptions 07:14:47 s/opperation/operational environment/ 07:16:03 Resolution: accept the change http://lists.w3.org/Archives/Public/public-xmlsec/2008Oct/0029.html with the addtion of the operational enviroment assumptions 07:16:25 Proposal for principles section 07:16:25 http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0074.html, 07:18:57 remove Specialized approaches optimized for specific use cases should be 07:19:10 avoided 07:19:38 change "security layer independent of a security layer" to security layer independent of application layer" 07:21:12 fh: what are first class objects 07:21:38 With what respect is that important to us, maybe add a this means sentence ... 07:21:56 fh: XML Signature -> XML Security 07:23:10 fh: first class object should be defined in the original security doc 07:24:08 http://www.w3.org/2008/xmlsec/Drafts/xmldsig-requirements 07:24:21 http://www.w3.org/2008/xmlsec/Drafts/xmlsec-reqs/ 07:24:35 second url is the correct one 07:25:57 I think that Frederick was actually looking for this one: http://www.w3.org/TR/xmldsig-requirements 07:26:45 fh: would like to accept the proposal then edit it after. 07:28:41 Resolution: Accept proposed principles section with the above edits 07:28:54 gedgar has joined #xmlsec 07:30:28 fh: may need to ensure we define requirements before we look a v.next 07:31:30 ACTION: fh edit proposed principles section 07:31:30 Created ACTION-84 - Edit proposed principles section [on Frederick Hirsch - due 2008-10-27]. 07:32:16 Topic: Byte Range signatures 07:32:29 TOPIC: Byte Range signatures 07:32:47 http://lists.w3.org/Archives/Public/public-xmlsec/2008Oct/0011.html 07:34:10 csolc: sign byte ranges of binary document since some might change others not 07:38:23 like LZW 07:38:41 q+ to note that Transforms are defined in terms of octet-streams, not bitstreams 07:39:06 jcruella has joined #xmlsec 07:39:48 +??P7 07:39:59 zakim, ??P7 is jcruella 07:39:59 +jcruella; got it 07:40:29 pratik: binary can be more complicated, depending on encoding 07:40:39 kelvin: prealocate p7 fill in for binary signing 07:40:43 @Juan Carlos, are there requirements from XAdES in PDF for ByteRenges? 07:41:01 s/ByteRenges/ByteRanges/ 07:50:03 . 07:53:33 fjh: add why it's ByteRange and not BitRange ... 07:55:13 csolc, pleas add to your proposal ... 07:56:08 bal has joined #xmlsec 07:56:17 tlr has joined #xmlsec 07:57:28 ACTION: csolc to update the proposal on a ByteRange Transform 07:57:28 Created ACTION-85 - Update the proposal on a ByteRange Transform [on Chris Solc - due 2008-10-27]. 07:57:32 csolc has joined #xmlsec 07:59:29 fhirsch3 has joined #xmlsec 07:59:36 brich has joined #xmlsec 07:59:37 zakim, who is here? 07:59:37 On the phone I see Executive_6, klanz2, jcruella 07:59:38 On IRC I see brich, fhirsch3, csolc, tlr, bal, jcruella, rdmiller, klanz2, Zakim, RRSAgent, trackbot 07:59:43 pdatta has joined #xmlsec 07:59:54 ScribeNick:csolc 07:59:59 pdatta has joined #xmlsec 08:02:45 chris will note why we are using byte ranges instead of bit ranges 08:02:59 gedgar has joined #xmlsec 08:03:51 q+ 08:04:07 tlr: add to requirement clarity on possible attacks with byte ranges 08:04:28 fjh: please include in proposal note on not bit stream, possible limit 08:04:31 ack tlr 08:04:31 tlr, you wanted to note that Transforms are defined in terms of octet-streams, not bitstreams 08:04:36 q- 08:04:38 ack klanz 08:04:51 that's precisely my question 08:05:00 klanz: how are gaps handled, leave out or fill with 0s? 08:05:12 fill with zeroes, fill with something that's given in the transform, produce output that's byte ranges encapsulated in ASN.1, ... 08:05:16 q+ 08:05:20 csolc: need to consider 08:05:21 (just joking, re ASN.1) 08:05:26 klanz: pls add to proposal 08:05:32 ack jruella 08:05:36 rdmiller has joined #xmlsec 08:05:38 ack jcruella 08:06:18 jcreullas: filling with 0s is modifying document, is it not 08:07:46 csolc: transform defined, whether to 0 or compress etc 08:08:09 gedgar has joined #xmlsec 08:09:33 q+ 08:09:34 klanz2: suggests that we ensure proper defaults are defined 08:09:51 q+ 08:10:08 ack klanz 08:10:29 ack tlr 08:10:50 tlr: is there a use case for concat 08:11:08 tls notes signing excerts vs concatenation 08:11:15 s/excerts/excerpts 08:12:08 bal: concat effectively via multiple references 08:12:31 bal: terminal transforms? 08:13:14 Topic: Simple Sign 08:13:16 Simple Signing Strawman requirements 08:13:16 http://lists.w3.org/Archives/Public/public-xmlsec/2008Oct/0032.html 08:16:26 q+ 08:18:51 bal: lower level os stuff wants the minimal set of dependancy 08:19:30 ... so if simple sign needs xpath, the more libraries you will need 08:22:32 kelvin notes want to leverage platform, offer support at low level without pulling in xml libraries, no XPath etc 08:23:24 brich: you may require to set a policy instead of a max length 08:23:52 .. on the amount of data that is signed. 08:24:35 fhirsch3 has joined #xmlsec 08:25:14 fhirsch has joined #xmlsec 08:25:19 zakim, who is here? 08:25:19 On the phone I see Executive_6, klanz2, jcruella 08:25:20 On IRC I see fhirsch, rdmiller, pdatta, brich, csolc, tlr, bal, jcruella, klanz2, Zakim, RRSAgent, trackbot 08:25:46 kelvin notes policy can be in doc rather than apps, since apps could differ 08:25:49 kelvin: the application tells the library the max amount of data that is allowed to be processed. 