[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Raw minutes from chat meeting #177 on 2017-MAR-06
Room Information:
OASIS Digital Signature Services eXtended (DSS-X) TC Weekly Meeting (Conference Call) #177
- Monday, 06 March 2017, 12:00 to 13:00 ET (UTC-5)
- i.e. 2017-03-06 18:00 to 19:00 CET (UTC+1)
- other timezone? Try eg.:
- https://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=3&day=6&hour=17&min=0&sec=0&p1=47&p2=69&p3=179
Meeting Member URL:
- URL = https://www.oasis-open.org/apps/org/workgroup/dss-x/event.php?event_id=43692
- Please use starting approx. 15 minutes before the meeting for self registration. Thanks.
- Self registration deep link (as a service):
- https://www.oasis-open.org/apps/org/workgroup/dss-x/record_my_attendance.php?event_id=43692&confirmed=1
Agenda-Draft E-Mail URL:
- E-Mail Public URL = https://lists.oasis-open.org/archives/dss-x/201703/msg00000.html
Minutes Draft Public URL (previous meeting):
- URL = https://www.oasis-open.org/committees/download.php/60082/dssx-176-draft-minutes-shagen-20170220.txt
Online document walkthroughs or presentations:
- URL = "Upon request via join.me"
Timeline:
- URL = "Ad Hoc "
Agenda Draft (for meeting #177):
- Roll call
- Approve agenda
- Approve minutes from previous meeting(s)
- Minutes from Februray 20, 2017 TC meeting #176:
- URL https://www.oasis-open.org/committees/download.php/60082/dssx-176-draft-minutes-shagen-20170220.txt
- Reports from ETSI ESI STF-524 meetings
- Core and Profile Maintenance
- Local Signature Profile
- Ballot "Approve DSS Extension for Local Signature Computation V1.0 with Non-Material Changes as a CS"
- URL https://www.oasis-open.org/committees/ballot.php?id=3042
- Profile for Comprehensive Multi-Signature Verification Reports
- Core
- Open Action Items from Previous Call(s)
- Summary on core refreshment
- Discussion and Walk-Through with Andreas Kuehne
- URL https://lists.oasis-open.org/archives/dss-x/201702/msg00055.html
- Core Issues in state New or Open (added since last meeting)
- DSSX-10 |
Difference between PDF and XSD with respect to cardinality
of ChainingOK within CertificateValidityType
- Discussion
- New Profile Candidates
- PAdES
- Server Site Profile for JEE Code Signing
- Next meeting
- Monday March 20, 2017 during 18:00 - 19:00 CET? (2017-03-20 17:00 to 18:00 UTC) ?
- AOB and wrap up
UsefulPlaces:
- Chat:
- http://webconf.soaphub.org/conf/room/dss-x # ... this place
- ScreenShare and Voice:
- skype (or as fallback upon request join.me)
Next Planned meeting (tentative):
- Monday March 20, 2017 during 18:00 - 19:00 CET? (2017-03-20 17:00 to 18:00 UTC) ?
- https://www.oasis-open.org/apps/org/workgroup/dss-x/event.php?event_id=43693
Interesting URLs to cite during meeting
- "Summary on core refreshment" contributed by Andreas (per email):
- Public URL = https://lists.oasis-open.org/archives/dss-x/201702/msg00055.html
- Ballot "Approve DSS Extension for Local Signature Computation V1.0 with Non-Material Changes as a CS"
- Public URL = https://www.oasis-open.org/committees/ballot.php?id=3042
[15:25] Stefan Hagen1 morphed into Stefan Hagen
[15:26] Stefan Hagen: Call will start on 18:00 CET
[17:54] Stefan Hagen: RegistrationInfo{Voting Members: 3 of 5 (60%) (used for quorum calculation)}
[17:54] Stefan Hagen: We are already quorate - great ... if only the voice client would start on my machine ...
[18:02] Juan Carlos: 1. Welcome by the chair (Juan Carlos Cruellas)
[18:02] Juan Carlos: 2. Minutes taker
All write into the chat, Stefan assembles and uploads into document area.
