Thomas Roessler | 23 Oct 19:43 2007
Picon

[fwd] Report on Workshop on Next Steps for XML Signature and XML Encryption (from: tlr <at> w3.org)

FYI.
-- 
Thomas Roessler, W3C  <tlr <at> w3.org>

----- Forwarded message from Thomas Roessler <tlr <at> w3.org> -----

From: Thomas Roessler <tlr <at> w3.org>
To: public-xmlsec-discuss <at> w3.org
Date: Tue, 23 Oct 2007 19:40:41 +0200
Subject: Report on Workshop on Next Steps for XML Signature and XML
	Encryption

On 25 and 26 September 2007, W3C held a Workshop on Next Steps for
XML Signature and XML Encryption [1] in Mountain View, CA, USA,
hosted by VeriSign. The group has published its summary report [2].

The Workshop report indicates strong interest in additional work on
XML security and interest in a Working Group. Attendees identified
the areas of highest interest:

   - Create a basic profile of XML Signature
   - Review and possibly update the referencing
     model using xml:id and other mechanisms
   - Update cryptographic algorithms
   - Revisit XML canonicalization
   - Update the transform model.

Areas of ongoing and medium interest that were identified are scalable
profiling, implementation guidance, key management issues, XKMS, XML 1.1, EXI,
and interaction with other security organizations.
(Continue reading)

Sam Hartman | 29 Oct 18:27 2007
Picon

Minor addition to draft-williams-on-channel-binding; one week to respond


Folks, while attempting to use draft-williams-on-channel-binding in
the SASL working group, we came across an ambiguity.

In response to IETF last call comments we added the concept of a
unique prefix and a registry of prefixes for channel binding type.  We
added a requirement that applications make sure that one channel could
not conflict with another channel type.  However we didn't specify how
the prefix was to be used.

This ambiguity made using specifications more complex than needed.
So, we propose to actually say that the prefix needs to be a prefix.
This change has the support of the authors, myself, and members of the
SASL community including the author of the document trying to use this
mechanism.

In particular, we propose adding the following text:

    >> "Under this framework, channel bindings MUST start with the
    >> channel binding unique prefix followed by a colon (ASCII 0x3A).
    >> "

The document is currently in auth48.  I will approve this change if
there are not objections in a week.

Sam Hartman | 29 Oct 18:54 2007
Picon

Stepping down in March


It's with very mixed feelings that I'm writing to announce that I will
be stepping down in March from my position as a security area director.

These days, the IESG is an incredibly rewarding experience.  I've
gotten to a point where I can efficiently review documents.  The rest
of the IESG is great to work with and we're getting a lot done.  I
feel that my work is making a difference.

However I don't believe I'll have the necessary time to continue in
the security area director role.  I'm looking forward to the birth of
my first child in early February.  I've also taken on the role of
Chief Technologist at the MIT Kerberos Consortium.  I don't think I
will have time for my family obligations, for the consortium role and
to continue as area director.  So, I have chosen to step down as
security area director.

I do plan on continuing significant involvement in the IETF.  I'll
definitely be involved because of my Kerberos work and I may have time
for leadership roles that require less of a commitment than the IESG.

As you may be aware, the IESG asked area directors not to inform the
community about whether they were returning to make sure the nomcom
had a good list of potential candidates.  The nomcom has informed me
that now would be a good time to make an announcement, so I'm doing
so.

It has been a pleasure to work with you all and I will look forward to
working together in the future, while missing working as part of the
IESG.
(Continue reading)

Russ Housley | 29 Oct 19:06 2007

Re: Stepping down in March

Sam:

We value the contribution you have made to the IETF Community as 
Security AD, and we look forward to you continued involvement.

Best wishes with your new role and fatherhood,
   Russ

At 01:54 PM 10/29/2007, Sam Hartman wrote:

>It's with very mixed feelings that I'm writing to announce that I will
>be stepping down in March from my position as a security area director.
>
>These days, the IESG is an incredibly rewarding experience.  I've
>gotten to a point where I can efficiently review documents.  The rest
>of the IESG is great to work with and we're getting a lot done.  I
>feel that my work is making a difference.
>
>However I don't believe I'll have the necessary time to continue in
>the security area director role.  I'm looking forward to the birth of
>my first child in early February.  I've also taken on the role of
>Chief Technologist at the MIT Kerberos Consortium.  I don't think I
>will have time for my family obligations, for the consortium role and
>to continue as area director.  So, I have chosen to step down as
>security area director.
>
>
>I do plan on continuing significant involvement in the IETF.  I'll
>definitely be involved because of my Kerberos work and I may have time
>for leadership roles that require less of a commitment than the IESG.
(Continue reading)

Tim Polk | 30 Oct 15:22 2007

Re: Stepping down in March

Sam,

You are not the only one experiencing very mixed feelings!  As your  
co-AD, I have
personally benefited from you experience and insight in security,  
IETF protocols,
and the IETF process.  As a community, we have all benefited from  
those qualities,
and your leadership.  Your shoes will be hard to fill.

However, I am delighted for you and your new role as a father.   
Congratulations!
The joys and rewards of parenthood continue to amaze me, and should  
not be
missed even for something as important as the IETF!

I am also pleased - make that relieved - to hear that you intend to  
remain involved
in the IETF.  I am sure that many in the IETF community will be  
looking for
opportunities to leverage your considerable talents in new ways after  
March.

Thanks,

Tim Polk

On Oct 29, 2007, at 1:54 PM, Sam Hartman wrote:

>
(Continue reading)

Russ Housley | 30 Oct 15:43 2007

Re: Minor addition to draft-williams-on-channel-binding; one week to respond

I support this late addition.

Russ

At 01:27 PM 10/29/2007, Sam Hartman wrote:

>Folks, while attempting to use draft-williams-on-channel-binding in
>the SASL working group, we came across an ambiguity.
>
>In response to IETF last call comments we added the concept of a
>unique prefix and a registry of prefixes for channel binding type.  We
>added a requirement that applications make sure that one channel could
>not conflict with another channel type.  However we didn't specify how
>the prefix was to be used.
>
>This ambiguity made using specifications more complex than needed.
>So, we propose to actually say that the prefix needs to be a prefix.
>This change has the support of the authors, myself, and members of the
>SASL community including the author of the document trying to use this
>mechanism.
>
>In particular, we propose adding the following text:
>
>
>     >> "Under this framework, channel bindings MUST start with the
>     >> channel binding unique prefix followed by a colon (ASCII 0x3A).
>     >> "
>
>
>The document is currently in auth48.  I will approve this change if
(Continue reading)


Gmane