08:26:12 kelvin notes shred, dsobhect can have unsigned items added at higher layer, can break signed items already existant 08:26:43 pdatta: asked about text nodes 08:26:50 item - policy in signature 08:28:10 Off Topic: Can someone taking care of our mainpage, take an action to update http://www.w3.org/2008/xmlsec/#lists and add "public-xmlsec-comments@w3.org" http://lists.w3.org/Archives/Public/public-xmlsec-comments/ , the need to do this is indicated by the following comment: http://lists.w3.org/Archives/Public/public-xmlsec-comments/2008Oct/0000.html 08:28:16 Geald_Edgar has joined #xmlsec 08:29:25 Off Topic continued, maybe also mention the old lists: 08:29:25 public-xmlsec-discuss@w3.org 08:29:25 http://lists.w3.org/Archives/Public/public-xmlsec-discuss/ 08:29:25 w3c-ietf-xmldsig@w3.org 08:29:25 http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/ 08:31:08 bal: need to keep in mind about older libraries, how can the new format be supported by older processors 08:31:34 q- 08:33:08 fh: this does duplicate a number of the xades reqs 08:33:31 q+ 08:33:41 fh: declarative policy as part of the sig? 08:33:50 @tlr: shall http://lists.w3.org/Archives/Public/public-xmlsec-comments/2008Oct/0000.html be forwarded to 08:33:50 www-xml-canonicalization-comments@w3.org 08:33:50 http://lists.w3.org/Archives/Public/www-xml-canonicalization-comments/ 08:36:42 bal: Putting policy languages into these requirements is a can of worm. 08:36:47 All: yes, and in the following way 08:37:08 ACTION: Kalvin: Clean up proposal http://lists.w3.org/Archives/Public/public-xmlsec/2008Oct/0032.html 08:37:08 Sorry, couldn't find user - Kalvin 08:37:24 ACTION: Kelvin to clean up proposal http://lists.w3.org/Archives/Public/public-xmlsec/2008Oct/0032.html 08:37:24 Created ACTION-86 - Clean up proposal http://lists.w3.org/Archives/Public/public-xmlsec/2008Oct/0032.html [on Kelvin Yiu - due 2008-10-27]. 08:37:48 fjh: need to clarify policy-related requirement and why we don't want to do this 08:38:41 bal: may need to declare what are the capabilities of the application. 08:39:19 q+ 08:39:38 bal: will need to declare capabilities, relevant for simple low level, or higher level apps 08:39:44 ack jcrella 08:39:48 ack jcruella 08:40:47 bal: at sig generation time declare as part of sig, that sig adhers to part of std 08:41:10 bal: verifiers can declare portions they understand 08:41:55 jcc: etsi defined language for signature policy 08:42:31 @jcc do you have a link or reference ... 08:42:55 bal: would like to see levels for the profiles 08:42:58 bal: policy limited to statement adhere to level 0 profile, level 1 profele etc 08:43:03 s/profele/profile 08:44:05 ack klanz 08:44:33 klanz: public mailing lists are not easy access 08:44:38 ACTION: thomas to add link to comment list to public page 08:44:39 Created ACTION-87 - Add link to comment list to public page [on Thomas Roessler - due 2008-10-27]. 08:46:38 Can you type, when you reconvene please ... 08:46:46 -klanz2 08:46:51 -jcruella 08:52:56 John_Boyer has joined #xmlsec 08:56:09 +John_Boyer 08:56:11 -John_Boyer 08:56:11 +John_Boyer 08:56:48 +wellsk 09:02:43 csolc has joined #xmlsec 09:04:02 Joint Meeting with XForms (11:00 - 12:30) 09:04:05 fhirsch3 has joined #xmlsec 09:04:16 Topic: Joint Meeting with XForms 09:04:26 zakim, who is here? 09:04:26 On the phone I see Executive_6, John_Boyer, wellsk 09:04:27 On IRC I see fhirsch3, csolc, John_Boyer, Geald_Edgar, rdmiller, pdatta, brich, jcruella, klanz2, Zakim, RRSAgent, trackbot 09:05:42 yugma web con session id is 229 481 091 09:05:55 tlr has joined #xmlsec 09:06:37 zakim, who is here 09:06:37 fhirsch3, you need to end that query with '?' 09:06:43 zakim, who is here? 09:06:43 On the phone I see Executive_6, John_Boyer, wellsk 09:06:44 On IRC I see tlr, fhirsch3, csolc, John_Boyer, Geald_Edgar, rdmiller, pdatta, brich, jcruella, klanz2, Zakim, RRSAgent, trackbot 09:07:26 bal has joined #xmlsec 09:07:50 zakim, who is on the phone? 09:07:50 On the phone I see Executive_6, John_Boyer, wellsk 09:08:04 klanz2? 09:08:06 we're back 09:08:23 zakim, who iis here? 09:08:23 I don't understand your question, fhirsch3. 09:08:28 zakim, who is here? 09:08:28 On the phone I see Executive_6, John_Boyer, wellsk 09:08:30 On IRC I see bal, tlr, fhirsch3, csolc, John_Boyer, Geald_Edgar, rdmiller, pdatta, brich, jcruella, klanz2, Zakim, RRSAgent, trackbot 09:09:23 nick has joined #xmlsec 09:11:00 Steeeven has joined #xmlsec 09:11:23 unl has joined #xmlsec 09:11:34 Present+ Steven Pemberton, Ulide Lisse, Nick van den Blecken, Roland Merrick, TV Raman, Charlie Wiecha, Keith Wells, John Boyer 09:12:33 s/Bleck/Bleek 09:12:43 s/Ulide/Ulrich 09:13:13 John Boyer presentor 09:13:36 nick has joined #xmlsec 09:13:45 +??P5 09:14:01 zakim, who is on the phone? 09:14:02 On the phone I see Executive_6, John_Boyer, wellsk, ??P5 09:14:38 zakim, ??P5 is jcruella 09:14:38 +jcruella; got it 09:14:47 kyiu has joined #xmlsec 09:19:57 presentation in PDF at http://www.w3.org/2008/xmlsec/f2f-2008-10-20/xforms/XMLSignatures.TPAC2008.pdf 09:20:44 -jcruella 09:21:36 +??P5 09:21:58 zakim, ??P5 is jcruellas 09:21:58 +jcruellas; got it 09:24:27 +??P6 09:24:36 zakim, ? is klanz2 09:24:36 +klanz2; got it 09:24:40 s/presentation in PDF/XForms security presentation in PDF/ 09:26:07 me at "what if I work offline" 09:26:12 "But what if I want to work offline" 09:26:25 s/me at .