Description:
==========
Agenda:
1. Welcome by the Chair (Andreas)
2. Minutes taker
All write into the chat(http://webconf.soaphub.org/conf/room/dss-x), Andreas assembles and uploads into document area.
3. Roll call
4. Approval of the agenda
5. Approval of minutes from previous calls
5.1 Minutes from call #251 on 07 Sep 2020:
URL = https://www.oasis-open.org/committees/document.php?document_id=67733&wg_abbrev=dss-x
6. DSS-X documents
6.1 Progress of DSS-X Core
- publication of CVE
CVE-2020-13101 assigned, waiting for approval
info teaser published
status of CVE-2020-13101?
- topics for CS03
DSSX-63: Section 6 of the core cs02 references a non-existing element 'SignatureType' of OptionalInputsVerify
DSSX-64: Reference JSON schema in Swagger and OAS files
collecting additional topics
planning for CS03 together with some profiles
6.2 Problems verifying XML and JSON schema
- local and remote schema locations
- due to JSON Validator „tberman.json-schema-validator“: Invalid schema: dereference error
- due to OpenAPI validator „mermade.openapi-lint“ : 'incContent' invalid
status of stefan's multi-TC efforthttps://github.com/WebOfTrustInfo/ld-signatures-java.git
7. Profiles
- Evidence, JSON Signature and X.509 profiles next for CD.
first draft of Evidence Record Validation profile at https://www.oasis-open.org/committees/document.php?document_id=67046&wg_abbrev=dss-x
Received comment from Tobias Wich: https://lists.oasis-open.org/archives/dss-x-comment/202007/msg00000.html
Response and open topic (response URL) at https://lists.oasis-open.org/archives/dss-x-comment/202007/msg00001.html
updated version pending
- JSON Canonicalization
Any agreed standard? RFC 8785
Implementations (thanks to Anders):
Java: https://mvnrepository.com/artifact/io.github.erdtman/java-json-canonicalization/1.1
JavaScript: https://www.npmjs.com/package/canonicalize
.NET Core: https://github.com/cyberphone/json-canonicalization/tree/master/dotnet
Python 3.X: https://github.com/cyberphone/json-canonicalization/tree/master/python3
go: https://github.com/cyberphone/json-canonicalization/tree/master/go
- AdES
JAdES uses http://json-schema.org/draft-07/schema#. Any need for us to align?
- Verifiable Credentials
Java implentations
https://github.com/jsonld-java/jsonld-java URDNA-2015 missing
https://github.com/WebOfTrustInfo/ld-signatures-java.git more promising
8. Next meeting
Suggested to meet again on 16 Nov 2020
Note: Starting at 18:00 local time in Central Europe
9. AOB
Anders's JSON signature spec: https://github.com/cyberphone/jws-jcs
Use case: https://connect2id.com/blog/how-to-secure-json-objects-with-hmac
==========
Minutes:
==========
Attendance:
Meeting Statistics |
Quorum rule |
51% of voting members
|
Achieved quorum |
no |
Individual Attendance |
Contributing Members: 1 of 7 (14%) Voting Members: 1 of 3 (33%) (used for quorum calculation)
|
Company Attendance |
Contributing Companies: 1 of 3 (33%) Voting Companies: 1 of 1 (100%)
|