These minutes are in draft status until approved at a subsequent meeting.
- All times are US Eastern times.
- 28 March 2012: 9:00 am to 4:30 pm
- 29 March 2012: 9:00 am to 4:30 pm
- 30 March 2012: 9:00 am to 12:00 pm
Topic: WG 23 Meeting #21
Date: Every day, from Wednesday, March 28, 2012 to Friday, March 30, 2012
Time: 6:00 am, Pacific Daylight Time (San Francisco, GMT-07:00)
Meeting Number: 959 012 541
950 482 217 Meeting Password: wg23
To start or join the online meeting, go to iso_meetingsTo receive a call back, provide your phone number when you join the meeting, or call the number below and enter the access code.
Switzerland toll free: 0800-894627
USA/Canada toll free: 1-855-299-5224Having trouble dialing in? Try these backup numbers:
Call-in toll-free number (UK): 0800-051-3810
Call-in toll number (UK): +44-20-310-64804
Global call-in numbers: iso_meetings call-in numbers
Toll-free dialing restrictions: tollfree restrictions
Access code: 959 012 541For assistance:
1. Go to iso_meetings support
2. On the left navigation bar, click "Support".
To add this meeting to your calendar program (for example Microsoft Outlook), click this link: iso_meetings to calendar
1.1 Opening Comments (Michell, Benito)
Steve Michell welcomed us to the meeting and described the meeting logistics.
1.2 Introduction of Participants/Roll Call
Attendees: John Benito (convener, editor of 24772), Jim Moore (secretary, via webcon), Steve Michell (Canada), Jim Johnson (DoD), Larry Wagoner (DoD, editor [not yet confirmed] of 17960), Clive Pygott (UK), Bob Karlin (via webcon), Tom Plum (via webcon), Kevin Coyne (via webcon), Rajan Bhakta (via webcon).
1.3 Procedures for this Meeting (Benito)
The convener announced that the usual procedures apply. Anyone can speak. There will be no formal voting.
1.4 Approval of previous Minutes [N0377] (Moore)
They were approved with no objection.
1.5 Review of previous actions items and resolutions, Action Item and Decision Logs
The group reviewed the action items and updated their status. [After the meeting, the secretary entered new action items into the log.]
1.6 Approval of Agenda [N0380]
The convener explained that the meeting cannot discuss the content of the Technical Report because it is currently under ballot. At this meeting, we can talk about the New Work Item for code signing. Larry Wagoner and Kevin Coyne have recently drafted a contribution for a PHP annex; the group asked that it be submitted for overnight review and discussion the next day. It was contributed as [N0393].
The agenda was approved without objection.
1.7 Information on Future Meetings
1.7.1 Future Meeting Schedule
WG23 #22 2012-06-20/22 CHANGE OF LOCATION Stuttgart, Germany WG23 Meeting #22 Logistics [N0374]. Preliminary agenda [N0375]. WG23 #23 2012-09-12/14 Geneva, Switzerland Colocated with SC 22 plenary meeting Preliminary agenda [N0354] WG23 #24 2012-12/14
CHANGEDElectronic meeting Three hours each day, starting at 17:00 Germany; 16:00 UK; 11:00 US-east coast; 8:00 US-west coast; 6:00 US-Hawaii No meeting is planned for 1Q2013. WG23 #25 2013-06 Possibly colocated with WG 9 in Berlin. The convener explained that the 2013-09 meeting will be in Tokyo, Japan, colocated with the SC22 plenary. The 2013-12 meeting will probably be all-electronic. The convener is still looking for possibilities for a 2013-03 meeting.
1.7.2 Future Agenda Items
2.1 SC 22
Moore: The NWIP for code signing was approved.
2.2 PL22.3/WG5 (Fortran)
No report.
2.3 PL22.4/WG4 (COBOL)
Karlin: WG 4 is preparing for its FDIS ballot. Preparation of a language-dependent annex has not yet been considered.
2.4 WG9 (Ada)
Michell: The Ada and SPARK annexes were included in the PDTR that was balloted. WG 9 is engaged in a revision activity that might complete in 2012.
2.5 PL22.11/WG14 (C)
Benito: They published their recent revision. They have a new work item for a TS for C Secure Coding Guidelines. It should go to PDTS after the October meeting. The working group is also preparing a TS containing a binding to the new IEEE decimal floating point format.
2.6 PL22.16/WG21 (C++)
Benito: The working group has spawned a number of study groups, including concurrency. For the next two years, the working groups for C and C++ are meeting in consecutive weeks because many people attend both.
