[wss] Corrected and final minutes for Sept 24th meeting

[Kelvin Lawrence <klawrenc@us.ibm.com>]

Continuing to work through all of my
actions from the last call, I am now posting the final minutes for the
Sept 24th call as approved on our last call. The only change is to fix
the attendance list. I have updated the minutes as follows:

Made sure the prospective members in
attendance list is correct (I added the missing names)
Fixed the spelling of one name.

Here are those amended and now final,
minutes:

---

OASIS Web Services
Security (WSS) TC Meeting 
Official Minutes –Draft v.01 

Agenda (as posted prior to the meeting) 

· Introductions
& welcome 
· Roll call
· Reading of the
minutes of our previous meeting 
· Summary of the
revised OASIS TC process 
· Brief report
from the "naming" sub-committee 
· Brief report
from the editors 
· Initial review
of "core" specification 
· Review and status
of actions and issues 
· Any other business
· Adjournment


Members Present 
  Don Adams TIBCO 
  Zahid Ahmed Commerce One 
  Steve Anderson OpenNetwork 
  Conor Cahill AOL 
  Greg Carpenter Nokia 
  Paul Cotton Microsoft 
  Martijn de Boer SAP 
  Thomas DeMartini ContentGuard 
  Yassir Elley Sun Microsystems 
  Andrew Fetterer CrossLogix 
  Don Flinn Quadrasis 
  Eric Gravengaard Reactivity 
  Phillip Hallam-Baker Verisign 
  Erick Herring Digital Evolution 
  Jeff Hodges Sun Microsystems 
  Merlin Hughes Baltimore Technologies 
  Chris Kaler Microsoft 
  Yutaka Kudo Hitachi 
  Kelvin Lawrence IBM 
  Hal Lockhart Entegrity Solutions 
  Monica Martin Drake Certivo, Inc. 
  Ronald Monzillo Sun Microsystems 
  Bob Morgan (individual) 
  Tim Moses Entrust 
  Anthony Nadalin IBM 
  Nataraj Nagaratnam, IBM
  Andrew Nash RSA Security 
  Toshihiro Nishimura Fujitsu 
  Rob Philpott RSA Security 
  William Pope Choreology 
  Ed Reed Novell 
  Vipin Samar Oracle 
  Jerry Schwarz Oracle 
  Senthil Sengodan Nokia 
  Shawn Sharp Cyclone Commerce 
  John Shewchuk Microsoft 
  Frank Siebenlist Argonne National Lab 
  Andre Srinivasan E2open 
  Andrew Sweet Perficient 
  Gene Thurston AmberPoint 
  Steve Trythall Sonic Software 
  Pete Wenzel SeeBeyond 

Prospective Members
Present 

   Guillermo Lao, Content
Guard
   Takashi Kojo, NEC
   Prateek Mishra, Netegrity
 Maryann
Hondo IBM
   Jason Rouault HP
  William Cox BEA
  Anne Manes (individual)
  Jim Ducharme Netegrity
  Ron Moritz Computer Associates
  John Weiland Navy


Summary of Action Items: 

1)        Correct minutes and resend to the list as
final and approved and sent to the list. – Kelvin Lawrence
2)        Post updated charter to OASIS website- Co-
Chairs 
3)        It was agreed that the subcommittee will
be publishing alternatives for the membership to consider A specific timetable
was not mentioned. 
4)        Comments back to the editors (Tony
Nadalin and Philip Hallam-Baker)
of the core specification?  Comments
sent to the list by COB Monday 6-30 
5)        Issue list action items contained in detailed
minutes below. 


------------------------------------------------------------------------------------------------------------
Detailed Minutes 

Meeting started at 7:04a Pacific 

1) Roll Call 

1)        Roll call taken by Steve Anderson (Secretary
of WSS TC) 
2)        Quorum was present.   This meeting is
an official voting meeting.  38 voting members attending.
3)        Prateek asked about membership requirements.
 Kelvin responded with the standard TC rules including the requirement
to attend the first f2f meeting of the TC and then being eligible after
the 3rd f2f meetings.   Hal Lockhart mentioned that individuals are
members not companies and regrets have no real impact status-wise.
4)        It was urged that members that cannot consistently
make meetings should volunteer for observer status to alleviate quorum
issues.   

2) Minutes Read and Approved 

Drafts were sent around concerning the f2f.  ? Changes accepted by
Ron Monzillo and consider the minutes read ?  Discussion occurred
around the roll call and a discrepancy in members that attended the initial
f2f.  This was resolved and the question was called on the acceptance
of the minutes.  No objections were heard.  Action to correct
the minutes incorporating the latest changes submitted to the list - Kelvin
Lawrence. 

It was then discussed that on Sept 16th new TC procedures were ratified
and sent around to members and it was urged that voting members make themselves
aware of the procedures, especially regarding intellectual property rights.
  




3) Naming subcommittee 

Kelvin Lawrence asked the subcommittee to report progress. The subcommittee
mentioned the desire for WS-Security to be kept as the name while keeping
in mind the scope of this TC.  It was agreed that the subcommittee
will be publishing alternatives for the membership to consider  A
specific timetable was not mentioned. 