[18:02] Stefan Hagen: Skype always disconnects short after stab display -
[18:02] Juan Carlos: 3. Roll call
[18:02] anonymous morphed into Ernst Jan
[18:03] Juan Carlos: AK, SH, EJ, JC
[18:03] Juan Carlos: Regrets from DH
[18:03] Juan Carlos: 4. Approval of the agenda
[18:03] Juan Carlos: Approved
[18:03] Juan Carlos: 5. Approval of minutes from previous calls
URL=https://www.oasis-open.org/committees/download.php/60082/dssx-176-draft-minutes-shagen-20170220.txt
[18:04] Juan Carlos: Approved
[18:04] Juan Carlos: 6. Reports from ETSI ESI STF-524 meetings
[18:05] Juan Carlos: There will be an ESI plenary meeting from 14th to 16th March in Barcelona
[18:06] Juan Carlos: AK will attend the ESI meeting as the liason person of the DSS-X with ESI TC
[18:07] Juan Carlos: AK received credentials for the ETSI portal but did not manage to find the STF 524 documents
[18:08] Juan Carlos: JC and AK will work on this at the end of the call
[18:08] Juan Carlos: 7. Core and Profile Maintenance
[18:08] Juan Carlos: 7.1 Local Signature Profile
Ballot "Approve DSS Extension for Local Signature Computation V1.0 with Non-Material Changes as a CS"
URL=https://www.oasis-open.org/committees/ballot.php?id=3042
[18:09] Juan Carlos: 100% of yes votes.
[18:09] Juan Carlos: EJ: I will prepare the cs02 version. Will send it to you Stefan this week
[18:09] Juan Carlos: 7.2 Profile for Comprehensive Multi-Signature Verification Reports
[18:10] Juan Carlos: Related to work to be done by STF 524, and EN 319 102 (for the validation algorithm), TS 119 172-1 (for constraints)
[18:11] Juan Carlos: > Hi Juan Carlos, hi Detlef,
>
> I made myself familiar with the draft version of 116 172-1. This makes
> sense to me. Maybe some work to align the verification profile in detail
> but doable.
>
> But I'm really struggling with the verification model introduced by EN
> 319 102-1.
There is a paper by Moez Ben MBarka and Julien P. Stern "Certification validation: Back to the Past", which define a kind of sliding window algorithm for validating certificate chains time-stamped by chains of time-stamp tokens, on which some parts of the algorithm are based.
[18:12] Juan Carlos: > As far as I understand there is (at least an option for) a
> verification reporting of each and every aspect of the step performed.
Well, in the first clauses there are a couple of tables that list what shall and should be reported. Basically correspond to major elements found in the signatures
[18:16] Juan Carlos: I concur with you that the constraints in 119 172-1 are tough to check....but there are over there tools...for instance the DSS tool, an open source tool funded by the EC and that now is being maintained by Nowina, was able to validate signatures against a Signature Policy, and this implied, if I am not wrong to deal with the kind of constraints you mention (please note that most of them are taken from former ETSI TRs that specified very early formats for Signature Policies in XML (ETSI TR 102 03 and in ASN.1 (ETSI TR 102 272).
[18:17] Juan Carlos: ETSI TR 102 038
[18:20] Juan Carlos: http://www.etsi.org/deliver/
[18:31] Juan Carlos: What I would expect is an encoding that at least allows to report that the constraints in 119 172 have been checked, whether the constraint check resulted in success was OK or wrong, maybe some textual component for explaining the reasons of the result, and then an extension point where people could add additional constraints that very likely could have been registered somewhere. In essence, for each constraint I guess that the following could be required.