*// 09:27:52 johnboyer: odf two types, single standalone file or zip file with many resources 09:28:27 odf of presentation at http://www.w3.org/2008/xmlsec/f2f-2008-10-20/xforms/XMLSignatures.TPAC2008.odp 09:29:28 tlr notes zip issue related to widget signing spec 09:30:03 raman notes xml packaging a generic issue in w3c 09:31:24 john notes content.xml is main xml in document, enveloped signature 09:31:34 raman asks if xml base can be used 09:32:05 It sounds as though a detatched signature has the potential of signing an information source that no longer exists 09:32:24 What is the URI scheme for Zip Files, is there one? 09:32:48 detached can only sign as binary opaque reference 09:33:21 So XML is detached as a seperate unit witjhin the ODF package, but it is included in the same information resource? 09:33:39 s/witjhin/within/ 09:34:59 consider http://java.sun.com/javase/6/docs/api/java/net/JarURLConnection.html for referencing inside zip ... also 09:35:22 perhaps the XML signature itself is created as a detached signature, but it is attached withing the ODF file. 09:36:20 reference refers to instance document not entire xforms environment 09:36:28 s/reference/john boyer: reference/ 09:36:48 john boyer: using reference with no uri 09:37:46 john wants to sign the odf doc, and since the xml signature is part of the instance data if uri="" is used it refers to the data not the odf doc 09:38:52 see slides for details 09:46:25 john boyer notes at run time separate dom for recording instance data, separate document 09:46:41 tlr- what is base uri for instance document 09:47:33 john boyer - expect same doc reference, signature in instance document 09:47:35 nick has joined #xmlsec 09:47:44 zakim, who is here? 09:47:44 On the phone I see Executive_6, John_Boyer, wellsk, jcruellas, klanz2 09:47:45 On IRC I see nick, kyiu, unl, Steeeven, bal, tlr, fhirsch3, csolc, John_Boyer, Geald_Edgar, rdmiller, pdatta, brich, klanz2, Zakim, RRSAgent, trackbot 09:49:46 after run time might be serialized back with intial larger document 09:49:58 s/after/john boyer notes after/ 09:52:38 john - there are 3 layers, Instance data, the Model and the instance form. 09:55:00 john - there is a difference between the runtime of the model and the serialized version. 09:57:51 +Ed_Simon 09:58:10 john - since the signatures are being generated at runtime - the references are relative to the containing data dom. 09:58:45 john - separate dom for instance at run time, not serialized or incorpporated until commit, ie. temporary data until accepted 10:06:38 raman - all information except state information is stored in the xforms model. 10:09:00 roman - custom functions must also be signed. 10:10:00 roman - there are custom libraries that can be loaded into xforms. 10:10:22 extensions functions are full XPath 10:12:23 john boyer application can define context for uri 10:13:53 john b - a reference without a uri points to the outer most document. 10:16:11 raman at save time, save original doc plus instance data, to enable restore 10:16:29 john boyer - eg save template and instance data 10:18:44 - instance data can be inline in the doc, fetched once at startup then stored inline, or saved in a remote source 10:21:41 ) defined in terms of original document, not data document... 10:21:56 here was defined... 10:23:13 esimon2 has joined #xmlsec 10:23:28 maybe XProc would be good way to explain what is going on here ... ;-) 10:28:08 john b - issue with repeating content. 10:28:27 + +46.7.09.41.aaaa 10:29:43 john b - section 4.4.3.3.4 xmlsig doc 10:30:56 ... input to the first transform should be output of the referencing 10:31:48 zakim, who is here? 10:31:48 On the phone I see Executive_6, John_Boyer, wellsk, jcruellas, klanz2, Ed_Simon, +46.7.09.41.aaaa 10:31:50 On IRC I see esimon2, nick, kyiu, unl, Steeeven, bal, fhirsch3, csolc, John_Boyer, Geald_Edgar, rdmiller, pdatta, brich, klanz2, Zakim, RRSAgent, trackbot 10:32:31 ... 4.4.3.3.1 counfusion on the output of a non same document reference. does it have to be an octet stream 10:32:52 zakim, country code 46? 10:32:52 I don't understand your question, Steeeven. 10:34:19 +46 is Sweden 10:34:31 john boyer - support for uri-less reference required, possible errata. 10:34:39 konrad - can you submit test cases? 10:35:29 bal - cannot mandate application specific feature, but should require it to be allowed 10:35:56 4.3.3.4 ... The input to the first Transform is the result of dereferencing the URI attribute of the Reference element. ... 4.3.3.1 ... If the URI attribute is omitted altogether, the receiving application is expected to know the identity of the object. For example, a lightweight data protocol might omit this attribute given the identity of the object is part of the application context. This attri 10:35:56 bute may be omitted from at most one Reference in any particular SignedInfo, or Manifest. ... 10:36:24 bal - what is the interoperability point 10:36:42 bal - could add an imlementation note 10:37:14 klanz your are asking that null can be passed to url resolver 10:37:44 r/imlementation/implementation 10:38:06 klanz - should define own uri scheme in these cases, can then separate from work-arounds 10:41:03 fh - may need a uri identifier for instance data 10:41:32 roman - could define odf:here() 10:41:43 avoid confusion of wether in instance data context or in committed merged document, need to be explicit with explicit URI 10:41:48 s/roman/raman/ 10:41:53 s/wether/whether 10:43:01 klanz: maybe should use xslt functions 10:43:33 john b - xslt is like poison. too complicated 10:45:12 john b - xslt is also an optional component to xml sigs 10:46:44 klanz - can xinclude be used to resolve the multiple doc issue 10:47:01 is it possible to simplify this 10:47:07 raman notes reflection of interactivity 10:47:25 q+ 10:47:29 john notes even with zip still want node set, still have here issue, even if not here function 10:49:45 concern with complexity, want to make security simpler, sounds complicated to have separate instance and documents, then merge and lose context. 