Re: [widgets] How to divorce widgets-digsig from Elliptic Curve PAG?
On Wednesday 04 January 2012 09:19:51 Arthur Barstow wrote: > In case it isn't clear, I don't think anyone suggested the ECC stuff > should be "deprecated". On the contrary, I think it makes sense for ECC > to be an algorithm for XMLDigSig1.1. However, some of us have advocated > the syntax be separated from the algorithms. That would permit the > Syntax spec move to REC separately and the algorithm spec(s) could > advance separately (as the market determines the "winner(s)"). This could be a valid conclusion for a PAG BTW Rigo
Re: [widgets] How to divorce widgets-digsig from Elliptic Curve PAG?
Hi all, Frederick is innocent! My aim as PAG chair is to conclude by March. The solution is still open. We don't know yet whether the algorithms used by XML SIG or ENC really violate the declared patents. We will hopefully know until then. I'm still waiting for one response from MIT but will proceed without them if they do not respond by the end of the week. Again, those are hopes, not hard deadlines. I don't think a PAG can have hard deadlines unless the algorithm is "deprecate the feature if not solved until fixed date". I guess Frederick was arguing against that logic leading to deprecation of ECC. Happy New Year! Rigo On Tuesday 03 January 2012 13:07:46 frederick.hir...@nokia.com wrote: > No I am not. > > Marcos took my email that expressed my hopes and turned it into a hard > deadline, which I do not agree with. > > I suggest we let Rigo/Thomas continue this thread. > > regards, Frederick > > Frederick Hirsch > Nokia > > On Jan 3, 2012, at 7:23 AM, Arthur Barstow wrote: > > On 12/29/11 11:18 AM, Hirsch Frederick (Nokia-CIC/Boston) wrote: > >> Marcos > >> > >> My expectation is that we should have a PAG update on progress in the > >> first week of January (hopefully) and a timeline like Rigo noted, > >> with full resolution of the iPR issue by March - but only the PAG > >> chair knows the reality since my expectations are as a "customer" of > >> the PAG output. I entirely agree with you that "years" is not > >> appropriate.> > > Are you saying that if the ECC PAG caused by RIM does not complete its > > work by March, the XML Sec WG will do the factoring as Marcos describes > > below? > > > > -AB > > > >> Apologies, here is the link: > >> http://lists.w3.org/Archives/Public/public-xmlsec/2011Dec/0026.html > >> > >> regards, Frederick > >> > >> Frederick Hirsch > >> Nokia > >> > >> On Dec 29, 2011, at 10:22 AM, ext Marcos Caceres wrote: > >>> On Thursday, 29 December 2011 at 14:11, frederick.hir...@nokia.com wrote: > As I said before, this action is premature and we should let the > PAG conclude (or at least wait for a status report) - the W3C > Team may have more to say, but if this is on the order of weeks I > do not think making work here to have apparent progress is > useful. I have not seen a definitive statement from the ECC PAG > chair.>>> > >>> That's fine. I guess as long as we don't have to wait one or two > >>> years (and I say that with a serious face!).>>> > Did you read the message from Brian LaMacchia? If not, please read > it, as it provides additional argument against this proposed > change.>>> > >>> Pointer please? > >>> > I am against revising XML Signature 1.1 until I understand the > actual PAG status and until we have XML Security WG agreement. > This endless email debate is not helpful and I'm not sure I > understand the urgency related to widgets apart from a desire to > mark it as complete.>>> > >>> The urgency is just that (getting it to Rec). > >>> > >>> But academically, the other arguments that were made are valid. Those were: > >>> * a /latest/ location > >>> * decupling algorithms, etc, from processing.
Re: [widgets] How to divorce widgets-digsig from Elliptic Curve PAG?
Hi Art, the pessimistic XMLSECPAG chair told you that it wouldn't resolve within days. But I hope to have a clear view and plan by the end of January. Executing that plan may take some time. Plan is to resolve until end of March, if everything goes well. Well meaning a decision of the PAG and the execution thereof, not necessarily finding a way to destroy the disclosed patents. The three years can be explained by very promising negotiations with Certicom on an RF license that finally failed because of an overreaching clause on defensive suspension. We were really close to a resolution. Best, Rigo XMLSEC PAG Chair On Wednesday 21 December 2011 09:35:08 Arthur Barstow wrote: > As an FYI for the XMLSec WG members, note that another widget spec was > blocked for two years because of a PAG [1] so it's quite understandable > that having widgets-digsig blocked by YA PAG creates concerns for some > WG members, especially given the ECC PAG Chair's "pessimistic" view [3] > of a "quick" PAG resolution.
