Apache Logo
The Apache Way Contribute ASF Sponsors

This was extracted (@ 2017-08-16 20:10) from a list of minutes which have been approved by the Board.
Please Note The Board typically approves the minutes of the previous meeting at the beginning of every Board meeting; therefore, the list below does not normally contain details from the minutes of the most recent Board meeting.

2017 | 2016 | 2015 | 2014 | 2013 | 2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | Pre-organization meetings

Santuario

16 Aug 2017 [Colm O hEigeartaigh / Bertrand]

Report was filed, but display is awaiting the approval of the Board minutes.

17 May 2017 [Colm O hEigeartaigh / Chris]

## Description:
 - Library implementing XML Digital Signature Specification & XML Encryption
   Specification

## Issues:
 - There are no issues requiring board attention at this time

## Activity:
 - There were no new releases over the last quarter. A user reported a
   documentation issue relating to thread safety that was fixed. As part of
   this some code refactoring was done to remove duplicate code from an area
   of the project.

   Some work was also done on getting the forthcoming 2.1.0 release of the Java
   library ready to work with Java 9. It is anticipated that 2.1.0 might be
   released over the next quarter, or possibly the quarter after that.

## Health report:
 - Apache Santuario is a mature and stable project that has reached a point
   where not too many fixes are required, as it is a set of implementations
   of some specifications that are quite old now. It is actively managed by
   the PMC. Right now there are no obvious potential new committers for the
   project.

   We had a discussion on the private list about the future of the project.
   For now it appears the forthcoming Java 2.1.0 release might be the last
   major release in the foreseeable future, unless new contributions are made.
   We anticipate several more years at least of bug fixing maintenance however.

## PMC changes:

 - Currently 6 PMC members.
 - No new PMC members added in the last 3 months
 - Last PMC addition was Marc Giger on Wed Apr 03 2013

## Committer base changes:

 - Currently 16 committers.
 - No new changes to the committer base since last report.
 - Last committer addition was Marc Giger in July 2012

## Releases:

 - Last release was Apache Santuario XML Security for Java 2.0.8 on Mon Dec
   05 2016

## JIRA activity:

 - 2 JIRA tickets created in the last 3 months
 - 2 JIRA tickets closed/resolved in the last 3 months

27 Feb 2017 [Colm O hEigeartaigh / Chris]

## Description:
 - Library implementing XML Digital Signature Specification & XML Encryption
   Specification

## Issues:
 - There are no issues requiring board attention at this time

## Activity:
 - There was one release over the last quarter - Apache Santuario XML Security
   for Java 2.0.8. This was a minor bug fix release. We have only had one
   issue fixed since the last release, so at this point we don't anticipate
   another release in the next quarter.

   An image was added to the Santuario web page pointing to the Apache
   "current event" to help promote ApacheCon.

## Health report:
 - Apache Santuario is a mature and stable project that has reached a point
   where not too many fixes are required, as it is a set of implementations
   of some specifications that are quite old now. It is actively managed by
   the PMC. Right now there are no obvious potential new committers for the
   project.

## PMC changes:

 - Currently 6 PMC members.
 - No new PMC members added in the last 3 months
 - Last PMC addition was Marc Giger on Wed Apr 03 2013

## Committer base changes:

 - Currently 16 committers.
 - No new changes to the committer base since last report.
 - Last committer addition was Marc Giger in July 2012

## Releases:

 - Apache Santuario XML Security for Java 2.0.8 was released on Mon Dec 05
   2016

16 Nov 2016 [Colm O hEigeartaigh / Bertrand]

## Description:
 - Library implementing XML Digital Signature Specification & XML Encryption
   Specification

## Issues:
 - There are no issues requiring board attention at this time

## Activity:
 - The project team discussed the merits of a new major release for the Java
   project, namely so that we can introduce Java 7/8 features in the code
   (current release requires JDK 6). A consensus was reached that this would
   be a good idea, and so the master branch has been updated to 2.1.0-SNAPSHOT.

   Apart from this, a handful of user bugs were reported, some of which have
   been fixed at this point. A new minor release of the Java library will
   probably happen over the next quarter to include these fixes.

## Health report:
 - Apache Santuario is a mature and stable project that has reached a point
   where not too many fixes are required, as it is a set of implementations
   of some specifications that are quite old now. It is actively managed by
   the PMC. Right now there are no obvious potential new committers for the
   project.

## PMC changes:

 - Currently 6 PMC members.
 - No new PMC members added in the last 3 months
 - Last PMC addition was Marc Giger on Wed Apr 03 2013

## Committer base changes:

 - Currently 16 committers.
 - No new changes to the committer base since last report.
 - Last committer addition was Marc Giger in July 2012

## Releases:

 - Last release was Apache Santuario XML Security for Java 2.0.7 on Fri Jun
   17 2016

## JIRA activity:

 - 8 JIRA tickets created in the last 3 months
 - 4 JIRA tickets closed/resolved in the last 3 months

17 Aug 2016 [Colm O hEigeartaigh / Marvin]

## Description:
 - Library implementing XML Digital Signature Specification & XML Encryption
   Specification

## Issues:
 - There are no issues requiring board attention at this time

## Activity:
 - There was one release of the Java library over the last quarter. It fixed
   some backwards compatiblity regressions, a BASE-64 encoding issue as well
   as another couple of minor issues. No other issues have cropped up since
   then, so no release is expected in the next quarter.

