[dss] Draft Minutes of December 2, 2002 Meeting

[Robert Zuccherato <robert.zuccherato@entrust.com>]

Title: Draft Minutes of December 2, 2002 Meeting

Below are the draft minutes of our December 2, 2002 meeting, as taken by Carlisle Adams.  I've also attached the modified charter that we agreed to. 

-----------------------------------------------------------------------------------

OASIS Digital Signature Services (DSS) TC
Meeting Minutes:  December 2, 2002

This was the first meeting of the DSS TC.  OASIS members who had notified the chair of their intent to join this TC at least 15 days prior to this meeting, and who were present on this teleconference, officially became members of this TC at this meeting.

The agenda for the call was as follows:

1.  Welcome by chair.
2.  Roll call.
3.  Review of OASIS TC process and IPR policy.
4.  Review of TC charter and schedule.
5.  Establish standing rules for the TC.
6.  Selection of roles (secretary, editors, webmaster)
7.  Discussion of Security Joint Committee and selection of liaisons.
8.  Set meeting schedule and request meeting hosts.
9.  Submission of input documents.
        -Entrust input documents.
        -Do we need a "Call for inputs"?
10.  Any other business.
11.  Close.

Items 2 and 3 were reversed, since Karl was calling long-distance from Europe and hoped to keep his time on the call as short as possible.

Karl Best:  review of TC process and IPR policy
 - TC Process and IPR Policy are normative OASIS documents; everyone should become familiar with these
 - IPR policy deals with contributions and OASIS copyright.  The goal is full disclosure of any applicable encumberances for submitters; disclosure by others is welcome, but this cannot be required or enforced.

 - license terms:  RAND (Reasonable and Non-Discriminatory) or RF (Royalty-Free) are acceptable to OASIS.
 - TC process:  how TCs are created; how they run.  Open and democratic; public comment lists; discussions must be in the open; publicly-accessible mail lists, documents, discussions.  Majority vote or consensus, with decisions minuted.  Joining TC means implicit agreement with charter.  Charter can be clarified, but not substantially changed.

 - clarifying questions:  1. Is the IPR policy requirement only on submitters?  What about other OASIS members?  (Answer:  only on submitters.  No enforcement mechanism for others.)  2. How can people join TC if they aren't on today's call?  (Answer:  this is spelled out in the policy.  Waiting period of 60 days or 3 TC meetings, whichever comes first.)

Roll call
 - see below for meeting attendees.

TC Charter and Schedule
 - paragraph-by-paragraph review of draft charter
 - no objections to first or second paragraphs
 - third paragraph:  (?speaker?):  looks like a false symmetry between 2nd and 3rd paragraphs:  2nd is for security; 3rd is for convenience, so they're not the same.  (Hal Lockhart, Fred Hirsh, Jeremy Epstein):  disagree.  (Jeremy):  verification doesn't need to be as secure.  (Phill Hallam-Baker):  sometimes verification does need high security:  e.g., signed response may be evidence later on.  Consensus:  no changes required in wording of charter.

 - fourth paragraph:  (Carlisle Adams):  change "public" to "private"?  (Phill):  use "key pair" instead, or just "key".  (Manoj): what about "certificate"?  Answer:  this implies public-key technology, and also implies that certificate exists.  (Hal): not restricted to certificates; there may be other ways of implementing this (i.e., associating a validity period with a key).  Consensus:  just use "key".

 - fifth paragraph:  no objections
 - therefore, consensus on charter wording (revised as noted above).

 - relationship to existing activities:  (Robert Zuccherato):  has an e-mail suggesting the addition of LegalXML e-notary.  (Nick Pope): add ETSI TC on Electronic Signatures and Infrastructure.  (Phil Griffin): add X9F4 X9.95 Trusted Time Stamp work.  (Dimetri):  ISO 18014 (an SC 27 document in three parts, of which 2 parts are now complete).  (Carlisle): is there any need to add XML Encryption?  (Answer:  perhaps to hide requests for signature, or to ask for a signature on an encrypted document.  Let's add it for now.)  (Phill):  what about delegated encryption and decryption services?  (No consensus; this will not be added.)  (Phil G.): XCBF added.  (John Ross):  election services technical committee; they're doing work on time stamps for XML documents).

 - consensus:  all agreed items above will be added to list

TC deliverables
 - (John Linn):  do last two include distributed case where key is split?  (Answer:  yes, so perhaps we should drop the term "centralized").

 - (Nick Pope):  where is the time stamping (Answer:  #1).  What about time stamping formats themselves?  Are these within scope?  (Answer:  using time stamps for the purpose of proving key was used during its validity period.)  (Phil G.):  goal is not to define a time stamp protocol.  (Robert):  although we're not precluding this.  (Nick):  add "including a time stamping protocol" to sentence.  (Consensus on this.)  (Carlisle):  remove the word "private", just as in the charter wording?  (Consensus on this.)  (Fred Hirsh): is this constrained to XML digital signatures, or is it open to a wider interpretation?  (Answer:  open to wider interpretation.)  (John Linn):  why does #1 say protocol, and #4, #5 say interface?  (Answer:  just because there are already protocols such as RFC 3161 for #1.  But don't attach too much significance to these terms.)

