[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: DSS-TC 1 November 2004 meeting minutes
DSS TC Conference Minutes Date: Monday, 01 November 2004 Time: 12:00pm to 01:00pm Eastern Time Attendees: Voting Members John Messing, American Bar Association Hal Lockhart, BEA Systems Pieter Kasselman, Betrusted Paul Madsen, Entrust Krishna Yellepeddy, IBM Juan Carlos Cruellas, Individual Andreas Kuehne, Individual Trevor Perrin, Individual Nick Pope, Individual Glenn Benson, J.P. Morgan Chase & Co. Frederick Hirsch, Nokia Mobile Phones Dimitri Andivahis, Surety Ed Shallow, Universal Postal Union Observer Burt Kaliski, RSA Security Agenda: 1. Welcome by chair (Juan Carlos Cruellas) 2. Confirm Minutes Secretary (Dimitri Andivahis) Dimitri Andivahis took minutes. 3. Roll Call. Hal took the roll call. 4. Approval of Agenda Glenn requested that the entry for the OTP profile be changed to Signature Gateway Profile. Agenda Approved. 5. Approval of Minutes of 18-10-2004 conference call Minutes of 18 October 2004 approved. 6. Follow-up on previous Actions Action 04-08-09-2: Nick and Carl to sketch the outline of a more detailed document regarding the use of DSS with ebXML. Ongoing, nothing to report. ACTION - 04-10-04-5 [All Profile Editors] Add to skeleton document once it is available. Ongoing. Trevor reported that no contributions have been made. ACTION - 18-10-04-1 [Nick] authentication tokens in EPM, Entity Seal Profile, OTP and Signature Gateway and whether they may require changes to core. Inline request-response will also be raised on the list on 10-19-04. Closed, based on email discussion on the list and further discussion under Agenda item 7.1. ACTION - 18-10-04-2 [Glenn] signature gateway and inline services to be discussed on the current OTP-Signature Gateway email thread. Closed, based on email discussion on the list. 7. Report on status of the core. 7.1 Discusions on authentication tokens and its impact in the core. Ref:http://www.oasis-open.org/archives/dss/200410/msg00052.html and following. Trevor added the SupportingInfo element to ClaimedIdentity. SupportingInfo can be used by profiles to carry information related to the client's identity. Trevor also added text clarifying how the optional input ReturnUpdatedSignature is supposed to work. It is up to the profiles to describe the exact semantics (i.e. the examples provided are just examples). Juan Carlos asked whether the info in ClaimedIdentity may be unauthenticated, or whether it confirms that the client has been authenticated by a server. Trevor said that the user is supposed to authenticate using the name claimed (through the underlying binding or through the server). Nick said that it is up to the profiles to specify how authentcation must work in this case. Juan Carlos gave the example of using SAML assertions for the claimed identity. Nick said that the protocol requires that this authentication step be done somehow, and asked whether an identifier should be defined to describe what goes into SupportingInfo. Hal and Frederick suggested we borrow from the SAML work. Ed proposed that text be added to the core noting that implementations must specify the type of authentication being used. Glenn raised the issue that in some cases signature data may have more than one meaning (e.g. authenticate and provide integrity), and asked for direction whether a digital signature should be used withing SupportingInfo in the Signature Gateway profile. Trevor thought it was possible; Nick thought a SAML assertion would be a more appropriate type of content; Ed thought a profile ahould be able to decide how to proceed; Juan Carlos thought it would be nice to include examples, both with digital signatures and with other data. NEW ACTION 04-11-01-1 [Nick] provide further clarification of the use of SupportingInfo within ClaimedIdentity and RequesterIdentity. 8. Discussion and approval of new version of the charter. Postponed until next conference call. NEW ACTION 04-11-01-2 [Ed] provide text and suggestions regarding charter update. 9. ANSI X9F4 and DSS TC liaison. Report of last ANSI X9F4 meeting. Juan Carlos gave a summary of the discussion that took place in the X9F4 phone conference on October 21; he and Robert Zuccherato participated. Juan Carlos said that the discussion covered the pros and cons of XML Digital Signature vs XML CMS. As a result, X9F4 will add a note to the X9.95 document recognizing that XML DigSig alternatives may be used to comply with the X9.95 timestamping requirements. Juan Carlos said that the differences between the X9F4 TSTInfo and the equivalent DSS definition were covered. As a result, X9F4 will add a note recognizing the DSS Timestamping profile, and would welcome a contribution from the DSS TC in the form of an informational Annex to X9.95 providing a map between the X9F4 TSTInfo and the OASIS DSS TSTInfo definitions. However, there isn't much time to do that because X9.95 has already been balloted and X9F4 is currently doing comment resolution. Nick asked Paul if Entrust would like to help; Paul