## Health report:
 - Apache Santuario is a mature and stable project that has reached a point
   where not too many fixes are required, as it is a set of implementations
   of some specifications that are quite old now. It is actively managed by
   the PMC. Right now there are no obvious potential new committers for the
   project.

## PMC changes:

 - Currently 6 PMC members.
 - No new PMC members added in the last 3 months
 - Last PMC addition was Marc Giger on Wed Apr 03 2013

## Committer base changes:

 - Currently 16 committers.
 - No new changes to the committer base since last report.
 - Last committer addition was Marc Giger in July 2012

## Releases:

 - Apache Santuario XML Security for Java 2.0.7 was released on Fri Jun 17
   2016.

## JIRA activity:

 - 9 JIRA tickets created in the last 3 months
 - 9 JIRA tickets closed/resolved in the last 3 months

18 May 2016 [Colm O hEigeartaigh / Bertrand]

## Description:
 - Library implementing XML Digital Signature Specification & XML Encryption
   Specification

## Issues:
 - There are no issues requiring board attention at this time

## Activity:
 - The C++ library remains in maintenance mode, but a Ubuntu packager
   provided a preliminary security review that resulted in some changes. The
   PMC is awaiting any further results from a fuzzing exercise that may
   result in more changes. In addition, solution files for Visual Studio 2014
   have been provided and official support for that compiler is forthcoming.

   On the Java side, a user reported concerns about some backwards
   compatibility issues with recent releases. These issues have been
   substantively fixed and Clirr has been integrated into the project build
   cycle to avoid these kinds of problems cropping up again. A release will
   likely take place next quarter to address these issues.

## Health report:
 - Apache Santuario is a mature and stable project that has reached a point
   where not too many fixes are required, as it is a set of implementations
   of some specifications that are quite old now. It is actively managed by
   the PMC. Right now there are no obvious potential new committers for the
   project.

## PMC changes:

 - Currently 6 PMC members.
 - No new PMC members added in the last 3 months
 - Last PMC addition was Marc Giger on Wed Apr 03 2013

## Committer base changes:

 - Currently 16 committers.
 - No new changes to the committer base since last report.
 - Last committer addition was Marc Giger in July 2012

## Releases:

 - Last release was Apache XML Security for Java 2.0.6 on Mon Dec 07 2015

## JIRA activity:

 - 4 JIRA tickets created in the last 3 months
 - 3 JIRA tickets closed/resolved in the last 3 months

17 Feb 2016 [Colm O hEigeartaigh / Chris]

## Description:
 - Library implementing XML Digital Signature Specification & XML Encryption
   Specification

## Issues:
 - There are no issues requiring board attention at this time

## Activity:
 - We had one new release over the last quarter - Apache Santuario XML Security
   for Java 2.0.6. This was a minor bug fix release, primarily done to fix
   some issues raised by a new user of the library.

## Health report:
 - Apache Santuario is a mature and stable project that has reached a point
   where not too many fixes are required, as it is a set of implementations of
   some specifications that are quite old now. It is actively managed by the
   PMC.

## PMC changes:

 - Currently 6 PMC members.
 - No new PMC members added in the last 3 months
 - Last PMC addition was Marc Giger on Wed Apr 03 2013

## Committer base changes:

 - Currently 16 committers.
 - No new changes to the committer base since last report.
 - Last committer addition was Marc Giger in July 2012

## Releases:

 - Apache XML Security for Java 2.0.6 was released on Mon Dec 07 2015

## Mailing list activity:

 - dev@santuario.apache.org:
    - 250 subscribers (up 0 in the last 3 months):
    - 23 emails sent to list (5 in previous quarter)


## JIRA activity:

 - 5 JIRA tickets created in the last 3 months
 - 6 JIRA tickets closed/resolved in the last 3 months

18 Nov 2015 [Colm O hEigeartaigh / Bertrand]

## Description:
   Library implementing XML Digital Signature Specification & XML Encryption
   Specification

## Issues:
   There are no issues requiring board attention at this time

## Activity:
   Project activity is very quiet. A few bugs have been fixed over the last
   quarter that were reported by users. We will likely get a release out next
   quarter to get these fixes out, plus anything else that is logged in the
   meantime.

## Health report:
   Apache Santuario is a mature and stable project that has reached a point
   where not too many fixes are required, as it is a set of implementations of
   some specifications that are quite old now. It is actively managed by the
   PMC.

## PMC changes:

 - Currently 6 PMC members.
 - No new PMC members added in the last 3 months
 - Last PMC addition was Marc Giger on Wed Apr 03 2013

## Committer base changes:

 - Currently 16 committers.
 - No new changes to the committer base since last report.