10:50:07 john notes interactive document case works 10:51:01 ack klanz 10:51:11 q- 10:51:45 -jcruellas 10:52:21 fh - is it possible for xforms not to use xpath in the signatures 10:52:32 is it XPath 1.0? 10:52:38 I'd presume so .. 10:53:31 john offers to summarize use case in terms of instance documents and original, serialization into single document, what is process, issues 10:53:50 also to summarize lessons from implementation and needs regarding here etc. 10:55:00 -wellsk 10:55:13 - +46.7.09.41.aaaa 10:55:15 Thanks to the XFORMS foaks 10:55:23 jcruella has joined #xmlsec 10:55:26 -John_Boyer 10:55:35 -klanz2 10:55:39 sorry, had problems with my labtop 10:55:57 zakim, who is here? 10:55:57 On the phone I see Executive_6, Ed_Simon 10:55:58 On IRC I see jcruella, esimon2, kyiu, bal, fhirsch3, csolc, John_Boyer, Geald_Edgar, rdmiller, pdatta, brich, klanz2, Zakim, RRSAgent, trackbot 10:56:05 Breaking for 1 hour lunch 10:56:14 +??P0 10:56:31 zakim, P0 is jcruella 10:56:31 sorry, jcruella, I do not recognize a party named 'P0' 10:57:42 -Ed_Simon 10:57:44 -??P0 10:57:45 -Executive_6 10:57:45 T&S_XMLSEC()2:30AM has ended 10:57:46 Attendees were Executive_6, klanz2, jcruella, John_Boyer, wellsk, jcruellas, Ed_Simon, +46.7.09.41.aaaa 12:02:30 T&S_XMLSEC()2:30AM has now started 12:02:37 +Ed_Simon 12:03:59 nick has joined #xmlsec 12:04:24 nick has joined #xmlsec 12:04:31 nick has left #xmlsec 12:05:42 unl has joined #xmlsec 12:06:56 esimon2 has joined #xmlsec 12:07:05 unl has left #xmlsec 12:09:12 scribenick: rdmiller 12:09:17 csolc has joined #xmlsec 12:09:43 +[IPcaller] 12:09:58 bal has joined #xmlsec 12:10:51 fhirsch3 has joined #xmlsec 12:10:59 zakim, who is here? 12:10:59 On the phone I see Ed_Simon, [IPcaller] 12:11:00 On IRC I see fhirsch3, bal, csolc, esimon2, jcruella, rdmiller, klanz2, Zakim, RRSAgent, trackbot 12:11:18 zakim, who am I 12:11:18 I don't understand 'who am I', jcruella 12:11:21 zakim, who am I? 12:11:21 I don't understand your question, jcruella. 12:11:22 pdatta has joined #xmlsec 12:12:39 zakim, please call xmlse 12:12:39 I am sorry, fhirsch3; I do not know a number for xmlse 12:13:12 zakim, call executive_6 12:13:12 ok, fhirsch3; the call is being made 12:13:14 +Executive_6 12:13:28 zakim, who is here? 12:13:28 On the phone I see Ed_Simon, [IPcaller], Executive_6 12:13:29 On IRC I see pdatta, fhirsch3, bal, csolc, esimon2, jcruella, rdmiller, klanz2, Zakim, RRSAgent, trackbot 12:13:54 zakim, IPcaller is jcc 12:13:54 +jcc; got it 12:14:29 Topic: Review XForms Discussion 12:15:26 bah: We need to clarify the application specific behavior og references that are lacking URIs 12:15:36 s/bah/bal 12:16:10 brich has joined #xmlsec 12:16:26 fhirsch3: We need to confirm that signature verification requires an XForms application 12:17:20 s/an XForms/a running XForms/ 12:17:39 fhirsch3: John from XForms to clarify the processing model and what he needs from XMLSEC to support his implementation. 12:18:38 fhirsch3: Concern that the complexity of the XForms processing model and goals seem to run counter to those of the XMLSEC WG. 12:20:02 G_Edgar has joined #xmlsec 12:20:30 Topic: NIST Review 12:20:39 http://lists.w3.org/Archives/Public/public-xmlsec/2008Oct/0033.html 12:21:27 bal: Reviewed 2 documents from NIST regarding Radmomized Hashing and approved hash algorithms. 12:22:11 NIST SP800-106 Radomized Hashing 12:22:48 bal: We could use the radomization of content for references only. 12:23:26 Which schema? XML Signature's or XML schemas in general? 12:24:57 randomized hashing - modification of any hash alg to add randomization, NIST defines only for sig hash, could do for Dsig hashing 12:25:02 of input to content 12:25:13 bal - xml signature schema 12:25:27 currently define hash alg and any, could define element for salt 12:25:29 optional 12:26:34 bal: We would need to update ds:SignatureMethod. 12:27:01 group notes oaep only defined for encryption 12:30:35 RESOLUTION: Work on ransomized hashing is a lower priority for the XMLSEC WG and will be deferred until there is a pressing need. 12:31:37 fhirsch3: At lunch there was a discussion about releasing a 3rd addition to address addition of algorithms. 12:32:17 tlr: If it affects conformance then it will need to at least be a minor edition. 12:32:29 s/addition/edition 12:33:35 Present+ Xu Guibao 12:33:41 +??P13 12:33:44 Xu Guibao joined as observer 12:33:48 zakim, ? is klanz2 12:33:48 +klanz2; got it 12:35:29 bal notes may want to deprecate sha1 in 1.1, or not but simply introduce new algs in 1.1 12:35:37 bal notes goal not to change namespace in 1.1 12:36:12 bal: We may want to recommend in v.next that old algorithms are not used and then deprecate them in a following version. 12:37:58 tlr has joined #xmlsec 12:40:58 q+ 12:42:02 q? 12:42:15 tlr if a future version, requires versioning, then need a new namespace is a reading of this 12:42:21 ack klanz 12:42:55 q+ 12:42:57 q+ 12:42:58 q+ 12:43:05 q- 12:43:24 ack bal 12:43:38 http://tools.ietf.org/html/rfc4051 12:43:47 http://www.w3.org/2001/04/xmldsig-more# 12:43:52 http://www.w3.org/2000/09/xmldsig# 12:44:59 bal: If something changes that breaks backward compatibility then it would require a new namespace. 