ws-sx message

Subject: WS-SX TC Minutes, Feb 8 2006
From: "Paul Cotton" <Paul.Cotton@microsoft.com>
To: <ws-sx@lists.oasis-open.org>
Date: Wed, 8 Feb 2006 12:17:13 -0800
WS-SX TC Minutes, Feb 8 2006

Summary of new Action items:

ACTION 2005-02-08-01 Chairs to ensure the list of voting members on the
roster is correct.

ACTION 2005-02-08-02 Chairs to re-run the charter clarification ballot
#2 a second time (after fixing the roster).

ACTION 2006-02-08-03 Marc Goodner to post WS-SX issue template to TC
site and Chairs to put it in a prominent location to make it easier to
find.

ACTION 2006-02-08-04 TC members to review the initial interop scenarios
by the Feb 15 TC meeting so that the TC can decide at that meeting
whether the TC has "critical mass" for an Apr F2F interop event.

1. Call to order/roll call

Present:
Frank Siebenlist  Argonne National Laboratory*     
Jong Lee  BEA Systems, Inc.*     
Hal Lockhart  BEA Systems, Inc.*     
Denis Pilipchuk  BEA Systems, Inc.*     
Corinna Witt  BEA Systems, Inc.*     
Symon Chang  Blue Titan Software*     
Steve Anderson  BMC Software*     
Rich Levinson  Computer Associates*     
Yakov Sverdlov  Computer Associates*     
Nick Ragouzis*  Enosis Group LLC*     
Dana Kaufman  Forum Systems, Inc.*     
Toshihiro Nishimura  Fujitsu Limited*     
Irving Reid  Hewlett-Packard*     
Greg Whitehead  Hewlett-Packard*     
Ching-Yun (C.Y.) Chao  IBM*     
Henry (Hyenvui) Chung  IBM*     
Heather Hinton  IBM*     
Kelvin Lawrence  IBM*     
Michael McIntosh  IBM*     
Anthony Nadalin  IBM*     
Michael Perks  IBM*     
Blake Dournaee  Intel     
Mike Lyons  Layer 7 Technologies Inc.*     
Jan Alexander  Microsoft Corporation*     
Paul Cotton  Microsoft Corporation*     
Colleen Evans  Microsoft Corporation*     
Mark Fussell  Microsoft Corporation*     
Vijay Gajjala  Microsoft Corporation*     
Marc Goodner  Microsoft Corporation*     
Martin Gudgin  Microsoft Corporation*     
Chris Kaler  Microsoft Corporation*     
Asir Vedamuthu  Microsoft Corporation*     
Norman Brickman  Mitre Corporation*     
Frederick Hirsch  Nokia Corporation*     
Paul Knight  Nortel Networks Limited*     
Lloyd Burch  Novell*     
Steve Carter  Novell*     
Howard Bae  Oracle Corporation*     
Ashok Malhotra  Oracle Corporation*     
Prateek Mishra  Oracle Corporation*     
Alex Hristov  Otecia Incorporated*     
Darren Platt  Ping Identity Corporation*     
Werner Dittmann  Siemens AG*     
Tony Gullotta  SOA Software Inc.*     
Jiandong Guo  Sun Microsystems*     
Hubert Le Van Gong  Sun Microsystems*     
Eve Maler  Sun Microsystems*     
Don Adams  Tibco Software Inc.*     
Hans Granqvist  VeriSign *     
Ruchith Fernando  WSO2*    

2. Reading/Approving minutes of last meeting (Feb 1)
http://lists.oasis-open.org/archives/ws-sx/200602/msg00003.html

Adopted unanimously.

3. Charter clarification ballot(s) status 

The first ballot changes have not yet been made by the OASIS staff.  The
Chairs will ensure these changes are made even if they have to do the
changes themselves.

The second charter ballot has been started and ends on Feb 7:
http://www.oasis-open.org/apps/org/workgroup/ws-sx/ballot.php?id=950

This ballot failed to obtain the necessary 2/3 majority.

Tony asked if the status of voting members was correct on the roster.
Tony asked if the roster was wrong if we have to re-run the ballot.
Paul suggested we first fix the roster and then do the ballot again.

