[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: DSS-TC 1 November 2004 meeting minutes
DSS TC Conference Minutes
Date: Monday, 01 November 2004
Time: 12:00pm to 01:00pm Eastern Time
Attendees:
Voting Members
John Messing, American Bar Association
Hal Lockhart, BEA Systems
Pieter Kasselman, Betrusted
Paul Madsen, Entrust
Krishna Yellepeddy, IBM
Juan Carlos Cruellas, Individual
Andreas Kuehne, Individual
Trevor Perrin, Individual
Nick Pope, Individual
Glenn Benson, J.P. Morgan Chase & Co.
Frederick Hirsch, Nokia Mobile Phones
Dimitri Andivahis, Surety
Ed Shallow, Universal Postal Union
Observer
Burt Kaliski, RSA Security
Agenda:
1. Welcome by chair (Juan Carlos Cruellas)
2. Confirm Minutes Secretary (Dimitri Andivahis)
Dimitri Andivahis took minutes.
3. Roll Call.
Hal took the roll call.
4. Approval of Agenda
Glenn requested that the entry for the OTP profile be changed to Signature
Gateway Profile.
Agenda Approved.
5. Approval of Minutes of 18-10-2004 conference call
Minutes of 18 October 2004 approved.
6. Follow-up on previous Actions
Action 04-08-09-2: Nick and Carl to sketch the outline of a more
detailed document regarding the use of DSS with ebXML.
Ongoing, nothing to report.
ACTION - 04-10-04-5 [All Profile Editors] Add to skeleton document once it is available.
Ongoing. Trevor reported that no contributions have been made.
ACTION - 18-10-04-1 [Nick] authentication tokens in EPM, Entity Seal Profile, OTP and Signature Gateway and whether they may require changes to core. Inline request-response will also be raised on the list on 10-19-04.
Closed, based on email discussion on the list and further discussion
under Agenda item 7.1.
ACTION - 18-10-04-2 [Glenn] signature gateway and inline services to be discussed on the current OTP-Signature Gateway email thread.
Closed, based on email discussion on the list.
7. Report on status of the core.
7.1 Discusions on authentication tokens and its impact in the core.
Ref:http://www.oasis-open.org/archives/dss/200410/msg00052.html and following.
Trevor added the SupportingInfo element to ClaimedIdentity.
SupportingInfo can be used by profiles to carry information related
to the client's identity. Trevor also added text clarifying
how the optional input ReturnUpdatedSignature is supposed to work.
It is up to the profiles to describe the exact semantics
(i.e. the examples provided are just examples).
Juan Carlos asked whether the info in ClaimedIdentity may be
unauthenticated, or whether it confirms that the client has been
authenticated by a server.
Trevor said that the user is supposed to authenticate using the name
claimed (through the underlying binding or through the server).
Nick said that it is up to the profiles to specify how authentcation
must work in this case.
Juan Carlos gave the example of using SAML assertions for the claimed identity.
Nick said that the protocol requires that this authentication step
be done somehow, and asked whether an identifier should be defined
to describe what goes into SupportingInfo.
Hal and Frederick suggested we borrow from the SAML work.
Ed proposed that text be added to the core noting that implementations
must specify the type of authentication being used.
Glenn raised the issue that in some cases signature data may have more
than one meaning (e.g. authenticate and provide integrity), and asked
for direction whether a digital signature should be used withing
SupportingInfo in the Signature Gateway profile.
Trevor thought it was possible; Nick thought a SAML assertion would be
a more appropriate type of content; Ed thought a profile ahould be able
to decide how to proceed; Juan Carlos thought it would be nice
to include examples, both with digital signatures and with other data.
NEW ACTION 04-11-01-1 [Nick] provide further clarification of the use of
SupportingInfo within ClaimedIdentity and RequesterIdentity.
8. Discussion and approval of new version of the charter.
Postponed until next conference call.
NEW ACTION 04-11-01-2 [Ed] provide text and suggestions regarding charter update.
9. ANSI X9F4 and DSS TC liaison. Report of
last ANSI X9F4 meeting.
Juan Carlos gave a summary of the discussion that took place in
the X9F4 phone conference on October 21; he and Robert Zuccherato
participated.
Juan Carlos said that the discussion covered the pros and cons
of XML Digital Signature vs XML CMS. As a result, X9F4 will add
a note to the X9.95 document recognizing that XML DigSig alternatives
may be used to comply with the X9.95 timestamping requirements.
Juan Carlos said that the differences between the X9F4 TSTInfo
and the equivalent DSS definition were covered. As a result,
X9F4 will add a note recognizing the DSS Timestamping profile,
and would welcome a contribution from the DSS TC in the form of
an informational Annex to X9.95 providing a map between the
X9F4 TSTInfo and the OASIS DSS TSTInfo definitions.
However, there isn't much time to do that because X9.95 has
already been balloted and X9F4 is currently doing comment resolution.
Nick asked Paul if Entrust would like to help; Paul will talk
to Robert Zuccherato.