## Releases:

 - Last release was Apache XML Security for Java 2.0.5 on Mon Jul 13 2015

## Mailing list activity:

 - dev@santuario.apache.org:
    - 250 subscribers (up 2 in the last 3 months):
    - 6 emails sent to list (26 in previous quarter)

19 Aug 2015 [Colm O hEigeartaigh / Greg]

## Description:
   Library implementing XML Digital Signature Specification & XML Encryption
   Specification

## Activity:
 - Version 2.0.5 of the Java library was released over the last quarter,
   containing a few bug fixes. Following some discussion, we agreed to continue
   to support the 1.5.x branch of the Java library until next year.

## Health report:
 - Apache Santuario is a stable and mature project that is actively managed by
   the PMC. However, project activity is rather quiet.

## Issues:
 - There are no issues requiring board attention at this time

## LDAP committee group/Committership changes:

 - Currently 16 committers and 6 LDAP committee group members.
 - No new changes to the LDAP committee group or committership since last
   report.

## Releases:

 - Apache XML Security for Java 2.0.5 was released on Mon Jul 13 2015

## Mailing list activity:

 - dev@santuario.apache.org:
    - 248 subscribers (up 1 in the last 3 months):
    - 23 emails sent to list (52 in previous quarter)

20 May 2015 [Colm O hEigeartaigh / David]

## Description:
   Library implementing XML Digital Signature Specification & XML Encryption
   Specification

## Activity:
 - Over the last quarter, version 1.7.3 of the Apache XML Security for C++
   library was released, fixing a number of bugs, including a major issue
   involving ECDSA signature generation. Version 2.0.4 of the Java library was
   also released. Project activity remains low but consistent.

## Issues:
 - There are no issues requiring board attention at this time

## PMC/Committership changes:

 - Currently 16 committers and 6 PMC members in the project.
 - No new changes to the PMC or committership since last report.

## Releases:

 - Apache XML Security for Java 2.0.4 was released on Mon Apr 20 2015
 - Apache XML-Security C++ 1.7.3 was released on Sun Mar 15 2015

## Mailing list activity:

 - dev@santuario.apache.org:
    - 248 subscribers (up 2 in the last 3 months):
    - 60 emails sent to list (37 in previous quarter)

@David: follow up with last PMC and committer additions.

18 Feb 2015 [Colm O hEigeartaigh / Greg]

The Apache Santuario project is aimed at providing implementation of
security standards for XML.

The PMC continues to actively manage the project, and there are no issues or
concerns to report to the board at this time.

There were two new bug-fix releases of the Apache XML Security for Java
project over the last quarter, 2.0.3 and 1.5.8. There were 25 commits to the
trunk branch of the Java project over the last quarter.

Development on a patch release for the C++ library addressing a number of
accumulated bug reports over the last year or two is complete, and the
release should be completed some time in March.

Last committer addition: Marc Giger, July 2012.
Last PMC addition: Marc Giger, April 2013.

19 Nov 2014 [Colm O hEigeartaigh / Chris]

The Apache Santuario project is aimed at providing implementation of
security standards for XML.

There was one new release of the Apache XML Security for Java project over the
last quarter, 2.0.2. This was a minor release that fixes a couple of bugs with
the streaming XML security code introduced in 2.0.0, and contains a few
dependency upgrades.

There were 21 commits to the trunk branch of the Java project in the last
quarter - so fairly quiet, but issues continue to be logged + fixed. There
are no issues or concerns to report to the board.

Last committer addition: Marc Giger, July 2012.
Last PMC addition: Marc Giger, April 2013.

20 Aug 2014 [Colm O hEigeartaigh / Ross]

The Apache Santuario project is aimed at providing implementation of
security standards for XML.

There have been two new releases of the Apache XML Security for Java project
over the last quarter, 2.0.1 and 1.5.7. These releases contained support for
some new signature algorithms, performance fixes, a race condition fix along
with various other minor fixes and improvements.

Project activity is quiet but development is continuing all the time - there
were 45 commits to the trunk branch of the Java project in the last quarter.
The PMC remains active and engaged with the project, and so there are no
issues or concerns to report to the board at this time.

Last committer addition: Marc Giger, July 2012.
Last PMC addition: Marc Giger, April 2013.

21 May 2014 [Colm O hEigeartaigh / Jim]

The Apache Santuario project is aimed at providing implementation of
security standards for XML.

There was one new release in the last quarter. A new major version (2.0.0) of
the Apache XML Security for Java project was released, after many months of
development work.

Nothing else to report, project activity remains quiet.

Last committer addition: Marc Giger, July 2012.
Last PMC addition: Marc Giger, April 2013.

19 Feb 2014 [Colm O hEigeartaigh / Jim]

The Apache Santuario project is aimed at providing implementation of
security standards for XML.

There were three new releases of the Apache XML Security for Java project in
the last quarter. Version 1.5.6 contained a minor bug fix, as well as a fix
for security advisory CVE-2013-4517.

In addition, there were two "beta" releases for the forthcoming 2.0.0 version
of the Java project, 2_0_0-beta and 2_0_0-rc1. Release of the final version
is anticipated in the next month.

Last committer addition: Marc Giger, July 2012.
Last PMC addition: Marc Giger, April 2013.

