04-02-09 draft minutes

[<Frederick.Hirsch@nokia.com>]

Enclosed are draft meeting minutes from today's DSS conference call.


regards, Frederick

Frederick Hirsch
Nokia

 <<04-02-09-minutes.txt>> 
Meeting Minutes
Meeting: OASIS DSS Teleconference 
Date: 9 Feb 2004 
Minutes Secretary - Frederick Hirsch, Nokia

Attendees: 

Dimitri Andivahis, Surety 
Frederick Hirsch, Nokia
Andreas Kuehne, self
Hal Lockhart, BEA Systems 
Mike Mcintosh, IBM
Paul Madsen Entrust 
Trevor Perrin, self 
Nick Pope, self
Krishna Yellepeddy, IBM 

Dallas Powell - legalXML, observer


AGENDA
1 Welcome by chair (Nick Pope)

2. Confirm Minutes Secretary (Frederick Hirsch)
Confirmed

3. Roll Call.
Quorum was not achieved. (8 voting members, 11 needed)
Nick - Need to review membership numbers, warn members.
Hal will check quorum and send warning messages.

4. Approval of Agenda
No discussion

5. Approval of Minutes of DSS TC conference call:
- 12 January 2004
- 26 January 2004
Deferred until meeting with quorum.

6. Review of outstanding actions

03-12-15-3 - Paul Madsen policy-wise server profile: how to use DSS
protocol when all hash mechanism, etc., issues are handled by
server. Paul to send a note to the list 

Paul - action still open, no consensus yet on model.

Paul to send message to list to start discussion.

7. Discussion on profiles

7.1 Nomination of the coordinator 
- Agreement to appoint Trevor Perrin as technical coordinator requires
formal confirmation 

No objection noted at this point, formal vote will be when quorum achieved.

7.2 Report on the status of the work for each of the profiles.
+ Added policy-wise to list.

1) Time-stamp (Trevor)

Trevor - new version and new template document out (XYZ template). 

Template
Abstract profiles - just server processing, just protocol etc, broke
out into sections in template, can put not-applicable for sections not
needed in given profile 

Timestamping profile
- Type of signature returned - XML Timestamp or generic DSS timestamp

Profile identifier can be conveyed in protocol.
Hal - concrete profiles must define versions of abstract profiles
built on, to avoid ambiguity.

Nick - one server might support more than one timestamping mechanism

Action - Trevor to raise issue on list, start discussion threat.

Trevor - Open issue logged in back of document:
What type of binding needed to verify return signature when not using
a secure binding. Prefer secure binding, but signature verification
could be adequate. 

2) Code-signing 
Deferred discussion 

3) EPM 
Deferred discussion 

4) Wsecurity 
Frederick - Put out a draft discussion document indicating goals as a
starting point.

Hal - Generally can expect server to generate token as server has
signing key, can send up token to possibly define how to refer to key

Hal - should consider HMAC explicitly
Frederick - yes, XML Dsig allows HMAC
Hal - should be explicit so nobody is surprised

Paul - we should consider policy wise use cases, combination with
policy wise

General agreement with this

5) Court-filing

Nick - Nick, Dallas Powell and John Messing have had some discussions on
outlining profile. Two proposals - entity seal (similar to corporate
seal),  judicial profile (judicial authority has server to sign on
behalf of the judicial agency)

Nick to post two documents for these two proposals to list.

Dallas - Legal XML communitity defining envelope to transmit documents
between attorney and courts, also "integrated justice" (police, jails
etc) Influence global project, "Judical XML"

Looking to better understand signing and sealing of documents and how
to include in these envelope definitions.

6) XAdES 
Nick - Juan-Carlos plans to expand overview , has distributed
requirements document. Discussion on how to like to EPM profile.

No discussion.

7) German Signature Law

Andreas - tried to contact regulatory body, have not received an
answer yet. Adopting Trevor's new template. Entering requirements stage.

8) Policy-wise

Paul - Looking at Trevor's template, indicating relationships between
profiles is important. 

Paul - Do we need a document that refers to template, schema doc and profiles
core schema?

Trevor - only profile protocol, indifferent to everything
else. Regarding schema, copy of schema, reduced to only what is
needed.

Paul - propose taking template doc, create a policy-wise specific
abstract profile, and a separate schema document.

Nick - would like to see how it works with another profile, how to
clarify this.

Paul - possibly WSS profile is good test case

Frederick - so policy-wise is another core, the preferred core, is
this confusing

Trevor - it limits the optionality

discussion of whether to keep separate from core

7.3 Coordination document report on status 

Trevor - Currently have list of all profiles that have outlines, and
template document. 

Nick - would like to see roadmap

7.4 Next steps for each of the profiles. 

wss - feedback on list regarding goals, discussion document, input
court - distribute docs
german signature law - break down requirements doc
policy-wise - progress and see how fits in

8. Report on status of Core document. 

Trevor - Added bindings to core (HTTP POST and TLS bindings) Let know
if other bindings are needed. Possibly controversial is use of SRP,
internet draft.

Frederick - could consider using SOAP Message Security Username token
profile for password based  authentication as well

Action item on TC to review at bindings material.
Action - let TC know if agree with SOAP Message Security binding is
needed

Trevor - Frederick raised issues on list. Example is use of QNames as
Property Identifiers.

Nick - has implication on XAdES, will discuss with Juan-Carlos

9. Any other business 
None

10. Confirm next conference call: 23 Feb 04 

Meeting closed.
----