- Constraint specification information: defining entity and identifier
- Result (OK, KO)
- Details: text field(s)
[18:32] Juan Carlos: <element name="ValidationDataValues" type="ValidationDataType"/>
<complexType name="ValidationDataType">
<sequence>
<element name="X509Certificates" type="X509CertificatesListType" minOccurs="0" maxOccurs="unbounded"/>
<element name="X509CRLs" type="X509CRLListType" minOccurs="0" maxOccurs="unbounded"/>
<element name="BasicOCSPResponses" type="BasicOCSPResponsesListType" minOccurs="0" maxOccurs="unbounded"/>
<element name="OCSPResponses" type="OCSPResponsesListType" minOccurs="0" maxOccurs="unbounded"/>
<sequence minOccurs="0" maxOccurs="unbounded">
<element name="OtherValidationData" type="dss:AnyType" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</sequence>
</complexType>
<complexType name="X509CertificatesListType">
<sequence>
<element name="X509Certificate" type="IndexedBase64BinaryType" minOccurs="1" maxOccurs="unbounded"/>
</sequence>
</complexType>
<complexType name="X509CRLListType">
<sequence>
<element name="X509CRL" type="IndexedBase64BinaryType" minOccurs="1" maxOccurs="unbounded"/>
</sequence>
</complexType>
<complexType name="BasicOCSPResponsesListType">
<sequence>
<element name="BasicOCSPResponse" type="IndexedBase64BinaryType" minOccurs="1" maxOccurs="unbounded"/>
</sequence>
</complexType>
<complexType name="OCSPResponsesListType">
<sequence>
<element name="OCSPResponse" type="IndexedBase64BinaryType" minOccurs="1" maxOccurs="unbounded"/>
</sequence>
</complexType>
<complexType name="IndexedBase64BinaryType">
<simpleContent>
<extension base="base64Binary"/>
<attribute name="index" type="integer" use="required"/>
</simpleContent>
</complexType>
[18:35] Juan Carlos: 7.3 Core
[18:37] andreas: Include the xs:any in the XML schema anyway?
o Pro:
+ It enables product specific extensions
+ Common in other schemes
o Con:
+ Tricky mechanism in other bindings
+ Fallback to (untyped) byte arrays
+ endpoint lack of meta information
[18:49] Stefan Hagen: Al discuss with lot of echo
[18:52] Juan Carlos: Follow discussion by email pros and cons during this week. Make a decission next week
[18:52] andreas: Drop of ds:X509IssuerSerial? It is deprecated in XMLDSig 1.1
[18:53] Juan Carlos: ds:X509IssuerSerial is dropped in XML Sig
[18:53] andreas: Drop of the xs:any in UseVerificationTimeType? It's not mentioned in
the corresponding section of the core document.
[18:53] Juan Carlos: AK;: Propopose to drop ds:X509IssuerSeria
[18:53] Juan Carlos: JC: concur
[18:54] Juan Carlos: xs: any in UseCerificationTimeType:
[18:54] Juan Carlos: AK: propose to drop as it is not mentioned in the text of the core...left over?
[18:54] andreas: dss:RequesterIdentity, dss:TstInfo and dss:Timestamp are not
referenced by the updated core. Refactor it to a special Timestamp
profile?
[18:57] andreas: Mechanism for a query-like key selection
o Extend the core?
o Delegate it into a profile?
[18:58] andreas: Handling of existing profiles
o Contact author requisting an update to the new core?
o Leave the DSS 1.0 world as is?
[19:01] andreas: Contact authors and get their opinion
[19:01] Juan Carlos: 7.3.2 Core Issues in state New or Open (added since last meeting)
Ordered by filter("project = DSSX AND created >= -5w ORDER BY created DESC"):
URL=https://issues.oasis-open.org/browse/DSSX-9?jql=project%20%3D%20DSSX%20AND%20created%20%3E%3D%20-5w%20ORDER%20BY%20created%20DESC
[19:02] Stefan Hagen: DSSX-10 is OPEN
[19:02] Juan Carlos: 9. AOB
[19:04] Juan Carlos: 9. Next meetings
9.1 Next Meeting
Suggested is Mon, 20 Mar 2017 DSS-X Conference Call 178:
URL=https://www.oasis-open.org/apps/org/workgroup/dss-x/event.php?event_id=43693
[19:06] Stefan Hagen: Meeting adjourned by Chair
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]