12:45:52 tlr: Prepare a working draft for verion 1.1 where we add algorithms and clarify the versioning policy. 12:46:03 clarify versioning in wd and see if that is acceptable to constituents, including possibly sha-1 deprecation 12:46:04 q+ 12:46:16 konrad, so is your point that additional algorithms have already been defined without revving the namespace? 12:46:20 ack tlr 12:46:25 ack jcruella 12:47:02 jcc notes one doc of sig semantics and one for algorithms 12:48:11 jcc this avoids need to constantly change entire for algs 12:48:13 TOPIC: Joint Meeting with EXI 12:48:57 herve has joined #xmlsec 12:49:05 youenn has joined #xmlsec 12:49:36 Present+ John Schneider, Carine Bournez, Daniel Peintnec, Richard Kantschke 12:49:58 jcc, can you hear? 12:49:59 dape has joined #xmlsec 12:50:07 not well; I'm quite dependent on the IRC 12:50:28 caribou has joined #xmlsec 12:52:10 exi has looked at xml security in more detail 12:52:12 brutzman has joined #xmlsec 12:52:39 Re, Algorithm Identifiers (Last Topic) :http://www.w3.org/2007/xmlsec/Group/track/actions/150 12:52:53 some future work is c14n work - use exi to improve performance 12:53:16 reduce what needs to be preserved for verification, e.g. leverage typed values 12:53:52 EXI has parameters , e.g. preserve comments, similar to c14n 12:54:14 To improve performance canonicalization with EXI could require the use of some parameters. 12:54:29 EXI encoding for encryptoin - need to specify that encrypted content is exi encoded, encoding attribute 12:54:47 smullan has joined #xmlsec 12:55:53 URIs for canonicalization algs when using EXI. 12:56:02 possibly using exe for c1n 12:56:15 jkangash has joined #xmlsec 12:56:34 EXI could provide "type aware" canonicalization to improve performance. 12:57:47 q+ 12:58:21 q+ 12:58:52 tom - test cases should be considered 12:59:07 zakim, who is here? 12:59:07 On the phone I see Ed_Simon, jcc, Executive_6, klanz2 12:59:09 On IRC I see jkangash, smullan, brutzman, caribou, dape, youenn, herve, tlr, G_Edgar, brich, pdatta, fhirsch3, bal, csolc, esimon2, jcruella, rdmiller, klanz2, Zakim, RRSAgent, 12:59:11 ... trackbot 12:59:17 q+ 13:01:22 tom wanting to integrate xml security testing into exi testing, thinking about what is involved 13:01:36 tom effort involves university development 13:02:13 university development?! 13:02:41 don: do signatures survive EXI round-tripping? 13:03:09 tlr: we do have signatures and signed documents that you could run through your tests. 13:03:14 rkuntsch has joined #xmlsec 13:04:20 bal - do two semntically equivalent xml docs do they serialize into two exi serializations? 13:04:35 yes, when consideraing parameters 13:04:52 s/yes/steven, yes/ 13:05:06 zakim, who is here? 13:05:06 On the phone I see Ed_Simon, jcc, Executive_6, klanz2 13:05:07 s/consideraing/considering 13:05:08 On IRC I see rkuntsch, jkangash, smullan, brutzman, caribou, dape, youenn, herve, tlr, G_Edgar, brich, pdatta, fhirsch3, bal, csolc, esimon2, jcruella, rdmiller, klanz2, Zakim, 13:05:10 ... RRSAgent, trackbot 13:05:46 recap/summary: we have an exi test suite with a corpus of several thousand documents. will be looking to ensure we have sufficient set of encrypted and/or signed documents to properly test round-trip success and interoperability by various EXI processors. 13:06:12 steven, have option to preserve namespace info 13:06:48 q+ 13:08:27 magnus has joined #xmlsec 13:08:30 tlr: XML Signature is dependant on which EXI paramaters are used. 13:08:42 q+ 13:09:17 ha! Excellent news! 13:09:28 (I hadn't realized that EXI had done this piece of work.) 13:09:33 EXI is set to work with canonicalization and is documented in a best practices document. 13:10:00 EXI Best Practices relevant to security: http://www.w3.org/XML/Group/EXI/docs/best/exi-best-practices.html#security 13:10:25 john: EXI has designed things to be compatible with existing canonicalizations, and there are sets of parameters which will not break XML Security. 13:10:33 EXI Impacts relevant to security: http://www.w3.org/XML/Group/EXI/docs/impacts/exi-impacts.html#xml-security 13:10:38 jschneid2 has joined #xmlsec 13:10:42 ... we're now talking about forward-looking work that would permit use of EXI with Signature. 13:12:56 http://www.w3.org/TR/exi-best-practices/#security 13:13:47 kyiu has joined #xmlsec 13:13:48 Ed Simon looked at the EXI document and not the EXI Best Practices 13:14:15 fhirsch3: We should review EXI Best Practices. 13:14:15 ack jcc 13:14:24 ack jcruela 13:14:30 ack jcruellas 13:14:34 ack jcruella 13:16:03 jcruella: EXI is not caninocalization, but serialization of canonicalization. 13:16:07 best practice, how to use exi with existing c14n algs, using preserve algs 13:16:24 s/preserve algs/preserve parameers 13:16:42 exi could be used as c14n alg in future, topic for joint discussion 13:17:18 s/exi/john wzi 13:17:26 a/wzi/exi 13:18:04 zakim, who is making noise? 13:18:14 fhirsch3, listening for 10 seconds I heard sound from the following: jcc (49%), Executive_6 (77%) 13:18:48 john, preserving more in exi makes it larger 13:19:22 john, eg no need to preserve lexical values, gaining efficiency 13:20:01 q+ 13:20:36 jcc should signature cover tables 13:20:56 john, tables are implicit 13:21:11 john, part of stream 13:21:24 EXI Format 1.0, 6.3 Fidelity Options http://www.w3.org/TR/exi/#fidelityOptions lists Preserve.comments Preserve.pis Preserve.dtd Preserve.prefixes Preserve.lexicalValues 13:21:28 ack fhirsch 13:22:32 fhirsch3: What is the performance hit of using EXI for canonicalization because of having to use the EXI parser? 