Minutes: XRI TC Telecon 2-3PM PT Thursday 2009-05-28

["Drummond Reed" <drummond.reed@cordance.net>]

Following is the agenda for the unofficial telecon of the XRI TC at:

Date:  Thursday, 28 May 2009 USA
Time:  2:00PM - 3:00PM Pacific Time (21:00-22:00 UTC)

ATTENDING

John Bradley
Drummond Reed
Will Norris
Peter Davis
Scott Cantor


AGENDA


1) IDTRUST MEMBER SECTION XML DSIG RESEARCH PROPOSAL

John said the the Steering Committee is willing to entertain a detailed
proposal do fund research on the distribution of XML dSig libraries with a
tangible deliverable, especially if it would benefit multiple TCs.

The TC postponed the issue of whether it wants to request such funds
depending on the outcome of its discussion of the usage of XML dSig (see
below).


2) XML DSIG AND XRD SIGNING METHOD(S)

The thread on the mailing list that currently ends with...

	http://lists.oasis-open.org/archives/xri/200905/msg00045.html

...includes this excerpt from the last message:

"[Will has] been talking with Scott [Cantor] about this a bit the last
couple of days as well, and he's indicated a way of doing XML Signatures
without needing to do full c14n [canonicalization].  I didn't entirely
understand all of it (maybe some of you are already familiar with it), but
have pasted his response below.  He's volunteered to join the TC call
tomorrow if we want to pursue this further.  If we can find a way to do XML
DSig in a way that is reasonably supported among the major programming
languages, it would make this whole thing much cleaner (not having four
different ways to deliver the signature)."

Because he had to leave early, John began by advocating that we need as
simple and strong of a signature method as we can get.

Scott explained that the W3C XML dSig WG is looking at doing a 2.0 spec due
to performance and canonicalization issues. A new proposed spec has not been
drafted but the discussion is moving in a good direction. It looks like it
will be "plug-compatible" with existing implementations.

In this new 2.0 spec, there would be a subset of the XML dSig spec that
would be appropriate for simplified signing of XML documents like XRDs. 

Scott feels that if there are sufficient constraints in place on the XML
that is going to be signed, sufficient optimizations can be made to keep
implementations much less complex and support adequate performance. In
particular, he said that if you are just signing subtrees, canonicalization
can be very straightforward. 

Another advantage to this approach is that XRD signing would be compatable
with existing XML dSig implementations, requiring no new coding in
applications that used them. In places where XML dSig implementations are
not available, an implementation under these constrained conditions can be
much simpler than a generic XML dSig implementation.

Will asked whether these more narrow requirements are already profiled
somewhere. Scott said yes, the SAML profile of XML dSig, which uses the
enveloped signature option, already meets these constraints, and should be
able to be referenced as is by the XRD 1.0 spec. Scott also believes that
the IMI 1.0 (Information Card) spec uses a similar profile.

John noted that he was also in favor of this approach because compatability
with the SAML libraries is a benefit to adoption.

Will is in favor because this approach would reduce four methods for signing
an XRD to a single method, which has obvious benefits with regard to
interoperability and reduced implementation complexity.

Scott explained that biggest single factor in avoiding XML dSig complexity
is avoiding Q-Names in our schema. We can also further reduce signature
complexity by adding constraints such as requiring attribute ordering. He
also noted that we need to add an ID attribute on our root element. 

Drummond asked whether XRD extensibility will be an issue. Scott said no;
the fact that XRDs are extensible should not present a problem to achieving
this simplified XML dSig capability. We can still publish guidelines and
best practices for extensions.

There is consensus among all the attendees on this call that using the SAML
profile of XML dSig, together with constraints in the XRD spec that enable
this profile to avoid common XML dSig problems, appears to be the best
solution to XRD signing.

We then discussed how to move to full TC-wide consensus on this decision.
The general steps are:

	a) Publish these minutes.
	b) Send a special note to the list highlighting the proposal for TC
members who were not on the call.
	c) If we achieve TC-wide consensus, move to discussing it with other
related communities, such as OpenID and OAuth.
	d) If necessary, research support for simplified XML dSig in all the
relevant platforms (this is the step that might need explicit funding).

# DRUMMOND to post the minutes followed by a special email to the list
regarding this proposal.


3) OTHER XRD 1.0 ISSUES

Will said there is a still a dangling question about inheritance between the
URI, TargetSubject, and TargetAuthority elements. Will recommends we need to
go through the use cases to determine if we actually have an issue.

# WILL to propose how to proceed.


4) XRI SYNTAX 3.0 WORKING DRAFT 02 STATUS/ISSUES

Drummond reported that he does not expect to have another draft until next
week's telecon.


5) NEXT CALL

Regular time next week.