[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [wss] Web Services Security Issues List - Rev 3
The attached issues list was updated to include 1) the current status for existing issues and 2) new procedural work items and open technical issues identified during our discussions on Sept 24th and in subsequent discussions on email. Also the resolution column now includes links to the discussion list. In the future, as needed, we can include per issue detail sections in the document. As always, if there are issues being discussed that need to be tracked but were omitted please let me know. Regards, -JohnTitle: WSS Issues
WSS ID | Type | Status | Issue | Resolution | Owner(s) |
1 | Technical | Open | Can we have alternative mechanisms of signature and encryption other than XML DSIG and XML Encryption? | Philip said this issue arose around XML Signature with PK7. The resolution should be researched and a note should be written. Zahid volunteered for volunteer that note. | Zahid Ahmed |
2 | Procedural | Closed | Clarify the IP status and licensing terms for the submissions to the working group | Closed on 9/24/02 - http://lists.oasis-open.org/archives/wss/200210/msg00011.html. References Prateek Mishra's posting. http://lists.oasis-open.org/archives/wss/200208/msg00011.html. | Closed |
3 | Technical | Open | Proposal to Label Tokens to Indicate Their Semantics | http://lists.oasis-open.org/archives/wss/200209/msg00036.html. There are various active threads underway. | Hal Lockhart |
4 | Technical | Proposed resolution | Why is the token in the header, and not a child of KeyInfo? |
Membership should review the merged documents and compare to the four
security profile documents. |
TC |
5 | Technical | Proposed resolution | Within the KeyInfo, why not use a ds:RetrievalMethod? | Phillip Hallam-Baker and Anthony Nadalin to propose solution. | |
6 | Investigation | Open | Will the authors of the roadmap submit it? | Both footnotes have been dropped and will be added back. Chair to send email to the list request clarification. | Chair |
7 | Technical | Closed | Does WS-Security assume SOAP 1.1? | Per Sept 4 minutes – it will support all versions of SOAP | Closed |
8 | Investigation | Closed | Determine interest in a Use case document | Formed a sub-committee, led by Erik Herring | Closed |
9 | Investigation | Open | Approach authors to submit the App Note to the TC | Chris and Kelvin to talk to respective company lawyers. | Chair |
10 | Investigation | Open | Investigate interop fest at some later time | Postponed pending more feedback on documents. | Chair |
11 | Investigation | Open | Pick date for OASIS submission date after initial drafts available | Covered by issue 10. | Chair |
12 | Procedural | Closed | Remove all references to ws-routing and such | References were removed. | Closed |
13 | Technical | Open | Element ordering in the Security tag. | http://lists.oasis-open.org/archives/wss/200209/msg00065.html | Open |
14 | Technical | Open | State that the recipient SHOULD authenticate the assertion issuer and ensure that the assertion has not been modified | http://lists.oasis-open.org/archives/wss/200210/msg00021.html | Prateek Mishra |
15 | Technical | Open | Core: Spec should indicate that it is based on the SOAP messaging model. | http://lists.oasis-open.org/archives/wss/200209/msg00094.html | Prateek Mishra |
16 | Technical | Open | Core: The spec should indicate that nonce and / or timestamp elements should be used to prevent replay. | http://lists.oasis-open.org/archives/wss/200209/msg00094.html | Prateek Mishra |
17 | Technical | Open | Core: Should SOAP nodes acting in a particular role create or update the appropriate timestamp element. | http://lists.oasis-open.org/archives/wss/200209/msg00094.html | Prateek Mishra |
18 | Technical | Open | Core: No attribute or reference to the senders time. | http://lists.oasis-open.org/archives/wss/200209/msg00094.html | Prateek Mishra |
19 | Technical | Open | Core: Why is it necessary to special case a Username/Password POP token? | http://lists.oasis-open.org/archives/wss/200209/msg00095.html |
Ronald Monzillo |
20 | Technical | Open | Core: Define security token propagation. | http://lists.oasis-open.org/archives/wss/200209/msg00095.html |
Ronald Monzillo |
21 | Technical | Open | Core: Update definition of a security token to reflect role in defining key or broaden definition. | http://lists.oasis-open.org/archives/wss/200209/msg00095.html |
Ronald Monzillo |
22 | Technical | Open | Core: Should the spec preclude security tokens whose purpose is other than to convey or bind a key to an identity or entity? | http://lists.oasis-open.org/archives/wss/200209/msg00095.html |
Ronald Monzillo |
23 | Technical | Open | Core: Make Proof-of-Possession a fundamental type or relationship within [sic] within the ws-security model? | http://lists.oasis-open.org/archives/wss/200209/msg00095.html |
Ronald Monzillo |
24 | Technical | Open | Core: Why is it necessary to treat XML Signature elements as other than security tokens? | http://lists.oasis-open.org/archives/wss/200209/msg00095.html |
Ronald Monzillo |
25 | Technical | Open | Core: How can a Signature element occurring outside of the header be referenced? | http://lists.oasis-open.org/archives/wss/200209/msg00095.html |
Ronald Monzillo |
26 | Technical | Open | Core: What does it mean to process a BinarySecurityToken? | http://lists.oasis-open.org/archives/wss/200209/msg00095.html |
Ronald Monzillo |
27 | Technical | Open | Core: Reference element should have an @any to allow for attribute extensibility | http://lists.oasis-open.org/archives/wss/200209/msg00095.html |
Ronald Monzillo |
28 | Technical | Open | SAML Binding: Include the use of the URI attribute (on SecurityTokenReference) from the SS TC submission | http://lists.oasis-open.org/archives/wss/200209/msg00095.html |
Ronald Monzillo |
29 | Technical | Open |
SAML Binding: Should there be a reference form that carries what amounts to a SAML assertion Query such that the sender does not need to have acquired the assertion (to be able to apply it to a request)? |
http://lists.oasis-open.org/archives/wss/200209/msg00095.html |
Ronald Monzillo |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC