[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: WS-SX TC Minutes, Feb 15 2006
WS-SX TC Minutes, Feb 15 2006 Summary of new Action items: AI-2006-02-15-01 Gudge to draft a revised proposal for Issue 9. AI 2006-02-15-02 Prateek to give a proposed use case for Issue 10 before the next call. AI 2006-02-15-03 C.Y Chao to propose to the TC whether Issue 015 should be closed or not due to revealing the information might be a security risk. AI 2006-02-15-04 Prateek to propose resolution to Issue 20 by Feb 17. AI 2005-02-15-05 Chairs to add information to the public page on how to access previous versions of the Issues List. They are available from the URI http://docs.oasis-open.org/ws-sx/issues/ AI 2005-02-15-06 Prateek to provide additional broader scenarios for at least WS-Trust. AI 2005-02-15-07 TC members to come to the April F2F with data on when they would be ready to carry out SC/Trust interop. 1. Call to order/roll call Present: Frank Siebenlist, Argonne National Laboratory* Jong Lee, BEA Systems, Inc.* Hal Lockhart, BEA Systems, Inc.* Corinna Witt, BEA Systems, Inc.* Symon Chang, Blue Titan Software* Steve Anderson, BMC Software* Rich Levinson, Computer Associates* Yakov Sverdlov, Computer Associates* Nick Ragouzis, Enosis Group LLC Dana Kaufman, Forum Systems, Inc.* Toshihiro Nishimura, Fujitsu Limited* Greg Whitehead, Hewlett-Packard* Ching-Yun (C.Y.) Chao, IBM* Henry (Hyenvui) Chung, IBM* Heather Hinton, IBM* Kelvin Lawrence, IBM* Michael McIntosh, IBM* Anthony Nadalin, IBM* Michael Perks, IBM* Scott Cantor, Internet2* Bob Morgan, Internet2* Mike Lyons, Layer 7 Technologies Inc.* Jan Alexander, Microsoft Corporation* Paul Cotton, Microsoft Corporation* Colleen Evans, Microsoft Corporation* Mark Fussell, Microsoft Corporation* Marc Goodner, Microsoft Corporation* Martin Gudgin, Microsoft Corporation* Chris Kaler, Microsoft Corporation* Jonathan Marsh, Microsoft Corporation Asir Vedamuthu, Microsoft Corporation* Jeff Hodges, Neustar, Inc.* Frederick Hirsch, Nokia Corporation* Abbie Barbir, Nortel Networks Limited* Paul Knight, Nortel Networks Limited* Lloyd Burch, Novell* Steve Carter, Novell* Howard Bae, Oracle Corporation* Ashok Malhotra, Oracle Corporation* jeff mischkinsky, Oracle Corporation* Prateek Mishra, Oracle Corporation* Vamsi Motukuru, Oracle Corporation* Alex Hristov, Otecia Incorporated* John Hughes*, PA Consulting* Martijn de Boer, SAP AG* Martin Raepple, SAP AG* Jiandong Guo, Sun Microsystems* Hubert Le Van Gong, Sun Microsystems* Eve Maler, Sun Microsystems* Don Adams, Tibco Software Inc.* Hans Granqvist, VeriSign * 2. Reading/Approving minutes of last meeting (Feb 8) http://lists.oasis-open.org/archives/ws-sx/200602/msg00028.html Adopted unanimously. 3. Charter clarification ballot(s) status The first ballot changes have now been made by the OASIS staff: http://www.oasis-open.org/committees/ws-sx/charter.php The second charter ballot has been started and ends on Feb 15: http://www.oasis-open.org/apps/org/workgroup/ws-sx/ballot.php?id=950 This ballot appears on its way to success since the current vote is 47/50. 4. Issues list http://docs.oasis-open.org/ws-sx/issues/Issues.xml a) Review of action items ai-06 - Chairs to hold a F2F attendance ballot starting Mar 1 and closing at least two weeks before the F2F. Due to start on Mar 1. ai-09 - Editors to check that XPath examples in WS-SecurityPolicy are fully namespace qualified. In progress. ai-2006-01-25-04 - Tony Nadalin will look into the possibility of hosting an interop event at the April F2F location Tony has the day allocated for interop. See below. ai-2006-02-08-01 - Chairs to ensure the list of voting members on the roster is correct. DONE. Kelvin fixed the roster last week. ai-2006-02-08-02 - Chairs to re-run the charter clarification ballot #2 a second time (after fixing the roster). DONE. ai-2006-02-08-03 - Marc Goodner to post WS-SX issue template to TC site and Chairs to put it in a prominent location to make it easier to find. ai-2006-02-08-04 - TC members to review the initial interop scenarios by the Feb 15 TC meeting so that the TC can decide at that meeting whether the TC has "critical mass" for an Apr F2F interop event. Pending. ai-2006-02-08-04 - TC members to review the initial interop scenarios by the Feb 15 TC meeting so that the TC can decide at that meeting whether the TC has "critical mass" for an Apr F2F interop event. See Any Other Business below. b) Issues in Review status None. c) New issues i022 XML tags of properties according to the properties i023 Properties for Algorithm Suite missing or wrong i024 [Protection Order] Property using same source for keys i025 Chap. 6.5 [Token protection] conflicts with chapter 8.3 and 8.4 i026 Chapter 6.7 [Security Header Layout] i027 When to include a token? i028 Multiple supporting tokens of the same type? i029 Which token to use to encrypt/sign in case of multiple tokens defined in a supporting token assertion? i030 Need a mechanism to identify token assertions i031 Clarification for UsernameToken assertion All of the issues i022-i031 were accepted and move to Active status. We need owners for these issues. We skipped over processing of these for this week partially since the originator was not present. i032 Deriving keys from passwords http://lists.oasis-open.org/archives/ws-sx/200602/msg00059.html This issue is not yet in the Issue list. Hal explained that generally SecurityPolicy should cover all the features of