NEW ACTION 04-11-01-3 [Juan Carlos, Nick, Paul] provide TSTInfo related text
for X9F4's consideration.
Ed asked if such an Annex would server any purpose other than document
how two standards groups were unable to iron out their differences.
Nick said more discussion should take place on the mailing list
before anything is submitted to X9F4.
Juan Carlos further described how the X9F4 conference discussed
the relative advantages of the ANSI and DSS timestammp request
and timestamp verification protocols.
NEW ACTION 04-11-01-4 [Juan Carlos] contact Jeff Stapleton (X9F4 chair)
and ask for progress in their study of DSS OASIS protocols.
NEW ACTION 04-11-01-5 [Juan Carlos] circulate to the mailing list the minutes
of the X9F4 phone conference on October 21.
10. Progress of profiles to CDs.
10.1 Status review.
- Asynchronous Profile (Andreas Kuehne)
- Code-signing (Pieter Kasselman)
- Policy wise server (Paul Madsen)
- XAdES (Juan Carlos Cruellas)
- EPM (Ed Shallow)
- German Signature Law (Andreas Kuehne)
- WSS (Frederick Hirsch)
- Entity seal (Nick Pope)
- Judicial signing (John Messing)
- Notarial (John Messing)
- ebXML Registry profile (Carl Mattocks)
- One-time password profile (Glenn Benson/Burt Kaliski)
10.3 Identification of those profiles ready for
voting as CDs.
Andreas said that the Asynchronous Profile and the German Signature Law
profile could proceed to CD vote.
Pieter said that the Code-signing profile could proceed to CD vote.
Paul said the Policy wise server profile could proceed to CD vote.
Juan Carlos said the XAdES profile could proceed to CD vote.
Ed said he still has to incorporate some of Juan Carlos's suggestions,
so he will give his response at the next phone conference.
NEW ACTION 04-11-01-6 [Ed] update the document for the EPM profile.
Frederick said the WSS profile is not included in this round of CD voting;
scheduled for the following round.
Nick said the Entity seal profile could proceed to CD vote, pending
investigation of the use of SupportingInfo for authenticated tokens.
John said the Judicial signing profile is not ready for CD vote yet.
He and Nick are presenting an updated version at a Court filing TC meet
in mid December. Same is true for the Notarial profile.
Nick said the ebXML Registry profile is scheduled for the following round of
CD voting.
Glenn presented the latest development regarding the Signature Gateway
profile. He said that Burt Kaliski's idea to separate the in-line
and request-response parts of the protocol resolved the earlier issues
discussed on the mailing list.
Nick said it was worth capturing the use case of an inline proxy
as used in combination with the DSS request response protocol.
John asked for any known IPR regarding the inline service.
Glenn and Burt said they had no knowledge of any IPR claims.
Glenn proposed that he be the editor of the Signature Gateway profile
and work with Burt's help. He will further discuss the issue of using
the same signature to both authenticate with the server and provide
integrity for the messages (on the mailing list).
10.2 Voting profiles for CDs if appropiate.
None taken.
11. Review of status of Roadmap document.
No update.
12. Any other business
Nick brought up Glenn's suggestions (in private email message since
forwarded to the mailing list):
- to provide XML examples in the various profiles.
- to separate XML schema of profiles from core Schema.
It was mentioned that at this stage and so close to the first round
of CD voting for profiles, it would be too hard to require
XML examples.
NEW ACTION 04-11-01-7 [all editors] add XML examples to profiles.
Glenn said that profiles should have separate schemas from
the core to facilitate verification against them.
Ed thought that was always the intention.
NEW ACTION 04-11-01-8 [all] discuss issue of separate XML schema for profiles.
13. Confirm date of next conference call
Confirmed for November 15.
Close of the meeting
New and outstanding Actions
Action 04-08-09-2: Nick and Carl to sketch the outline of a more detailed document regarding the use of DSS with ebXML.
ACTION - 04-10-04-5 [All Profile Editors] Add to skeleton document once it is available.
ACTION 04-11-01-1 [Nick] provide further clarification of the use of SupportingInfo within ClaimedIdentity and RequesterIdentity.
ACTION 04-11-01-2 [Ed] provide text and suggestions regarding charter update.
ACTION 04-11-01-3 [Juan Carlos, Nick, Paul] provide TSTInfo related text for X9F4's consideration.
ACTION 04-11-01-4 [Juan Carlos] contact Jeff Stapleton (X9F4 chair) and ask for progress in their study of OASIS DSS protocols.
ACTION 04-11-01-5 [Juan Carlos] circulate to the mailing list the minutes of the X9F4 phone conference on October 21.
ACTION 04-11-01-6 [Ed] update the document for the EPM profile.
ACTION 04-11-01-7 [all editors] add XML examples to profiles
ACTION 04-11-01-8 [all] discuss issue of separate XML schema for profiles.
Submitted by:
Dimitri Andivahis, Surety
dimitri@surety.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]