ACTION 2005-02-08-01 Chairs to ensure the list of voting members on the
roster is correct.

ACTION 2005-02-08-02 Chairs to re-run the charter clarification ballot
#2 a second time (after fixing the roster).

4. Issues list 
http://docs.oasis-open.org/ws-sx/issues/Issues.xml

a) Review of action items

ai-06 - Chairs to hold a F2F attendance ballot starting Mar 1 and
closing at least two weeks before the F2F. 

ai-09 - Editors to check that XPath examples in WS-SecurityPolicy are
fully namespace qualified.
Pending.  Tony has the pen on this one and we will be getting a revised
document. 

ai-2006-01-25-02 - Marc Goodner to work on an initial interop scenarios
document. Prateek Mishra also offered to help.
DONE.  See:
http://lists.oasis-open.org/archives/ws-sx/200602/msg00010.html  

ai-2006-01-25-03 - Heather Hinton and Tony Nadalin to work on an initial
use cases document. Prateek Mishara also offered to help. 
DONE.  See:
http://lists.oasis-open.org/archives/ws-sx/200602/msg00022.html 

ai-2006-01-25-04 - Tony Nadalin will look into the possibility of
hosting an interop event at the April F2F location
Pending discussion of interop documents.  See below.

b) Issues in Review status

None.

c) New issues

Questions and comments, Werner Dittman
http://lists.oasis-open.org/archives/ws-sx/200602/msg00002.html
Werner Dittman will issue separate emails for each issue.  He expects to
have this done within 24 hours.

ACTION 2006-02-08-03 Marc Goodner to post WS-SX issue template to TC
site and Chairs to put it in a prominent location to make it easier to
find.

i020  Describe minimum acceptable lengths for P_SHA1 inputs  
http://lists.oasis-open.org/archives/ws-sx/200602/msg00012.html 
Accepted. Change status to Active.

Chris Kaler suggested we might suggest a minimum of 128 bits for the
Nonce.  Prateek Mishra will propose text to capture this suggestion for
WS-Trust.

Hal Lockhart asked if there was similar problem with SecureConversation
for Nonce parameters.  Prateek will also check into this aspect of the
problem and if need will make a wider proposal or open a new issue.

d) Active issues

i003  Prateek Mishra  Use of term "binding" in specs 
Prateek:
http://lists.oasis-open.org/archives/ws-sx/200602/msg00011.html 
Gudge's response:
http://lists.oasis-open.org/archives/ws-sx/200602/msg00024.html
Gudge and Prateek appear to be agreeing on the changes required.  
Gudge indicated that there two outstanding items:

a) use of the term "Security Binding Property Assertion"
There are no references to the term "Security Binding Property
Assertion".  Paul Cotton was okay with leaving in the unreferenced
definition.  Hal Lockhart agreed with leaving the definition in for now
and he retained the right to drop the definition later.

b) whether the phrase "minimum set of tokens that will be used" is
clear.
Chris Kaler suggested adding a note for b) that the service might accept
more tokens.  There was no objection to this suggestion.

Gudge will provide a summary of the suggested changes for Issue 3.

i004  Paul Cotton  Transitive closure spec dependencies 
In progress.  Paul needed access to the specification Word docs which
has now been provided.

i008  Editors  Need well-formed XML examples
In progress.   

i009  Hal Lockhart  Support for different key pairs for sign and encrypt
in SP
In progress.  There has been some offline discussion.  Hal will try
again to get something done this week.

i010  Prateek Mishra  Proof of possesion for security intermediaries
ws-trust design 
Prateek's email:
http://lists.oasis-open.org/archives/ws-sx/200601/msg00082.html
Prateek's email sent early today states:
http://lists.oasis-open.org/archives/ws-sx/200602/msg00025.html 

"Consider a case where we have a <wsse:security> header with multiple
tokens involved; a username token which names a user ("joe"), X.509
token (i guess this is called a supporting token) and a signature over
the user-name-token and body (based on the X.509 token).