13:23:38 Is there something like in memory EXI as well that expands to APIs like DOM or XPATH on the fly? 13:25:27 question is whether the startup and shutdown time for EXI is too expensive when only performing single sign or verify... 13:25:45 answer is that schema load can take time, but exi is also able to save internal compiled form 13:25:48 john: Performance would be based on initial load and number of schemas used. 13:25:54 bal asks about memory footprint 13:26:13 john, string tables but can be limited 13:26:46 john, serialize xml doc or set of xml fragments, which are individual elements + attributes 13:28:23 bal cannot replace c14n with it directly due to input requirement, not a nodeset as input 13:28:24 Ordered NodeSet .... 13:29:06 bal possible issue if unparented nodeset allowed, would need to be considered 13:29:28 ack esimon 13:30:23 http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0005.html 13:30:27 ed asks re importance of native formatted signatures 13:31:41 ed, e.g. sign exi format without converting to xml for signing 13:32:53 G_Edgar has joined #xmlsec 13:34:10 I am wondering what might be the impact of "pluggable codecs" on this? I wonder since "pluggable codecs are negotiated. 13:34:41 XBC was predecessor of EXI group. XML Binary Characterization Use Cases http://www.w3.org/TR/xbc-use-cases 13:34:56 ack pdatta 13:35:23 pratik - does exi preserve ordering 13:35:27 ACTION: esimon to look at the EXI use cases. 13:35:27 Sorry, couldn't find user - esimon 13:35:39 try esimon2 13:35:42 john, always preserves ordering of elements, not attributes 13:36:13 ACTION: esimon2 to lookk at the EXI use cases 13:36:13 Created ACTION-88 - Lookk at the EXI use cases [on Ed Simon - due 2008-10-27]. 13:36:53 john, attribute order can be preserved as part of serializion, might need switch in EXI for writing out attribute order 13:37:13 Are attribute orders part of any Codec? 13:37:14 action 88 is on test cases 13:37:14 Sorry, couldn't find user - 88 13:37:44 +q 13:37:50 john, also keep track of encoding options 13:38:14 pratik canonicalization often last step to digest, hence space benefits may not be valuable 13:38:27 anil has joined #xmlsec 13:38:47 upon decompressing an EXI document, element order is preserved but attribute order is not (as specified in XML Infoset). nevertheless it is possible to reapply canonicalization upon recreation of the XML document from EXI. perhaps EXI should add a switch to preserve canonicalization upon decompression. this would seem to be necessary in order to preserve signature. 13:39:10 john, can serialize direct from model to exi, not necessarily via xml 13:39:25 ... hence faster 13:40:15 ack klanz 13:40:36 exi implementation can offer different modes, e.g. from DOM, SAX etc. open source exisits 13:41:55 john: EXI is not designed to be an in memory represenation but specifici parts of the EXI strream can be referenced using self contained sub-trees. 13:41:55 john, exi is interchange format, can have self-contained subtrees, meetin requirements for random access 13:42:16 s/specifici/specific 13:42:26 q? 13:43:14 john: If not preserving namespace declarations EXI stores the qualified names direclty which is the full identity of the URI. 13:46:34 ack G_Edgar 13:47:20 disallow plugabble codecs 13:47:41 Could we have some pointers to implemtations/Implementation Reports for EXI 13:47:52 I'd be interested finding one that offers a DOM API 13:49:04 http://lists.w3.org/Archives/Public/public-exi/2008Sep/0001.html 13:49:21 -jcc 13:49:32 -klanz2 14:00:06 + +1.781.515.aaaa 14:00:22 zakim, magnus is aaaa 14:00:22 sorry, magnus, I do not recognize a party named 'magnus' 14:01:12 zakim, aaaa is magnus 14:01:12 +magnus; got it 14:09:30 zakim, who is here? 14:09:30 On the phone I see Ed_Simon, Executive_6, magnus 14:09:31 On IRC I see anil, G_Edgar, magnus, jkangash, smullan, brutzman, caribou, dape, herve, brich, pdatta, fhirsch3, csolc, esimon2, jcruella, rdmiller, klanz2, Zakim, RRSAgent, 14:09:34 ... trackbot 14:10:18 bal has joined #xmlsec 14:11:18 I'm back. 14:11:34 tlr has joined #xmlsec 14:13:04 rdmiller2 has joined #xmlsec 14:13:45 +??P15 14:13:56 juan carlos 14:14:28 zakim, P15 caller is jcruella 14:14:28 I don't understand 'P15 caller is jcruella', jcruella 14:14:43 me http://www.ermitage-du-riou.fr/french/company/gastronomy.asp 14:14:55 zakim, P15 caller is jcc 14:14:55 I don't understand 'P15 caller is jcc', jcruella 14:15:05 zakim, +P15 is jcc 14:15:05 sorry, bal, I do not recognize a party named '+P15' 14:15:11 zakim, +P15 caller is jcc 14:15:11 I don't understand '+P15 caller is jcc', jcruella 14:15:12 zakim, P15 is jcc 14:15:13 sorry, bal, I do not recognize a party named 'P15' 14:15:28 zakim, +P15 caller is jcruella 14:15:28 I don't understand '+P15 caller is jcruella', jcruella 14:15:50 zakim, ??P15 is jcc 14:15:50 +jcc; got it 14:16:11 thanks!! 14:18:35 rkuntsch has joined #xmlsec 14:19:28 XBC use cases: http://www.w3.org/TR/xbc-use-cases/ 14:19:47 +??P16 14:19:49 john: Usecases are XBC and usecases are on the EXI webpage as part of the testing framework. 