[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: DSS-TC 16 May 2005 meeting minutes
DSS TC Conference Minutes
Date: Monday, 16 May 2005, 12:00pm - 01:00pm ET
Agenda:
1. Welcome by chair (Juan Carlos Cruellas)
2. Confirm conference call minute taker (Dimitri Andivahis)
Dimitri Andivahis took minutes.
3. Roll Call
Hal took the roll call.
Voting Members
Hal Lockhart, BEA Systems
Pieter Kasselman, Betrusted
Krishna Yellepeddy, IBM
Juan Carlos Cruellas, Individual
Andreas Kuehne, Individual
Trevor Perrin, Individual
Glenn Benson, J.P. Morgan Chase & Co.
Dimitri Andivahis, Surety
Prospective Member
Stefan Drees, Individual
4. Approval of agenda
Agenda approved.
5. Approval of minutes of 02 May 05
Minutes of 02 May 05 approved.
6. Outstanding Actions Review
Action 05-02-07-01 [Nick and JC] Add section on upcoming Profiles to
Roadmap Document.
Juan Carlos reported this is ongoing; to be completed within the next
two weeks.
Action 05-04-04-4 : Nick : draft a response to IPR question.
Juan Carlos reported that according to Nick (not present) this is
ongoing, and that Nick expected to report on it at the next conference call.
Action 05-04-04-5 : all : take a look at the ambiguous sentence
in section 3.5.8
Juan Carlos proposed that it remain open; Stefan seconded.
Action 05-04-04-6 : JC, Ed, Andreas : List of topics to be addressed
in InterOP testing
Juan Carlos reported it is ongoing, and that the list of topics
is not yet completed.
Action 05-04-18-01 [JC, Ed, and Dimitri] Ed to clarify Timestamp
verification and updating in the EPM profile. JC to confirm if any
clarifications required in XAdES. Dimitri to pick up and suggest any
required core clarifications.
Closed. In the previous conference call, Ed and Juan Carlos had expressed
the opinion that this action be closed, but wanted to hear Dimitri's
opinion (absent from previous call); Dimitri agreed to have this action
closed.
Action 05-04-18-04 [JC and Ed] JC to take a shot at some text which
will form the recommended change to the core. Ed to review and feedback.
Juan Carlos reported it is ongoing.
Action 05-05-02-01 - John Messing to provide information on the
new MIME type proposed by the Court Filing TC to replace base64 and DIME.
Juan Carlos reported it is ongoing.
Action 05-05-02-02 - Glenn Benson to issue a new version of Signature
gateway profile incorporating most of the comments in msg00015.html,
with some exceptions. Exceptions will be discussed off-line by mail.
Closed. Glenn submitted a new version and addressed the comments
that had been submitted by Nick. Nick has since sent email to the list
requesting further consideration on the description of service policy.
Action 05-05-02-03 - Juan Carlos, Andreas, Ed and Tommy to submit
signature artifacts to Wiki.
Juan Carlos reported it is ongoing.
7. Issues on the core and profiles maintenance
Juan Carlos explained that the issues of core and profile maintenance
were moved ahead of the upcoming profiles on the agenda
to allow for more time for discussion on these issues. Juan Carlos
asked Stefan, the new editor for the Core document, to provide an update.
7.1 Review issues in the Comments Tracking document.
. See also thread on Non encoding of XMLData, canonicalization,
exclusive canonicalization, and restrictions imposed to clients.
References:
starting: http://www.oasis-open.org/apps/org/workgroup/dss/email/archives/200505/msg00007.htm
.....
http://www.oasis-open.org/apps/org/workgroup/dss/email/archives/200505/msg00021.html
and their follow-ups
Stefan said that he submitted a new draft of the DSS Comments
Tracking document. The new draft contains information about
past discussions, even on topics where the discussion led to
no changes to the Core document.
Stefan explained that based on the recent discussion on the
mailing list about XML Data encoding and the exclusive
canonicalization issue, he opened a new issue, "Document vs.
Signature validation" and asked Trevor to talk further about it.
Trevor mentioned that the issue is not directly related to the
XML data encoding issues, and referred to his message on the list.
Trevor thought that the verify protocol is too complicated, compared
to the sign protocol, and thought that some of this functionality
could be moved to a profile.
Juan Carlos pointed that the XML data encoding issue should be
resolved first, since it affects implementers of the protocols,
and said that in hi thinking the issue of simplifying the verify protocol
is medium-term in terms of priority.
Trevor agreed.