TC schedule
 - (Robert):  about a year to complete activities
 - (Hal, Krishna Sankar):  agree
 - (Krishna): suggest a 1.0 and 2.0 feature list
 - (Jeremy):  1 year usually means 2, so pick what you think can be done in 6 months, then this will take a year.

Standing rules
 - OASIS non-TC members can read mail list.  Moved by Hal; seconded by John Ross; no objections.  (Passed.)
 - voting by e-mail.  Moved by Phil G; seconded by Hal; no objections.  (Passed.)

Roles
 - secretary:  Hal Lockhart willing to take on membership and administration function.  There will be a rotating secretary for meeting minutes.

 - editors:  Manoj Srivasta volunteered to edit the signature request and verification document.  Krishna Sankar volunteered to edit the time stamp document.  Krishna also volunteered to edit the use case and requirements document.

 - Webmaster:  Jeffery Lomas is the OASIS Web support person.  Announcements, meeting minutes, membership lists, etc., need to be uploaded to ftp site.  Robert Zuccherato volunteered to take this role for now.

Security Joint Committee
 - Phil G. gave a brief description of the SJC scope and goals (see Web site)
 - formation of a liaison subcommittee with Robert as official liaison to SJC:  moved by Phil G; seconded by Krishna; no objections.  (Passed.)

 - Phil G. also volunteered to join this subcommittee and called for others to join as well, if interested.

Meeting schedule and hosts
 - leave it as every other Monday.  (Consensus.)
 - next meeting on the 16th, then no meeting on the 30th, then on Jan. 13th, Jan 27th, etc.  (Consensus.)
 - Europeans asked if we could make it an hour earlier.  (Consensus.)
 - initially, start with one-hour meetings.  (Consensus.)
 - Entrust will host next meeting on Dec. 16; Krishna / Cisco volunteered to host Jan. 13

Input documents
 - Robert:  documents in three areas:  time stamping protocol; signature request; extension to X-KISS for signature verification

 - Carlisle:  quick overview of time stamp input document.
 - (Hal): need section to cover OASIS IPR requirements.  (Robert):  mentioned the Entrust statement in the e-mail he sent that submitted these input documents.  (Manoj)  said that he can do the same for the document he submitted.

 - (Juan Carlos):  at an XML conference in Europe, there was a paper on time stamping.  He will try to get the author's permission to submit this to DSS.  The Election Markup Language may get submitted as well; the ETSI may get submitted as well.

 - time frame for accepting submissions:  (Robert): a couple of months.  (Tim Moses):  a week or two should be enough.  (Hal): interpretation of this window is "how long before we begin creating a DSS spec?".

 - time stamp input:  (Phil G): ISO 18014 incorporates RFC 3161.  (Phill): at what point do we run into Haber and Stornetta if we get a broader protocol spec?  Would rather be wary here.  (?John Ross? ?Nick Pope?):  minimum is RFC 3161 in XML; do we need other mechanisms as well?  (Phil G):  X9 area and its users need in-house time stamp service, which is prohibited by the ISO and IETF documents.  However, agrees that RFC 3161 should be the basis of the DSS work.

 - Robert:  quick overview of Digital Signature Web Service Interface input document:  RPC interface; very simple; authentication and authorization out of scope.  Also, there is the X-KISS extension for signature verification.

 - Manoj:  schema for a signature verification Web service:  input is signed XML (enveloped, enveloping, time stamped, etc.); response is list of signatures found, relevant certificates, the object that was signed (i.e., the raw data), signature properties, error codes

 - (NicK Pope):  work in ETSI looking at validity of signatures beyond certificate validity period.  Will send a link to this work to the DSS mail list.

 - (Hal):  question for Rob with respect to the signature creation input document:  does it assume that the service only has one key?  (Answer:  yes, to keep things simple.  Will need to look at some of these details.)

Adjourn.

--------------------------------------------------------

Meeting attendees (and therefore DSS TC members):

Alessandro Triglia      OSS Nokalva
Andreas Kuehne 
Carlisle Adams  Entrust
Daniel Greenwood       
Dimitri Andivahis       Surety
Don Adams       TIBCO
Frank Siebenlist        Argonne National Laboratory
Frederick Hirsch        Nokia Mobile Phones
Gideon Yuval    Microsoft
Gregor Karlinger        The Chief Information Office of the Austrian Federal Ministry for Public Services and Sports
Hal Lockhart    Entegrity Solutions
Jeff Bohren     OpenNetwork Technologies, Inc
Jeremy Epstein  webMethods
John Linn       RSA Security
John Ross      
Juan Carlos Cruellas   
Kate Wang       IONA
Krishna Sankar  Cisco
Manoj K. Srivastava     Infomosaic Corporation
Marc Branchaud  RSA Security
Merlin Hughes   Baltimore
Nick Pope      
Phil Griffin    Griffin Consulting
Phillip Hallam-Baker    Verisign
Ram Austryjak Moskovitz Verisign
Rich Salz       DataPower Technology
Robert Zuccherato       Entrust
Tim Moses       Entrust

<<DSS Charter Revision.pdf>>

Attachment: DSS Charter Revision.pdf
Description: Binary data