will talk to Robert Zuccherato. NEW ACTION 04-11-01-3 [Juan Carlos, Nick, Paul] provide TSTInfo related text for X9F4's consideration. Ed asked if such an Annex would server any purpose other than document how two standards groups were unable to iron out their differences. Nick said more discussion should take place on the mailing list before anything is submitted to X9F4. Juan Carlos further described how the X9F4 conference discussed the relative advantages of the ANSI and DSS timestammp request and timestamp verification protocols. NEW ACTION 04-11-01-4 [Juan Carlos] contact Jeff Stapleton (X9F4 chair) and ask for progress in their study of DSS OASIS protocols. NEW ACTION 04-11-01-5 [Juan Carlos] circulate to the mailing list the minutes of the X9F4 phone conference on October 21. 10. Progress of profiles to CDs. 10.1 Status review. - Asynchronous Profile (Andreas Kuehne) - Code-signing (Pieter Kasselman) - Policy wise server (Paul Madsen) - XAdES (Juan Carlos Cruellas) - EPM (Ed Shallow) - German Signature Law (Andreas Kuehne) - WSS (Frederick Hirsch) - Entity seal (Nick Pope) - Judicial signing (John Messing) - Notarial (John Messing) - ebXML Registry profile (Carl Mattocks) - One-time password profile (Glenn Benson/Burt Kaliski) 10.3 Identification of those profiles ready for voting as CDs. Andreas said that the Asynchronous Profile and the German Signature Law profile could proceed to CD vote. Pieter said that the Code-signing profile could proceed to CD vote. Paul said the Policy wise server profile could proceed to CD vote. Juan Carlos said the XAdES profile could proceed to CD vote. Ed said he still has to incorporate some of Juan Carlos's suggestions, so he will give his response at the next phone conference. NEW ACTION 04-11-01-6 [Ed] update the document for the EPM profile. Frederick said the WSS profile is not included in this round of CD voting; scheduled for the following round. Nick said the Entity seal profile could proceed to CD vote, pending investigation of the use of SupportingInfo for authenticated tokens. John said the Judicial signing profile is not ready for CD vote yet. He and Nick are presenting an updated version at a Court filing TC meet in mid December. Same is true for the Notarial profile. Nick said the ebXML Registry profile is scheduled for the following round of CD voting. Glenn presented the latest development regarding the Signature Gateway profile. He said that Burt Kaliski's idea to separate the in-line and request-response parts of the protocol resolved the earlier issues discussed on the mailing list. Nick said it was worth capturing the use case of an inline proxy as used in combination with the DSS request response protocol. John asked for any known IPR regarding the inline service. Glenn and Burt said they had no knowledge of any IPR claims. Glenn proposed that he be the editor of the Signature Gateway profile and work with Burt's help. He will further discuss the issue of using the same signature to both authenticate with the server and provide integrity for the messages (on the mailing list). 10.2 Voting profiles for CDs if appropiate. None taken. 11. Review of status of Roadmap document. No update. 12. Any other business Nick brought up Glenn's suggestions (in private email message since forwarded to the mailing list): - to provide XML examples in the various profiles. - to separate XML schema of profiles from core Schema. It was mentioned that at this stage and so close to the first round of CD voting for profiles, it would be too hard to require XML examples. NEW ACTION 04-11-01-7 [all editors] add XML examples to profiles. Glenn said that profiles should have separate schemas from the core to facilitate verification against them. Ed thought that was always the intention. NEW ACTION 04-11-01-8 [all] discuss issue of separate XML schema for profiles. 13. Confirm date of next conference call Confirmed for November 15. Close of the meeting New and outstanding Actions Action 04-08-09-2: Nick and Carl to sketch the outline of a more detailed document regarding the use of DSS with ebXML. ACTION - 04-10-04-5 [All Profile Editors] Add to skeleton document once it is available. ACTION 04-11-01-1 [Nick] provide further clarification of the use of SupportingInfo within ClaimedIdentity and RequesterIdentity. ACTION 04-11-01-2 [Ed] provide text and suggestions regarding charter update. ACTION 04-11-01-3 [Juan Carlos, Nick, Paul] provide TSTInfo related text for X9F4's consideration. ACTION 04-11-01-4 [Juan Carlos] contact Jeff Stapleton (X9F4 chair) and ask for progress in their study of OASIS DSS protocols. ACTION 04-11-01-5 [Juan Carlos] circulate to the mailing list the minutes of the X9F4 phone conference on October 21. ACTION 04-11-01-6 [Ed] update the document for the EPM profile. ACTION 04-11-01-7 [all editors] add XML examples to profiles ACTION 04-11-01-8 [all] discuss issue of separate XML schema for profiles. Submitted by: Dimitri Andivahis, Surety dimitri@surety.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]