[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes: XRI TC Telecon 2-3PM PT Thursday 2009-05-28
Following is the agenda for the unofficial telecon of the XRI TC at: Date: Thursday, 28 May 2009 USA Time: 2:00PM - 3:00PM Pacific Time (21:00-22:00 UTC) ATTENDING John Bradley Drummond Reed Will Norris Peter Davis Scott Cantor AGENDA 1) IDTRUST MEMBER SECTION XML DSIG RESEARCH PROPOSAL John said the the Steering Committee is willing to entertain a detailed proposal do fund research on the distribution of XML dSig libraries with a tangible deliverable, especially if it would benefit multiple TCs. The TC postponed the issue of whether it wants to request such funds depending on the outcome of its discussion of the usage of XML dSig (see below). 2) XML DSIG AND XRD SIGNING METHOD(S) The thread on the mailing list that currently ends with... http://lists.oasis-open.org/archives/xri/200905/msg00045.html ...includes this excerpt from the last message: "[Will has] been talking with Scott [Cantor] about this a bit the last couple of days as well, and he's indicated a way of doing XML Signatures without needing to do full c14n [canonicalization]. I didn't entirely understand all of it (maybe some of you are already familiar with it), but have pasted his response below. He's volunteered to join the TC call tomorrow if we want to pursue this further. If we can find a way to do XML DSig in a way that is reasonably supported among the major programming languages, it would make this whole thing much cleaner (not having four different ways to deliver the signature)." Because he had to leave early, John began by advocating that we need as simple and strong of a signature method as we can get. Scott explained that the W3C XML dSig WG is looking at doing a 2.0 spec due to performance and canonicalization issues. A new proposed spec has not been drafted but the discussion is moving in a good direction. It looks like it will be "plug-compatible" with existing implementations. In this new 2.0 spec, there would be a subset of the XML dSig spec that would be appropriate for simplified signing of XML documents like XRDs. Scott feels that if there are sufficient constraints in place on the XML that is going to be signed, sufficient optimizations can be made to keep implementations much less complex and support adequate performance. In particular, he said that if you are just signing subtrees, canonicalization can be very straightforward. Another advantage to this approach is that XRD signing would be compatable with existing XML dSig implementations, requiring no new coding in applications that used them. In places where XML dSig implementations are not available, an implementation under these constrained conditions can be much simpler than a generic XML dSig implementation. Will asked whether these more narrow requirements are already profiled somewhere. Scott said yes, the SAML profile of XML dSig, which uses the enveloped signature option, already meets these constraints, and should be able to be referenced as is by the XRD 1.0 spec. Scott also believes that the IMI 1.0 (Information Card) spec uses a similar profile. John noted that he was also in favor of this approach because compatability with the SAML libraries is a benefit to adoption. Will is in favor because this approach would reduce four methods for signing an XRD to a single method, which has obvious benefits with regard to interoperability and reduced implementation complexity. Scott explained that biggest single factor in avoiding XML dSig complexity is avoiding Q-Names in our schema. We can also further reduce signature complexity by adding constraints such as requiring attribute ordering. He also noted that we need to add an ID attribute on our root element. Drummond asked whether XRD extensibility will be an issue. Scott said no; the fact that XRDs are extensible should not present a problem to achieving this simplified XML dSig capability. We can still publish guidelines and best practices for extensions. There is consensus among all the attendees on this call that using the SAML profile of XML dSig, together with constraints in the XRD spec that enable this profile to avoid common XML dSig problems, appears to be the best solution to XRD signing. We then discussed how to move to full TC-wide consensus on this decision. The general steps are: a) Publish these minutes. b) Send a special note to the list highlighting the proposal for TC members who were not on the call. c) If we achieve TC-wide consensus, move to discussing it with other related communities, such as OpenID and OAuth. d) If necessary, research support for simplified XML dSig in all the relevant platforms (this is the step that might need explicit funding). # DRUMMOND to post the minutes followed by a special email to the list regarding this proposal. 3) OTHER XRD 1.0 ISSUES Will said there is a still a dangling question about inheritance between the URI, TargetSubject, and TargetAuthority elements. Will recommends we need to go through the use cases to determine if we actually have an issue. # WILL to propose how to proceed. 4) XRI SYNTAX 3.0 WORKING DRAFT 02 STATUS/ISSUES Drummond reported that he does not expect to have another draft until next week's telecon. 5) NEXT CALL Regular time next week.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]