14:19:50 zakim, ? is klanz 2 14:19:50 I don't understand '? is klanz 2', klanz2 14:20:04 zakim, ? is klanz2 14:20:04 +klanz2; got it 14:20:08 note: for xmlsec to use EXI as a canonicalization alg, EXI would have to add as part of the spec a rule on what order attributes are written out. 14:21:30 fhirsch3: We may want to think about using EXI for canonicalization and how it may improve XML Signature performance. 14:25:06 fhirsch3: Case number 1 is increase XMLSec for instances that are not aware of EXI. 14:26:43 youenn has joined #xmlsec 14:26:44 fhirsch3: Case number 2 is to improve XMLSec within EXI. 14:27:14 Ideally, want to EXI doc before encrypting. 14:28:00 anil has left #xmlsec 14:28:05 Re Previous Discussaion: There might be similarites between "transform primitives" and what EXI calls the things you do not care about ... http://lists.w3.org/Archives/Public/public-xmlsec/2008Oct/0000.html 14:28:41 john: XML Enc may not be able to take advantage of the performance increase of EXI without significant pain. 14:28:58 -Executive_6 14:29:10 Did we just loose the conference bridge? 14:29:11 you lost the connection 14:29:14 the phone line seems dead 14:29:27 I also lost connection 14:29:29 zakim, call executive_6 14:29:29 ok, fhirsch3; the call is being made 14:29:30 +Executive_6 14:29:42 OK... it works again 14:31:13 [s1] Type='http://www.w3.org/2001/04/xmlenc#Element'/> 14:31:13 [s2] Algorithm='http://www.w3.org/2001/04/xmlenc#tripledes-cbc'/> 14:31:13 [s3] 14:31:14 [s4] John Smith 14:31:16 [s5] 14:31:18 [s6] DEADBEEF 14:31:20 [s7] 14:31:27 Maybe use another Algorith Identifier 14:31:42 s/Algorith/Algorithm/ 14:32:08 http://www.w3.org/2008/10/exi/xmlenc#tripledes-cbc 14:32:14 or similar 14:33:29 consideration of using mimetype attribute 14:33:41 http://www.w3.org/TR/xmlenc-core/#sec-EncryptedType 14:34:05 note two areas, 1st use of exi to improve xml security, here for c14n in signature worth consideration 14:34:19 second, integration with exi tighter 14:34:21 anil has joined #xmlsec 14:34:49 main pain point in exi is encryption due to size of cipherdata, from xml, here exi first then encryptoin would help 14:35:01 mimetype 14:35:22 s/encryptoin/encryption 14:36:05 john: EXI could possibly be used with XML Enc as it is with a minor tweak to identify the encrypted data as EXI. 14:37:28 q+ 14:38:14 brutzman has joined #xmlsec 14:38:41 ack esimon 14:39:50 john: Mapping from XML for XML encryption to EXI is relatively straight forward. 14:41:12 john: the work to allow EXI as a canonicalization method should benefit both the XMLSEC and EXI WGs. 14:42:20 bal: Supporting XML Enc within EXI will require a change to XML Enc, ref section 4.2. 14:44:11 fhirsch3: We understand how to support EXI for XML Enc, but need to be mindful of interoperability. 14:45:06 fhirsch3: We also need to work the W3C Rec process. 14:45:49 john: No current pressing need for EXI from the XMLSEC WG. 14:46:05 pdatta: We cannot use a MIME type directly. 14:46:35 fhirsch3: We were discussing using a new type element. 14:47:06 queue+ 14:47:40 bal: EXI could define a new types EXIelement 14:48:03 http://www.w3.org/TR/xmlenc-core/#sec-EncryptedType 14:48:05 bal: this can be done outside XML Encryption spec 14:48:13 14:48:14 14:48:14 14:48:59 ack magnus 14:49:31 q+ 14:49:53 discussion, use type attribute, uri defined by EXI team and processing rules 14:49:56 ack klanz 14:49:56 jakko: does EXI need both EXIelment and EXIContent, probably not because EXI does not propobably support mixed content , so only EXIElment is ok 14:50:10 fhirsch3: EXI should define the URI and processing rules for XML Enc support. 14:50:41 wondering, where is the test/examples corpus for XMLSEC mentioned earlier today? 14:50:50 Process decrypted data if Type is unspecified or is not 'element' or element 'content'. 14:50:50 1. The cleartext octet sequence obtained in Step 3 MUST be returned to the application for further processing along with the Type, MimeType, and Encoding attribute values when specified. MimeType and Encoding are advisory. The Type value is normative as it may contain information necessary for the processing or interpration of the data by the application. 14:50:50 2. Note, this step includes processing data decrypted from an EncryptedKey. The cleartext octet sequence represents a key value and is used by the application in decrypting other EncryptedType element(s). 14:51:00 in this case EXI) to interpret 14:51:38 if not element or elementcontent then exi can interpret 14:52:26 bal exi takes care of decryption, into dom then exi 14:52:36 bal: XML encryption spec says that if type is not element or content, then hand it back to application, is EXI the application ? 14:53:14 fhirsch3: Using EXI for canonicalization will require further work outside of this meeting. 14:55:07 john: three things a) using EXI for canonicalization, b) define new algorithm URI for EXI canoncailzation, c) new type for Encryption EXIelement 14:56:01 fhirsch3: Performance measurements regarding the use of EXI for canoniclaization would be helpful. 14:57:04 EXI does have a test framework for measuring compression and decompression that is a Java based framework. 14:57:18 It can measure both Java and C++ 14:58:21 ACTION: thomas to update homepage with information test suites 14:58:21 Created ACTION-89 - Update homepage with information test suites [on Thomas Roessler - due 2008-10-27]. 14:59:38 The EXI test corpus is online at http://www.movesinstitute.org/exi 15:01:08 The EXI test corpus is hosted at Naval Postgraduate School in Monterey 15:01:22 fhirsch3: It may make sense to have a joint EXI XMLSEC session at the next XMLSEC F2F (13-14 January 2009). 