Re: [widgets] How to divorce widgets-digsig from Elliptic Curve PAG?
Hi all, as the PAG chair of this XMLSEC PAG, let me tell you that support from the industry in sorting this out was low so far. What I heard through the grapevine was more or less: "We know, but we can't tell you". For the moment, W3C is asking for cost estimates to figure out what most of the members already know (as they have done the analysis on ECC long ago). Taking into account the complexity of the subject matter and also the delays due to messaging to the AC etc, I'm rather pessimistic about a quick resolution. Best, Rigo On Wednesday 14 December 2011 19:11:51 frederick.hir...@nokia.com wrote: > I'm suggesting we let the XMLSec PAG conclude before taking that step (or > another possibility), but obviously that depends on the PAG timeline going > forward.
Re: FYI: W3C Workshop on Access Control Application Scenarios; Nov 17-18 in Luxembourg
Hi Art, Anne, looks like the focus of the CORS specification is on very simple access control that would just express that site A allows access to content if the javascript stuff calls it from a thing found on site B. The workshop deals with conditions (policy) under which a certain resource can be accessed. The conditions include the availability of credentials that include crypto credentials. It will also deal with the question on how to address credentials that are needed to get access. It may also address the question on how to describe the resource you are asserting conditions and access control restrictions on (e.g. clouds). Finally, it deals with privacy semantics and identity management of access control and how to assert them e.g. in XACML conditions. These are only the things I definitely know will come up. So it depends on whether Anne or other Members from the Webapps group see benefit in finding out and contributing to more advanced access control issues. It may be nice for those wanting more power in cross site access control, to want to find out how to use more advanced languages together with CORS. That may be a very useful contribution from folks in webapps. Best, Rigo On Wednesday 23 September 2009, Anne van Kesteren wrote: > On Wed, 23 Sep 2009 02:18:02 +0200, Arthur Barstow > > > wrote: > > Given WebApps' CORS spec, this Workshop (November 17-18 in > > Luxembourg) may be of interest to you: > > > >http://www.w3.org/2009/policy-ws/cfp.html > > Thanks Art. I looked into this and couldn't really figure out how > CORS relates. And if I just misunderstood it, does that mean I > should submit a position paper on CORS? The scope seems quite > broad so I guess it might fit in somehow, but then we already > have a WG that handles it... > > It also sounds like it has overlap with the IETF activity on > OAuth. > > (Personally I get quite lost in the sea of terminology used on > that page > > :-)) > signature.asc Description: This is a digitally signed message part.
Public call for prior art on Widget updates
http://www.w3.org/2009/03/widgets-pag/cfpa The W3C hereby issues a call for prior art on US patent 5,764,992 [1] that may apply to the Widgets updates specification[2]. Pursuant to its rights under W3C's Patent Policy, Apple Inc. has excluded all claims of the aforementioned patent from the W3C Royalty-Free License commitment. The PAG seeks information about software update systems available before June 1995 that offer a viable solution that may apply to the use of updates in Widgets. People who wish to provide feedback should refer to the call[3] for more information or write back to public-widgets-...@w3.org Please distribute this call for prior art as widely as possible. 1.http://is.gd/101wZ 2.http://www.w3.org/TR/2008/WD-widgets-updates-20081007/ 3.http://www.w3.org/2009/03/widgets-pag/cfpa.html Rigo Wenning Widgets update PAG chair W3C Legal counsel signature.asc Description: This is a digitally signed message part.
Re: Need PDF of MS' input [Was Re: Seeking earlier feedback from MS]
Dear all, I've looked at the click-through license of the Microsoft Public License. The license has some viral effects and if the specification you are producing here will re-use parts of Microsoft's document, we may end up in a situation where the Recommendation would also have to carry the MS-Public license because of the click-through. I would rather like to avoid such a confusing situation. So if this document is not only for reading, I would kindly ask Microsoft to provide the document either in member space or in public space as a contribution within the framework of the work of this group. This would allow all to work in the context they expect. The contribution can be done by sending the document to the mailing-list or adding it to the wiki with a comment that it is designated to be input and contribution to the WebAPI work. Would that be feasible? I think that was what Art requested in the message cited below. Best, Rigo Wenning W3C Staff counsel Art Barstow wrote: > Sunava - as requested by several members of the WG, please send a PDF > version of this document directly to the public-webapps mail list. > > -Thanks, Art Barstow signature.asc Description: This is a digitally signed message part.