20 Nov 2013 [Colm O hEigeartaigh / Brett]

The Apache Santuario project is aimed at providing implementation of
security standards for XML.

There were no new releases in the last quarter. However a new release of the
Apache XML Security for Java project (1.5.6) is currently under vote and
should be released shortly. This release contains a minor bug fix as well as
a fix for security advisory, which will be released in due course.

Last committer addition: Marc Giger, July 2012.
Last PMC addition: Marc Giger, April 2013.

21 Aug 2013 [Colm O hEigeartaigh / Doug]

The Apache Santuario project is aimed at providing implementation of
security standards for XML.

There were several new releases in the last quarter due to multiple security
advisories. Security advisory CVE-2013-2172 has been issued for the Apache XML
Security for Java project. Versions 1.4.8 and 1.5.5 (20th June) have been
released, fixing this issue.

Security advisories CVE-2013-2153, CVE-2013-2154, CVE-2013-2155, and
CVE-2013-2156 were fixed in Apache XML-Security for C++ 1.7.1 (18th June).
Another vulnerability CVE-2013-2210 was subsequently found, and fixed in a
1.7.2 (26th June) release of the C++ library.

Last committer addition: Marc Giger, July 2012.
Last PMC addition: Marc Giger, April 2013.

15 May 2013 [Colm O hEigeartaigh / Rich]

The Apache Santuario project is aimed at providing implementation of
security standards for XML.

There was one new release in the last quarter - version 1.5.4 of the XML
Security for Java project was released on the 18th of March. This release was
a minor bug fix release. Overall project activity was quiet, with some ongoing
work on a new major 2.0 release of the XML Security for Java project. The
svnpubsub migration was also completed during the last quarter.

Santuario has added a new PMC member in the last quarter - Marc Giger.

20 Feb 2013 [Colm O hEigeartaigh / Jim]

The Apache Santuario project is aimed at providing implementation of
security standards for XML.

There were no new releases during the last quarter. Overall project
activity was quiet. The main development activity was focused on the
forthcoming 2.0 release of the Java library, which will support a new
streaming XML Security model. This work is mostly complete, and a
release is expected in the next few months.

The svnpubsub migration is not finished yet, but is almost complete. We are
working with INFRA on finishing this task.

No changes to the PMC or new committers in this quarter.

21 Nov 2012 [Colm O hEigeartaigh / Rich]

The Apache Santuario project is aimed at providing implementation of security
standards for XML.

There was one new release during the last quarter. Version 1.5.3 of the
Apache XML Security for Java library was released. This release featured
some new development work to support XML Signature 1.1 KeyInfo extensions,
as well as a number of bug fixes.

Work has continued apace on introducing a new streaming XML Security model
in the forthcoming 2.0 release of the Java library. This work is mostly
complete, and may be released in the next quarter.

No changes to the PMC or new committers in this quarter.

15 Aug 2012 [Colm O hEigeartaigh / Doug]

The Apache Santuario project is aimed at providing implementation of security
standards for XML.

There were two new releases during the last quarter. Version 1.5.2 of the
Apache XML Security for Java library was released. A new canonicalization
algorithm for encryption was introduced that fixes a problem where an element
might be decrypted to the wrong namespace.

Version 1.7.0 of the Apache XML Security for C++ library was also released.
This release provides a few bug fixes and a partial implementation of XML
Encryption 1.1 features, including AES-GCM encryption and some support for
newer RSA-OAEP variants.

Work has started on a 2.0 release for the Java library which focuses on
introducing a streaming XML Security model to complement the existing DOM
model. This work is based on a code contribution to the Apache WSS4J project
for WS-Security, the XML Security specific portions of which were moved to
Santuario. The author of this work was voted in as a new committer to the
Apache Santuario project.

16 May 2012 [Colm O hEigeartaigh / Bertrand]

The Apache Santuario project is aimed at providing implementation of security
standards for XML.

There was one new release during the last quarter - version 1.5.1 of the Apache
XML Security for Java library. This release fixes two important bugs in the
1.5.0 release, as well as containing performance improvements for encryption
and decryption.

A steady stream of user bugs was reported against 1.5.1 of the Apache XML
Security for Java library, and a vote on 1.5.2 is anticipated in the near
future. A vote on version 1.4.7 of the Apache XML Security for Java library is
currently under way.

There were no new committers or changes to the PMC in the last quarter. The
project activity remains low in general.

15 Feb 2012 [Colm O hEigeartaigh / Brett]

The Apache Santuario project is aimed at providing implementation of security
standards for XML.

A major new release of the Apache XML Security for Java library (1.5.0) was
achieved in the last quarter. This release features support for GCM algorithms,
support for RSA-OAEP key transport algorithms with strong digests, startup
performance improvements, better protection against various attacks when
validating signatures, amongst many other issues.

There were no new committers or changes to the PMC in the last quarter.

16 Nov 2011 [Colm O hEigeartaigh / Bertrand]

The Apache Santuario project is aimed at providing implementation of security
standards for XML.

There was one new release in the last quarter, version 1.4.6 of the Apache XML
Security for Java library. This release fixes a thread safety issue with XML
Signature, a bug fix for the Canonical XML 1.1 algorithm, as well as a number
of other bug fixes.