15:01:53 The EXI test corpus is based on Japex https://japex.dev.java.net - "Japex is a simple yet powerful tool to write Java-based micro-benchmarks." 15:03:47 john: In the case where the fidelity is not important - e.g. in web services an EXI bases canonicalization will be advantageous 15:04:31 fhirsch3: What is the benefit of EXI users to use EXI canonicalization? 15:04:42 bal: in web services fidelty is important - shred and reconstruct use cases 15:04:56 john: We have some information based on a customer experiment that was done in 2006. 15:07:25 fhirsch3: Do the benefits of using EXI for canonicalization outweigh the costs for adding everything needed to process EXI? 15:08:38 fhirsch3: Using EXI for canoncalization adds more dependent libraries - need to evaluate this 15:11:29 jkangash has left #xmlsec 15:13:03 dape has joined #xmlsec 15:13:04 bye 15:13:27 dape has left #xmlsec 15:14:04 youenn has joined #xmlsec 15:14:29 Please find answer to Sue Hoylen's Question: http://lists.w3.org/Archives/Member/member-xmlsec/2008Oct/0011.html 15:18:23 TOPIC: Hoylen Response 15:18:31 http://lists.w3.org/Archives/Member/member-xmlsec/2008Oct/0012.html 15:21:39 caribou has left #xmlsec 15:21:41 http://lists.w3.org/Archives/Public/public-xmlsec-comments/2008Oct/0000.html 15:22:25 fhirsch3: The response looks reasonable. 15:23:13 RESOLUTION: Konrad's response to Sue Hoylen is fine and Konrad will send it. 15:25:32 RESOLUTION: Add Hal's Web Services info into the requirements doc. 15:26:36 ACTION: kyiu to provide a draft for the requirements document of the simple signing requirements. 15:26:37 Created ACTION-90 - Provide a draft for the requirements document of the simple signing requirements. [on Kelvin Yiu - due 2008-10-27]. 15:27:47 ACTION: jcruella to provide a draft for the requirements document for long term signatures. 15:27:47 Created ACTION-91 - Provide a draft for the requirements document for long term signatures. [on Juan Carlos Cruellas - due 2008-10-27]. 15:33:54 TOPIC: Web Apps Prep 15:33:55 http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0076.html 15:34:53 herve has left #xmlsec 15:35:04 tlr: WebApps is writing a profile of XML Signature for signing widgets. 15:36:53 tlr: WebApps want to know what set of algorithms should be mandatory? 15:38:32 http://tools.ietf.org/html/rfc4051 15:38:54 http://tools.ietf.org/html/rfc4051#section-2.1.2 15:39:28 http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#sha256 15:40:11 RSA-SHA256 15:40:11 http://tools.ietf.org/html/rfc4051#section-2.3.2 15:40:31 http://tools.ietf.org/html/rfc4051#section-2.3.6 15:40:34 ECDSA 15:43:03 RFC 4051 is PROPOSED STANDARD in http://tools.ietf.org/html/rfc4051 ... 15:43:23 http://www.w3.org/2008/xmlsec/track/issues/59 15:43:35 ACTION: kyiu to make a proposal for Issue 59. 15:43:35 Created ACTION-92 - Make a proposal for Issue 59. [on Kelvin Yiu - due 2008-10-27]. 15:45:03 http://lists.w3.org/Archives/Public/public-xmlsec-discuss/2008Mar/0000.html 15:45:11 For HMAC, there are also some identifiers in RFC 4231 15:46:41 http://tools.ietf.org/html/draft-eastlake-additional-xmlsec-uris-00 15:46:49 that is the expired draft ... 15:47:34 I propose seeking review by the IETF security directorate. 15:48:25 q+ 15:48:50 We MUST not forget about this one that was added to the expired draft ... 15:48:50 http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160 15:48:50 http://tools.ietf.org/html/draft-eastlake-additional-xmlsec-uris-00#section-2.3.6 15:49:21 pdatta: I recommend adding a table for recommendations regarding bit strength. 15:49:45 bal: I recommend not doing that and pointing to the relevant NIST doc. 15:50:07 can we make sure all the URIs and references we have here in the minutes, are revisited by the person taking the action of collecting this stuff 15:51:55 4051 covers all of the algorithms that are not covered elswhere, but does not point to the ones that are covered. 15:51:59 summary, can answer widgets re alg identifiers using sha256 uri from encryption for reference hashing and rsa-sha256 from 4051 15:53:10 bal: Who will implement the checks for WebApps? 15:55:28 TOPIC: Action Review 15:56:13 fhirsch3: All actions items can be closed. 15:56:34 bye everyone ... 15:56:44 q 15:56:52 Recessing until tomorrow morning. 15:57:01 -magnus 15:57:30 bye 15:57:45 -Ed_Simon 15:57:50 bye have a nice dinner !! 15:58:03 -jcc 15:58:05 bye every one 15:58:13 -klanz2 15:58:26 Zakim, list participants 15:58:26 As of this point the attendees have been Ed_Simon, Executive_6, jcc, klanz2, +1.781.515.aaaa, magnus 15:58:33 recess until tomorrow, thank you 15:58:35 RRSAgent, make log member 15:58:52 RRSAgent, generate minutes 15:58:52 I have made the request to generate http://www.w3.org/2008/10/20-xmlsec-minutes.html rdmiller 15:59:06 Zakim, bye 15:59:06 leaving. As of this point the attendees were Ed_Simon, Executive_6, jcc, klanz2, +1.781.515.aaaa, magnus 15:59:06 Zakim has left #xmlsec 16:03:03 Present+ Jaakko Kangasharju, Taki Kamiya, Bede Mccall, Youenn Fabuet, Herve Ruellan, Don Brutzman 16:03:53 Present+ John Boyer, Steven Pemberton, Ultide Lisse, Nick Van den Blecken, Roland Merrick, TV Raman, Charlie Wiecha 16:04:16 Present+ Keith Wells 16:04:42 observers included Bede, Youenn, Herve, Xu 16:05:09 RRSAgenda, generates minutes 16:05:25 RRSAgent, generate minutes 16:05:25 I have made the request to generate http://www.w3.org/2008/10/20-xmlsec-minutes.html fhirsch3 16:08:26 bal has joined #xmlsec