the referenced specs e.g. deriving keys from passwords as defined in WSS 1.1. AI 2005-02-15-05 Chairs to add information to the public page on how to access previous versions of the Issues List. They are available from the URI http://docs.oasis-open.org/ws-sx/issues/ Change to Active status with Hal Lockhart as the owner. d) Active issues i003 Prateek Mishra Use of term "binding" in specs Gudge is preparing a proposal for this issue. Pending. i004 Paul Cotton Transitive closure spec dependencies Pending. i008 Editors Need well formed XML examples Pending. i009 Hal Lockhart Support for different key pairs for sign and encrypt in http://lists.oasis-open.org/archives/ws-sx/200602/msg00057.html Hal pointed out that the same keys are used for encryption and signature. Hal did not cover the error case of providing too many properties. Gudge commented that we probably only need the four additional properties and can remove the two existing properties. Hal and Tony agreed with this direction. This is the same way the symmetric binding works. AI-2006-02-15-01 Gudge to draft a revised proposal for Issue 9. i010 Prateek Mishra Proof of possession for security intermediaries Prateek's post of this morning: http://lists.oasis-open.org/archives/ws-sx/200602/msg00070.html AI 2006-02-15-02 Prateek to give a proposed use case for Issue 10 before the next call. i015 C.Y. Chao Support error handling in RequestSecurityToken extension mechanism In progress. Jan Alexander indicated that the solution to this issue could pose a security risk since it asks for additional information. Jan asked for C.Y Chao to explain why there is not a security risk. AI 2006-02-15-03 C.Y Chao to propose to the TC whether Issue 015 should be closed or not due to revealing the information might be a security risk. i016 Michael McIntosh sp:SignedParts mechanism http://lists.oasis-open.org/archives/ws-sx/200602/msg00014.html Skipped since Mike was not available. i017 Michael McIntosh sp:RequiredElements mechanism Skipped since Mike was not available. i018 Michael McIntosh absolute XPath expressions Skipped since Mike was not available. i020 Describe minimum acceptable lengths for P_SHA1 inputs ws-trust design http://lists.oasis-open.org/archives/ws-sx/200602/msg00016.html Prateek is reviewing the TLS construction based on Chris Kaler's suggestion that 16 bytes is sufficient. Prateek is also working on Hal's suggestion to look at derived keys construction. AI 2006-02-15-04 Prateek to propose resolution to Issue 20 by Feb 17. i021 Editors Correct section numbers in SP In progress. 5. Other business a) ai-2006-01-25-02 - Marc Goodner to work on an initial interop scenarios document. Prateek Mishra also offered to help. DONE. See: http://lists.oasis-open.org/archives/ws-sx/200602/msg00010.html ai-2006-02-08-04 - TC members to review the initial interop scenarios by the Feb 15 TC meeting so that the TC can decide at that meeting whether the TC has "critical mass" for an Apr F2F interop event. Tony Nadalin said he would be willing to work on SC/Trust interop. Hal Lockhart agreed on concentrating on SC/Trust first. Tony Nadalin said IBM would be ready to interop using the SC/Trust scenarios at the April F2F. He also said that IBM would be willing to do virtual interop on these scenarios either before and/or after the F2F. Layer 7 can do WS-Trust and possibly WS-SecureConversation at the April F2F. Tony asked when wire flows would be available. Marc said he had a pending action items to provide these. Eve Maler said that Sun was unable to resource a F2F interop in April. Eve noted that they would not even be able to do virtual interop in that timeframe due to other commitments e.g. JavaOne is in May this year. Paul Cotton asked if anyone else could volunteer to do virtual interop. Paul said that Microsoft could definitely do virtual interop. Prateek Mishra said that he had asked the Oracle engineering team about the interop scenarios and he has not yet heard back on which scenarios they could do. He said that Oracle was more likely to be able to do WS-Trust testing only. Oracle is not sure how much progress they have made on key derivation which is required in several scenarios. Hal stated that he felt the TC members were not ready to do interop at the April F2F. Prateek asked how the TC was going to develop more broad scenarios. Hal and Paul suggested that Prateek suggest additional scenarios. Paul pointed out that the TC only needed to do the "minimum required to declare victory" when it comes to doing interop. AI 2005-02-15-06 Prateek to provide additional broader scenarios for at least WS-Trust. Prateek also said that he wanted to work on the use cases with Tony and to use this to possibly drive more interop scenarios. Chris Kaler asked when the TC members are going to be ready to do interop? Eve pointed out that the current specs have already been tested as part of the "workshop process". Tony and Hal pointed out that one advantage of doing the interop in the TC is that new people not involved in the "workshop process" can get involved. AI 2005-02-15-07 TC members to come to the April F2F with data on when they would be ready to carry out SC/Trust interop. 6. Adjournment The meeting adjourned at about 8:30am PST. /paulc Paul Cotton, Microsoft Canada 17 Eleanor Drive, Nepean, Ontario K2E 6A3 Tel: (613) 225-5445 Fax: (425) 936-7329 mailto:Paul.Cotton@microsoft.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]