Overall it was a quiet quarter for the project with few bugs submitted. Work
has recommenced on the next major java release, 1.5.0, with only a few items
remaining before release.

There were no new committers or changes to the PMC in the last quarter.

17 Aug 2011 [Colm O hEigeartaigh / Brett]

The Apache Santuario project is aimed at providing implementation of security
standards for XML.

There was one new release in the last quarter. Version 1.6.1 of the Apache
XML Security for C++ library was released in July, comprising of bug fixes
and a fix for the security advisory CVE-2011-2516.

Several bug fixes were made to the Java project. It is anticipated that a
1.4.6 release will take place in the next quarter. Work on the next major
release 1.5 slowed down a bit in the last quarter, but it is still expected
to be released in the next quarter.

Please include a community section in the board report.

19 May 2011 [Colm O hEigeartaigh / Shane]

The Apache Santuario project is aimed at providing implementation of security
standards for XML.

There were no new releases in the last quarter. A new release of the Java
library (1.4.5) is almost complete, and will be released shortly. The main
features of this release are a fix for a thread safety issue in the 1.4.4
release, as well as a fix for a regression that was introduced in the
Canonical XML 1.1 algorithm.

Work on a new major Java release (1.5) is proceeding at a steady pace. It is
anticipated that this release will happen in the next quarter, or possibly the
quarter after that. Several bugs have been fixed in the C++ library in the
last quarter.

On a project level note, we have had some discussion with the Santuario
Genxdm project, which is hosted on Apache Extras. This project is a port of
Apache Santuario (for Java), where the DOM API is replaced by an abstraction
called Genxdm, which allows for different underlying implementations to be
plugged in (such as Apache Axiom).

The Santuario Genxdm folk expressed an interest in potentially merging the
codebase with Apache Santuario some time in the future, if Genxdm is adopted
as an Apache project.

16 Feb 2011 [Colm O hEigeartaigh / Sam]

The Apache Santuario project is aimed at providing implementation of security
standards for XML.

The last quarter saw two new releases from the Apache Santuario team. Version
1.4.4 of the Java XML Security library was released in November. This release
contains some enhancements to the resolver API's. It also fixes some
longstanding issues with interned Strings, as well as a number of bug fixes.
Version 1.6.0 of the C++ XML Security library was released in December. This
release provides many bug fixes and a partial implementation of draft XML
Signature 1.1 features, including ECDSA signatures.

In addition to the two new releases, the old Forrest-based Santuario website
was ported to confluence and redesigned and updated. We believe the new website
meets all of the Apache branding requirements. As part of the rebranding
exercise, the two libraries will now be refered to as "Apache XML
Security for Java", and "Apache XML Security for C++".

There has been active development on a new Java 1.5 release, which is
targetted at Q2 of this year. The main features of this release are an
upgrade to JDK 1.5, extensive source cleanup and optimisation work, a move
to maven as a release artifact, OSGi support, and dropping Xalan as a compile
time dependency of the project. It will also feature more complete XML
Signature 1.1 support.

In the last quarter there were no new committers or PMC members. Davanum
Srinivas became an emeritus member of the PMC on his own request. In response
to a query from the board about how many members of the PMC are active in the
project, three PMC members (out of 5) actively contribute at a coding level.
The other two are sporadically active in terms of the overseeing the project.
Please note that the recent PMC emeritus departures were all inactive for a
number of years on the project.

17 Nov 2010 [Colm O hEigeartaigh / Jim]

The Apache Santuario project is aimed at providing implementation of security
standards for XML.

It has been a reasonably busy quarter for the project. Since the last board
report, Werner Dittman and Axl Mattheus have left the project PMC (gone
emeritus). A large number of website fixes were reported and fixed in the last
quarter.

Several bug fixes were made for the Java project in the last quarter, including
several important issues such as a JSR 105 classloading issue, a concurrency
problem on some static initialization code, and a fix for a long-standing
problem with DOM parsers that don't intern Strings. A vote was called to
release 1.4.4, but later withdrawn, as a critical issue was reported and it
was decided to address this issue in 1.4.4 rather than wait until the next
release. A new vote has been called to release 1.4.4 and it is anticipated
that it will be released in the next few days.

There has been some discussion on the desired features of a new Java 1.5
release planned for next year. Two significant features would be more complete
support for XML Signature 1.1 and dropping support for JDK 1.4, which would
allow us to take advantage of JDK 1.5 language features and new APIs, such as
the JCE ECC APIs. We intend to continue this discussion and to capture the
requirements for this release in an issue tracking system next quarter.

The C++ project added an additional XML Sig 1.1 extension (X509Digest), added
support for removing References after signature creation and did some work on
the build system. The first Release Candidate for 1.6.0 was released.

Concerns about the size of the PMC.

AI: Jim follow up with PMC chair.