4) Editor Update 

Tony Nadalin reported that he has merged WS-Security and the WS-Addendum
and separated x.509 and Kerberos components and handed off to the appropriate
editors.  The WSS Core specification has been sent to the list.  Phillip
Baker mentioned he sent the x.509 and Kerberos profile documents to the
list.   Regarding the SAML draft,  Ron Monzillo used draft 4.
 The PDF went out to the list yesterday.  


Jerry Schwartz brought up IP issues with RSA that arose in the first f2f.
  The RSA claims around SAML have do not impact this document.  Rob
Philpott added that there is no statement required by RSA regarding this
document.  The effort is to get the document submitted.  RSA
will go evaluate their own IPR position as soon as possible.

Core Specification – It was a straight merge of the WS-Security and Addendum.
 Key info versus references.  Clarifications were not made around
this and Philip sent language to the list.  Philip summarized by saying
  ACTION:  Tony Nadalin and Philip proposed to take a first draft
for the list.  Jeff mentioned that many may not have had a chance
to read.  What is the timeline Chris?  Chris said comments should
be returned within the next 6 days from today.  Comments sent to the
list by COB Monday 6-30. Kelvin mentioned detailed review for the next
call. 

Ron SAML – both of the submissions – more in around subject confirmation,
but leverages Philips template for bindings.  Philip took the tokens
document and core and extracted the boilerplate and style and Kerberos
and x.509 and they take the same form.  XrML will be next.  3
separate documents.  PDFs were sent to the list.

What is the process for going forward?  Editors job to make the changes
requested by the group.  The current to-do is to perform the mergers
agreed to in the f2f.  Most important thing is to review.  What
is the power of the editor?  Chris focus on grammatical errors, but
content should be raised to the list.  Kelvin working draft revs and
track changes.  Needs to propose specific changes for the list.  Hal.









Review of Actions and Issues 

Procedural question on the list?  Pros and cons and specific change
will be in this as a spreadsheet?  Answer put pointers to minutes.
 Links to specific email messages will be added to the archives.  Email
will not be sufficient – JeffH.  Need an issues document.  Separate
procedural issues from technical.  2 separate documents.

List of status and actions reviewed that were sent around on email.
John ? reviewed 

Issue # - matches list document 
1)        Zahid Ahmed – get from document sent.  Some
endpoint in messaging the payload is encrypted with PK7 will need to be
able propagate encrypted payloads.  Need a pointer in the header not
suitable for intermediary but only for endpoints.  Reference attachments
from the signature?  Answer: You can.  URI can reference an attachment.
 Tag type in core or separate spec.  MSFT supportive of w3c work
around encryption.  New good way to do signatures in XML (GO with
XML standards.)  XML Encryption and DSIG would be preferred.  W3C
standard is a good one around interop.  Craig Carpenter – separate
conformance but spec should not be limited in support.  Action:
Philip said this issue arose around XML Signature with PK7 The resolution
should be researched and a note should be written.  Zahid volunteered
for volunteer that note.   
2)        Procedural issue – IP submissions – to
the mailing list to his email links to the messages by each author.  Links
to the messages. 
3)        Hal Lockhart to label for semantics.  Sent
to the list, one positive comment, but no others.  Hal mentioned put
together a proposal and looking for XML Schema expertise.  Decided
need concrete proposal and get it to the list.  Read Hal's email and
give comments. 
4)        Technical issue – why is the token in the
header and not a child.  Philip sent email explaining the issue.  Confluence
of a number of specs.  XML encryption and signatures are aligned along
public key architecture.  Kerberos conflict you want the token at
a higher level but with public key bind.  Consistency or not?Addendum
made statements here.  Tony mentioned that not everything becomes
a key.  Verbage has made it into the merged document.  ACTION:
Review the merged documents and compare to the four security profile documents.
5)        Philip and Tony will write a paragraph addressing
this issue. 


6)        Action for the Roadmap – Kelvin sent back
to folks at IBM and no answer.  Same status with MSFT. Next phone
call. Roadmap is public, will it be used beyond the public document today?
 If we reference it, get a snapshot as a submission that is why we
are doing this?  JeffH said since it is not required since it is not
completely guided by the document.  Used as a historical footnote
not a roadmap or serves officially one.  No work on the roadmap by
our TC.  ACTION:  KelvinEmail on the list request clarification.
 Both footnotes have been dropped and will be added back.

7)        Support for all versions of SOAP - closed

8)        Determine use case interest;  no activity
on the list; reexamine in next call 

9)        AppNote to the TC – Action for the chair
– Request to list about how we will use these documents.  Stated
it is out there and can be used.  Copyright permission issues? Was
JeffH question.  Is that a problem?  Chris/Kelvin ACTION talk
to respective company lawyers. 

10)        Investigate interop fest?  Need to
wait for feedback from the documents; need feedback onus is on the membership.
  

11)         Covered by 10.  Need to gauge core
documents. 

12) Editors remove all references to WS-routing – editors done


* Motion to close 2,7,8,12:  Any objection?  No objection unanimous.


New Business: 

For the record, Prateek Mishra submitted draft 4 of the SAML profile (draft-sstc-profile-04)
.

Next concall and timing discussion:
 Proposed 2 weeks and then decide frequency. Establish bi-weekly and
if more meetings are needed we can add more.  Next f2f.  Action
item needed for more planning for f2f.  Present logistics proposals
next week.  Send preferences to the list. 

10-8 for the next concall.   

Motion to adjournment approved.