2.7 Ecma International, TC49/TG2 (C#)
No report.
2.8 Ecma International, TC39 (ECMAScript)
No report.
2.9 MISRA (C)
Pygott: Draft of Version 3 has gone out for comment and should be published late this year. It uses C99 as its baseline.
2.10 MISRA (C++)
Pygott: Nothing substantive has happened.
2.11 MISRA L (MISRA L)
Pygott: Nothing of interest to this working group is happening in the MISRA L group.The group decides that the liaison should be discontinued. [ACTION ITEM 21-1: Benito]
2.12 SPARK
No report.
2.13 MDC (MUMPS)
No report.
2.14 SC7/WG19 (UML)
No report.
2.15 Other Liaison Activities or National body reports
None.
The following documents have been logged since the most recent meeting of WG 23:
| N0384 | 2012-01-08 | Replaces [N0382] | Draft language-specific annex for SPARK [docx, pdf] |
| N0385 | 2012-01-08 | Proposed rewrite of Ruby.52, contributed by Jim Moore [docx, pdf] | |
| N0386 | 2012-01-15 | CANCELLED | CANCELLED and replaced by [N0388] |
| N0387 | 2012-01-15 | CANCELLED | CANCELLED and replaced by [N0389] |
| N0388 | 2012-01-20 | Replaces [N0378] | PDTR draft of 24772, Edition 2 (with change bars), contributed by editor [pdf] |
| N0389 | 2012-01-20 | Replaces [N0378] | PDTR draft of 24772, Edition 2 (without change bars), contributed by editor [pdf] |
| N0390 | 2012-03-19 | See [N0379] | Working draft 17960, Code Signing for Source Code, contributed by editor [pdf, docx] |
| N0391 | 2012-03-20 | See [N0379] | [Corrected] Results of Voting on SC 22 N 4968, New Work Item Proposal on ... Code Signing for Source Code (SC22 N4719), contributed by SC 22 Secretariat [pdf] |
[N0384] and [N0385] have been included in the PDTR, [N0388] and [N0389], which is currently in ballot.The convener has invited informal comments as well as national body comments.The Secretary suggests that commenters might want to pick a number of vulnerabilities and compare them across the main body of the document and the annexes.
Because the balloting of PDTR 24772 is underway, the only documents that can be discussed at this meeting are [N0390] and [N0391].
In the balloting of the New Work Item Proposal, no comments were received on the working draft [N0390]. The meeting reviewed [N0390], saving changes as [N0394]. The group considered some general comments received from the convener of WG 9. She said that the document should be based on commercial work. We concluded that ISO rules make it difficult to reference commercial products; instead the document references the work on which the commercial products are based. She said that the POSIX effort for language-independent bindings was a failure. We concluded that our goals are different than the POSIX goals.
Wagoner took an action item to draft an introduction [ACTION ITEM 21-2: Wagoner]. He also took an action item to suggest some terms and definitions, including "digital signature" from ISO/IEC 13888-1, IT Security Techniques [ACTION 21-3: Wagoner]
Plum suggests that this spec should be considered as an umbrella for multiple standards serving different users and purposes. We might look at commercial products for how they do it. We might look at open source solutions, like CVS, for their implementation. Alternatively CVS might be a target for implementation.
Moore described a bit of information obtained via web searches. FIPS Pub 186-3 appears to be the NIST publication for digital signatures. A search for "digital signature" at www.iso.org, yielded a number of relevant standards from SC 27.
The convener suggested that Wagoner should consider the comments on the document and revise the document accordingly. [ACTION ITEM #21-4: Wagoner]
4.1 Promotion of WG 23 Products, Michell
[This agenda item was scheduled at Meeting #20.]
Michell suggested that we should discuss this at every meeting [ACTION ITEM #21-5: Benito]. Michell took an action item to prepare something for each meeting [ACTION ITEM #21-6].
4.2 PHP Discussion, Wagoner
Coyne described his approach to developing the PHP annex [N0393]. The convener asked each person to review the document individually and send comments to Kevin [ACTION ITEM #21-7]. If any national body wants the annex included in the second edition of the TR, they should note this in their NB comments [ACTION ITEM #21-8].
Jim Johnson was asked about the SQL Annex. He is still trying to recruit some SQL expertise [ACTION ITEM #21-9].
4.3 ESAPI
We had an open discussion of [N0383], Preliminary working draft, “Core Enterprise Security Application Programming Interface”. Wagoner will consider the comments made during discussion.
We thanked the host, Steve Michell and Standards Council of Canada, for the meeting arrangements.
The meeting was adjourned.