XML Signature WG

99-December-09
Chairs: Donald Eastlake and Joseph Reagle
Note Taker: Joseph Reagle [text]

Participants

• Donald Eastlake 3rd, IBM
• Joseph Reagle, W3C
• Mark Bartel, JetForm
• Ed Simon , Entrust Technologies Inc.
• John Boyer, UWI
• Peter Lipp,
• Todd Vincent, GSU
• David Solo, Citigroup
• Richard Himes, US District Court of New Mexico

Review of Outstanding Action Items

• ...

Status of documents < 5 minutes

Requirements: pending IESG advancement to Informational RFC.

Post a Core version this week to WG page, then hopefully another one that addresses any SignedInfo syntactical changes as a pseudo proposal.

Signature Syntax & Processing draft questions:

• Transforms and Node Sets
  • conversation resulting from Kent and Boyer on "the output of the this transform is a new XML document" -> the output of the XPath transform is a node set, string, boolean, or number. Boyer will send text to replace present text.
  • if you want text, then you must call the function 'string()'
  • XMLSig needs to define an order of attributes (and namespaces). Boyer will send text on how xmlns are ordered.
• John is asking for a validate attribute.
  • Solo: need a very mechanistic and non-variant way to do deal with the signature over actual content referenced in the core: sign one or more things, if it comes back as valid, they all come back. References in the core signature that allow objects to change and come back as valid is an absurd premise. The core references' content can't change.
  • [Reagle gets caught in conversation and doesn't take good notes.]
  • No concensus to introduce validate attribute.
• Eastlake's Syntax Proposal
  • Call discusses Don's proposal though most haven't had a chance to look at it closely. Generally people are comfortable with grouping ObjectReferences in a Manifest other things (like Object and SignedProperties) need more discussion.
  • Reagle: Discuss proposal on list. After a weeks conversation, Don should try to represent his proposal as a variant spec. By 12/21 have a sense of what changes if any WG is comfortable with. Once we've made those decisions public a draft. In January begin producing functionality FAQ (How do I sign the KeyInfo, how do I create a location indepedent signature) using stable syntax as a way to mediate WG last call. And use stable syntax to write examples for rough interop testing.

Face to Face meeting arrangements < 10 minutes

• Meeting is in SanJose on the 21st, further logistics should follow.