18 Aug 2010 [Colm O hEigeartaigh / Shane]

It's been a busy month for the Santuario project since the last
report. We initiated a PMC discussion on the board's request to fully
complete the transition to a TLP (thanks to Dan Kulp for advice on
this issue). The result of this discussion is the Infrastructure JIRA
(INFRA-2924). We have also agreed to get a cwiki up and running, to
possibly replace the Santuario website in the future, and have asked
the infrastructure folks for advice on the best way to transition from
Bugzilla to JIRA.

The active PMC members are also in the process of contacting some
dormant members to query whether they are still interested in being
PMC members or whether they wish to go emeritus.

Chad La Joie was voted in as a new committer to the project.

On the Java side, some work was done on the build system to make the
project more portable. An interop bug with XMLBeans was also fixed.
Hopefully we will get a 1.4.4 release out the door before the next
report, as there are only a few more outstanding bugs remaining.
The big work item this last month was to add support for the XML
Signature 1.1 ECDSA algorithms to the Java implementation of
Santuario. The work is currently being done on a private branch and
will not be merged back to the mainline until more testing is done and
further progress on XML Signature 1.1 is made. As it has an API
dependency on Java SE 1.5, it will form part of a future 1.5 release.

On the C++ side, work was completed on adding openssl-based EC key
support to the library, and added ECDSA signing/verification support.
Some simple interop testing with a limited set of test inputs was
completed, but there is more testing planned. A handful of additional
XML Signature 1.1 extensions were also added to the code. An
additional work item before 1.6 is done appears to be to implement
full configure-time support for building the library against NSS,
which was left undone by the original author.

This report was received well, project seems to be on the right track. Suggest releasing "now" instead of waiting for remaining bugs.

Approved by general consent.

16 Jun 2010

Change the Apache Santuario Project Chair

 WHEREAS, the Board of Directors heretofore appointed Raul Benito
 to the office of Vice President, Apache Santuario, and

 WHEREAS, the Board of Directors is in receipt of the resignation
 of Raul Benito from the office of Vice President, Apache
 Santuario, and

 WHEREAS, the Project Management Committee of the Apache Santuario
 project has chosen by vote to recommend Colm O Heigeartaigh as the
 successor to the post;

 NOW, THEREFORE, BE IT RESOLVED, that Raul Benito is relieved and
 discharged from the duties and responsibilities of the office
 of Vice President, Apache Santuario, and

 BE IT FURTHER RESOLVED, that Colm O Heigeartaigh be and hereby is
 appointed to the office of Vice President, Apache Santuario, to
 serve in accordance with and subject to the direction of the
 Board of Directors and the Bylaws of the Foundation until
 death, resignation, retirement, removal or disqualification, or
 until a successor is appointed.

 Special Order 7F, Resolution to Change the Apache Santuario
 Project Chair, was approved by Unanimous Vote of the directors
 present.

16 Jun 2010 [Raul Benito / Doug]

A number of bugs were reported by a new user of the C++ library, and were
fixed.

A couple of outstanding C++ bugs include some larger library changes, and it
is planned to do that work before releasing v1.6.

There is no planned release schedule for 1.6 as of now, although a tentative
release date is in the fall.

An additional work item that may be undertaken before 1.6 is the addition of
some support for XML Signature 1.1 constructs, including some API additions
to handle Elliptic Curve keys and algorithms.

A project-level decision which is under discussion is whether to maintain
support for non-OpenSSL crypto (WinCAPI / NSS).

A new release of the Java library, 1.4.4, is planned for late summer or the
fall. The 1.4.3 release was last summer, and a number of bugs have been fixed
since then.

A triage is planned of new reported bugs to fix for 1.4.4. In particular, it
is planned to make 1.4.4 an osgi bundle. This would avoid dependent
projects having to maintain their own bundles. It is also planned to add
support for the XML Digital Signature 1.1 spec.

Two new members have been voted on to the PMC, namely Colm O hEigeartaigh
and Scott Cantor. A vote was taken, and passed, to nominate Colm as the new
PMC chairperson to the Apache board.

[report by Colm]

Doug to communicate the need to address the question of xml-security vs Santuario for all the resources, and the fact that board reports are public.

19 May 2010 [Raul Benito / Roy]

No report. Deferred to the discussion items

21 Apr 2010 [Raul Benito / Geir]

Jim to inform the project that unless there is a new chair and monthly reports for three months that next months board agenda will have a resolution moving the project to the attic.

17 Mar 2010 [Raul Benito / Doug]

Jim's action item remains open: at this point the project needs either an adequate report or to go to the attic.

17 Feb 2010 [Raul Benito / Shane]

No report received.

Jim to relay to the project that a new chair resolution and report is expected next month.

20 Jan 2010 [Raul Benito / Geir]

Just normal bug fixing. Quiet quarter.

Geir to follow up and get a proper report, and this supersedes Brian and Doug's action items. The board is discussing naming a new chair, citing the precedent with naming Ken as chair for Geronimo.

16 Dec 2009 [Raul Benito / Doug]

No report received.

Doug to pursue; message to private at santuario already sent.

18 Nov 2009 [Raul Benito / Brian]

No report provided.

Brian to seek a report.

19 Aug 2009 [Raul Benito / Shane]

During this period we have release the version a bug fixing and
security release of the java library ( changelog ) Thanks Sean Mullan
and Colm O hEigeartaigh for his work.