Now, an application can present this entire security header to STS. The
STS can make judgements based on both the X.509 token and the user-name
token ("aha, this is a message from Joe signed by the finance server")
placing whatever interpretation it chooses to w.r.t this header.

But the intermediary cannot provide equivalent information; if we
imagine an intermediary acting on behalf of the application. As
currently stated in section 11.1, the intermediary can only provide a
security token, a STR or an end-point-reference. My suggestion is to
expand this list to include <wsse:security> headers as well."

Chris and Prateek (and other TC members) discussed this scenario.
Prateek will send an example to the list based on this discussion and
will outline what cannot be captured by the intermediary.

i014  Prateek Mishra  Is the key agreement algorithm proposed in
WS-Trust sound?   
Chris Kaler's reply:
http://lists.oasis-open.org/archives/ws-sx/200602/msg00000.html
Prateek accepts this explanation and is willing to close the issue.
There was no objection to closing this issue with no action. 

Chris suggested the only change would be to add a new derived key
algorithm based on P-SHA256.  Prateek agreed this was orthogonal.

Change status of issue i014 to Closed with no action.
  
i015  C.Y. Chao  Support error handling in RequestSecurityToken
extension mechanism 
No discussion. Skipped.
 
i016  Michael McIntosh  sp:SignedParts mechanism   
Mike's proposal:
http://lists.oasis-open.org/archives/ws-sx/200602/msg00014.html
Skipped until next meeting.

i017  Michael McIntosh  sp:RequiredElements mechanism 
Mike's proposal:
http://lists.oasis-open.org/archives/ws-sx/200602/msg00018.html 
Followup:
http://lists.oasis-open.org/archives/ws-sx/200602/msg00019.html 
Skipped until next meeting.
  
i018  Michael McIntosh  absolute XPath expressions 
Mike's proposal:
http://lists.oasis-open.org/archives/ws-sx/200602/msg00020.html 
Skipped until next meeting.
   
i019  Frederick Hirsch  supported XPath expressions  
Frederick reported that he was not able to get any concrete examples.
His developers did agree that doing less is always better.
Since there are no concrete examples the TC agreed to close this issue
with no action.

Change status of issue i019 to Closed with no action.

5. Other business 

a) ai-2006-01-25-02 - Marc Goodner to work on an initial interop
scenarios document. Prateek Mishra also offered to help.
DONE.  See:
http://lists.oasis-open.org/archives/ws-sx/200602/msg00010.html  

Marc Goodner has uploaded the initial document.  Chris Kaler asked if
this set of interop scenarios was acceptable.  Chris asked who could
interop using these SC/Trust scenarios?  

Paul Cotton said that Microsoft would be ready to interop on these by
the Apr F2F.  Tony Nadalin said that IBM would be ready to interop by
the Apr timeframe.  Eve Maler said that Sun needed more time to review
the scenarios.

ACTION 2006-02-08-04 TC members to review the initial interop scenarios
by the Feb 15 TC meeting so that the TC can decide at that meeting
whether the TC has "critical mass" for an Apr F2F interop event.

Chris Kaler indicated that in the past the WSS TC did interop as a
confidential TC effort and members should feel comfortable doing only
part of the interop scenarios.

b) ai-2006-01-25-03 - Heather Hinton and Tony Nadalin to work on an
initial use cases document. Prateek Mishara also offered to help. 
DONE.  See:
http://lists.oasis-open.org/archives/ws-sx/200602/msg00022.html

Tony Nadalin reviewed the proposal.   Heather asked for input before she
and Tony proceeded with more detail of these use cases.

c) SecurityPolicy section numbers

Chris Kaler pointed out that the section cross-references in
WS-SecurityPolicy were messed up during the work to achieve the OASIS
re-formatting.  The meeting agreed to open a new issue to fix this
problem and assigned it to the Editors. 

6. Adjournment 

The meeting adjourned at about 8:26am PST.

/paulc

Paul Cotton, Microsoft Canada
17 Eleanor Drive, Nepean, Ontario K2E 6A3
Tel: (613) 225-5445 Fax: (425) 936-7329
mailto:Paul.Cotton@microsoft.com