Stefan thought that the issue deserved to be discussed at length,
and that it is important to match the vision and the implementation
for the documents. He also thought that the group could have
a drill-down approach and address the security concerns, and
he brought up his experience with XPath discussions. Stefan thought
that at this point there was diversity of opinions on the issues,
but was hopeful for a resolution.
Juan Carlos asked whether he knew how the email discussion between
Konrad (Lanz) and Trevor could be resolved, that is, by editing some
text, adding a new section, or otherwise.
Trevor said that the proposed requirement to apply client-side
canonicalization is problematic because, among other reasons,
it is not a requirement in XMLDSig. He also said he expects
Konrad's response to his last email to further advance resolution
of the issue.
Juan Carlos gave an example of a client who tries to sign a subtree
of an XML document, and asked whether under certain circumstances,
subsequent verification of the DSS signature would fail.
Trevor thought that in the specific example verification wouldn't
fail, but the issue is complicated enough that any discussion would
need to pay attention to the details.
Juan Carlos asked about Konrad's assertions on the mailing list
regarding security issues and attacks on the protocols.
Trevor responded that the cases presented (broken client)
were not really a security concern, and that a broken client
could only harm himself.
Trevor thought that the committee members could review his proposal
and come to an agreement.
ACTION [All] Consider Trevor's proposal on simplifying verification
and come to a resolution on the XML Schema issue.
ACTION [Stefan] Inspect all comments posted, assess whether issues are
closed, and post to the list.
8. Upcoming Profiles
- Signature gateway profile (Glenn)
Reference: http://www.oasis-open.org/apps/org/workgroup/dss/email/archives/200505/msg00017.html
Glenn talked about the additional comments submitted by Nick.
He thought the comments were on a minor issue, and asked for
information on moving forward with this profile.
Juan Carlos proposed for Glenn to try to clarify Nick's comments
this coming week, and possibly have this profile voted
as a committee draft at the next conference call.
Glenn agreed with this proposal, and will post a new draft document
after he resolves the issue with Nick.
- Timestamp profile update for managing nested time-stamps (Dimitri)
Dimitri reported that he had been away for two weeks and hadn't
followed up on Nick's most recent comments on the issue yet.
ACTION [Dimitri] Respond to Nick's comments on nested timestamps.
Juan Carlos proposed an additional action to add text and make
explicit the issues of timestamp verification related
to closed Action 05-04-18-01.
ACTION [ Juan Carlos, Ed, Dimitri ] Provide text to clarify Timestamp
verification and updating in the XAdES, EPM, timestamping profiles.
- Reports regarding any progress on other profiles
9. Interoperability testing
Juan Carlos said that certain artifacts has been uploaded to Wiki,
but not all test cases are available yet. He expected that by the
next conference call a document of all test cases would be posted.
Some sign request and some sign responses have been generated
and they will be exchanged through Wiki by the next conference
call.
10. Date of Next meeting. Proposal for 30th May 2005
It was pointed that May 30 is a holiday in the US, and that may affect
quorum. It was decided to wait 2-3 days until a decision can be made
on whether to keep or postpone the next conference call.
ACTION [Chairs] By the end of this week, determine whether the next
conference call should be held on May 30 or postponed until a later date.
11. Any other business
12. Close
New and outstanding Actions
Action 05-02-07-01 [Nick and JC] Add section on upcoming Profiles to
Roadmap Document.
Action 05-04-04-4 : Nick : draft a response to IPR question.
Action 05-04-04-5 : all : take a look at the ambiguous sentence in
section 3.5.8
Action 05-04-04-6 : JC, Ed, Andreas : List of topics to be addressed
in InterOP testing
Action 05-04-18-04 [JC and Ed] JC to take a shot at some text which
will form the recommended change to the core. Ed to review and feedback.
Action 05-05-02-01 - John Messing to provide information on the
new MIME type proposed by the Court Filing TC to replace base64 and DIME.
Action 05-05-02-03 - Juan Carlos, Andreas, Ed and Tommy to submit
signature artifacts to Wiki.
Action 05-05-16-01 [All] Consider Trevor's proposal on simplifying verification
and come to a resolution on the XML Schema issue.
Action 05-05-16-02 [Stefan] Inspect all comments posted, assess
whether issues are closed, and post to the list.
Action 05-05-16-03 [Dimitri] Respond to Nick's comments on nested timestamps.
Action 05-05-16-04 [ Juan Carlos, Ed, Dimitri ] Provide text to
clarify Timestamp verification and updating in the XAdES, EPM,
Core, and timestamping profiles.
Action 05-05-16-05 [Chairs] By the end of this week, determine whether the
next conference call should be held on May 30 or postponed until a later date.
Submitted by:
Dimitri Andivahis, Surety
dimitri@surety.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]