Also in June but after the last report, we have Vote Colm O hEigeartaigh
as new committer for the java library, his bug fixing submission are
very appreciated. And a new bug fixing report of C++ library was
released.

A good month of work.

17 Jun 2009

Appoint Raul Benito as Apache Santuario chairman

 WHEREAS, the Board of Directors heretofore appointed Berin Lautenbach
 to the office of Vice President, Apache Santuario, and

 WHEREAS, the Board of Directors is in receipt of the resignation of
 Berin Lautenbach from the office of Vice President, Apache Santuario;

 NOW, THEREFORE, BE IT RESOLVED, that Berin Lautenbach is relieved and
 discharged from the duties and responsibilities of the office of Vice
 President, Apache Santuario, and

 BE IT FURTHER RESOLVED, that Raul Benito be and hereby is
 appointed to the office of Vice President, Apache Santuario, to
 serve in accordance with and subject to the direction of the Board of
 Directors and the Bylaws of the Foundation until death, resignation,
 retirement, removal or disqualification, or until a successor is
 appointed.

 Special Order 7D, Appoint Raul Benito as Apache Santuario
 chairman, was approved by Unanimous Vote of the directors
 present.

17 Jun 2009 [Berin Lautenbach / Jim]

Berin Lautenbach says:

Well it's been a long time since I did a report which is clearly an
indication it is time for me to move on.  With this report I therefore
wish to resign from the Chair position in Apache Santuario. A vote
within the project has endorsed Raul Benito as our recommendation
to step into the chair position, and I have attached a draft resolution
at the base of this email.

In terms of activity in the project, we have seen a number of bug fixes
in both versions of the library and work has commenced on version 1.5
of the C++ version.

No changes in the committer base, but we are expecting an additional
committer by the time we next report.

20 May 2009 [Berin Lautenbach / Bill]

Bill sent a reminder and updated Marvin.

18 Feb 2009 [Berin Lautenbach / Jim]

Jim notes that Berin is looking for a replacement chair. Jim to pursue a report for Santuario.

19 Nov 2008 [Berin Lautenbach / Greg]

No major activity this quarter - the dev list has focused on helping
users with bugs and questions for both the Java and C++ libraries.

I have asked for volunteers for the chair role for the project moving
forward.  My involvement has been almost non-existent for a relatively
long period of time and I do not feel this is appropriate for the person
in this role.

20 Aug 2008 [Berin Lautenbach / Bill]

The 1.4.2 release for the Java library was performed. Otherwise the major
activity in the lists has been around user queries and bug fixes.

In addition, there has been some initial conversation with IBM around the
reference implementation of JSR 106 (XML Encryption) being donated to the
ASF for inclusion in the current Java libarary. IBM have told us that the
code is based on existing library, so this would work well. We will of
course need to go through the appropriate process to accept the code into
the project.

Bill to obtain clarification as to which library this report was referring to and as to whether they are following the process for IP clearance.

25 Jun 2008 [Berin Lautenbach / Sam]

Activity this quarter restricted to the Java library around bug fixes and
user queries. In addition, a 1.4.2 beta release has been created
incorporating the bug fixes plus an implementation of C14n 1.1.

No other items of note - another quiet quarter.

21 May 2008 [Berin Lautenbach / Sam]

Report not submitted in time. Henning has requested that Berin resubmit the report for June. Sam to follow up.

20 Feb 2008 [Berin Lautenbach / Geir]

Very little activity this quarter. Mostly relating to the Java library
around bug fixes and user queries.

No activity on the C++ library front.

For crypto policy, work needs to be done to bring both libraries into full
compliance. However notification was sent (for both libraries) to the
appropriate authorities in 2004, so we should be covered. (Of course this
does not obviate the requirement to uplift to full policy compliance.)

It was noted that there was no notice requirements on each release if the crypto status did not change.

Approved by General Consent.

14 Nov 2007 [Berin Lautenbach / J Aaron]

Most of the activity on the mailing lists has been around some bugs in
the libraries and helping people with various applications that use
them.

On the C++ front, version 1.4.0 was released with some bug fixes and
an update to the package building process.

Aaron to request that board reports contain community status / input

Approved by General Consent.

29 Aug 2007 [Berin Lautenbach / Henri]

Another very quiet quarter in the Santuario project.  The Java library
has worked through a number of bugfixes and issues on the list.  The
C++ library has been very quiet with almost no activity.

The Apache JuiCE podling has also been put into a dormant state due to
the lack of bandwidth from committers.

Approved by General Consent.

16 May 2007 [Berin Lautenbach / Dirk]

The java xml-security team have just released version 1.4.1 incorporating
a number of bug fixes.

On the C++ side, Scott Cantor was voted in as a new committer. Otherwise
quiet for the C++ library.

Approved by General Consent.

21 Feb 2007 [Berin Lautenbach / Sander]

Other than work on the actual libraries, a very quiet quarter.

Version 1.4 of the Java library xml security library has now been
released, incorporating the code for the JSR 105 API together with
some extensive work on optimising various types of transformations.

The C++ library released version 1.3.1 with an updated build system
and some minor bug fixes.

I will be looking to move the chair responsibilities to another person
over the coming quarter due to lack of time to be able to spend on the
project.

Approved by General Consent.

15 Nov 2006 [Berin Lautenbach / Sam]

Work for the past quarter has been concentrated on the two libraries
rather than any infrastructure level stuff.  The C++ library had a 1.3
release and is now looking to release 1.3.1 with an updated build
system and some minor bug fixes.

The Java library is very close to a 1.4 release, having cut a set of
release candidates.  Some last minute API compatibility issues have
held up the release, but it is now expected in the next week or so.

On the JuiCE project (within the Incubator), nobody has had any time
to focus on it, so we are considering "hibernating" it until such time
as somebody has the required bandwidth.

Jim noted, regarding JuiCE project and others, that they refer to some sort of "hibernation" option for podlings even though we have no such thing. Justin noted that basically hibernation is the same as retiring, or, at least, should be. Henri repeated the board's position that several podlings appear to be "hibernating" already, by being very dormant. Sam will talk to Berin and suggest he go to general@incubator to discuss the next phase for the podling.

Approved by General Consent.

20 Sep 2006 [Berin Lautenbach / Sam]

Version 1.3 of the C++ library has now  been released.  The focus from
here will move to supporting the new version of Xerces and refactoring
the build process under *NIX.

A release candidate for version 1.4 of the Java library was released,
and has lead to some discussion on changes in the API.

All changes on the web site are now being replicated on the santuario
web site, and we will soon move to that as the main site and update it
to reflect the name change.  Development and user discussion is still
occuring on the "old" xml mailing lists - and there are no plans to
change this at any time soon.  If it ain't broke - don't fix it!

Sam volunteered to help the project with moving the lists, since the board's opinion is that it would be in the best interest of the PMC.

Approved by General Consent

16 Aug 2006 [Berin Lautenbach / Dirk]

Real Life took over this month for a number of people, so not much in
the way of action.  Some preparations for the Java 1.4 and C++ 1.3
releases of the XML security library.

Now that the infrastructure basics are in place, we need to focus some
time on revamping the web site and agreeing some project guidelines
and approaches.

Dirk suggested that we should have them report back next month; the project as reported no action while established 2 months ago.

Approved by General Consent

19 Jul 2006 [Berin Lautenbach / Cliff]

Initial activities for setting up the project have commenced, with
initial mailing lists and web site being created.  Discussions are yet
to take place around what to do with existing mailing lists.

In terms of development activities, the Java xml-security library is
preparing for a 1.4 release and the C++ library is on final RC for a 1.3
release.

Approved by General Consent

27 Jun 2006

Establish the Apache Santuario project

 WHEREAS, the Board of Directors deems it to be in the best
 interests of the Foundation and consistent with the
 Foundation's purpose to establish a Project Management
 Committee charged with the creation and maintenance of
 open-source software related to XML security technologies,
 for distribution at no charge to the public.

 NOW, THEREFORE, BE IT RESOLVED, that a Project Management
 Committee (PMC), to be known as the "Apache Santuario
 PMC", be and hereby is established pursuant to Bylaws of the
 Foundation; and be it further

 RESOLVED, that the Apache Santuario PMC be and hereby is
 responsible for the creation and maintenance of software
 related to XML security technologies, based on software licensed
 to the Foundation; and be it further

 RESOLVED, that the office of "Vice President, Apache Santuario"
 be and hereby is created, the person holding such
 office to serve at the direction of the Board of Directors as
 the chair of the Apache Santuario PMC, and to have primary
 responsibility for management of the projects within the
 scope of responsibility of the Apache Santuario PMC; and be it
 further

 RESOLVED, that the persons listed immediately below be and
 hereby are appointed to serve as the initial members of the
 Apache Santuario PMC:

   * Axl Mattheus <amattheu@apache.org>
   * Berin Lautenbach <blautenb@apache.org>
   * Davanum Srinivas <dims@apache.org>
   * Raul Benito <raul@apache.org>
   * Sean Mullan <mullan@apache.org>
   * Werner Dittman <werner@apache.org>

 NOW, THEREFORE, BE IT FURTHER RESOLVED, that Berin Lautenbach
 <blautenb@apache.org> is appointed to the office of Vice President,
 Apache Santuario, to serve in accordance with and subject
 to the direction of the Board of Directors and the Bylaws of
 the Foundation until death, resignation, retirement, removal or
 disqualification, or until a successor is appointed; and be it
 further

 RESOLVED, that the initial Apache Santuario PMC be and
 hereby is tasked with the creation of a set of bylaws intended to
 encourage open development and increased participation in the
 Apache Santuario Project; and be it further

 RESOLVED, that the initial Apache Santuario PMC be and
 hereby is tasked with the migration and rationalization of the
 Apache XML PMC, XML Security subproject; and be it further

 RESOLVED, that all responsibility pertaining to the Apache XML,
 XML Security sub-project and encumbered upon the Apache XML PMC
 are hereafter discharged.

 By Unanimous Vote, Special Order 6D, Establish the Apache Santuario
 Project, was Approved.