OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [wss] Minutes for Telecon, Tuesday 5 November 2002


Minutes for WSSTC Telecon, Tuesday 5 November 2002
Dial in info: +1 913 312 4173 #319026
Minutes taken by Steve Anderson

======================================================================
                              Summary
======================================================================

  Votes:
  
    - Minutes from 29 October 2002 meeting accepted (unanimous)
    - F2F will be held 11-12 December in Baltimore, at XML 2002 event
  
  New (General) Action Items:
  
    - JohnS to update issues list with new and pending items, with
      intent to close pending issues next call
    - Kelvin to post latest draft of docs to web site
    - Kelvin to confirm with OASIS that we will use their facilities
    - Chairs to post logistics for F2F

  Issues List Action Items & Status Updates:
  
    - 34: Tony to add clarifying text
        - Issue marked pending
    - 35: Editors to change to list of one encoding type, base64
        - Issue marked pending
    - 36: Tony to add clarifying text
        - Issue marked pending
    - 37: Tony to add clarifying text
        - Issue marked pending
    - 38: Konstantin to propose new wording on email list
    - 39: Tony to add clarifying text
        - Issue marked pending
    - 40: Issue closed, latest revision is acceptable
    - 41: Issue closed, latest revision is acceptable
    - 42: Tony to add clarifying text
        - Issue marked pending
    - 43: Issue closed, latest revision is acceptable
    - 44: Ron to add clarifying text
        - Issue marked pending
    
======================================================================
                             Raw Notes
======================================================================

> 
> Agenda:
> 
> 1. Roll call
>

- Attendance attached to bottom of these minutes
- Quorum achieved

> 
> 2. Review minutes from previous meeting (10/29)
>    < http://lists.oasis-open.org/archives/wss/200211/msg00032.html >
>

- [VOTE] unanimous consent, accepted

> 
> 3. Review action list (picking up from where we left off)
>

- JohnS: recommends continuing with existing issues (04), then return 
  to updates that have been made since last call
    - 34
        - Tony: some people may want random number, so timestamp may
          not suffice
        - Proposal on table is to allow both
        - Tony: can clarify that nonce can be in form of random number
        - [ACTION] Tony add clarifying text
        - No objections. Mark issue as pending.
    - 35
        - alternative encodings that could be supported include 
          base64 (which is already there)
        - Hal: hex encoding is bulkier
        - preference for base64
        - Phill: generally will be generating encoding from a binary
          blob, rather than cut/paste of something previously encoded
        - JohnS: also want to allow for future encodings, but a list
          of encodings that for now only includes base64 seems fine
        - regular XML extensibility mechanisms will allow for adding
          to the list
        - JohnS: XML attribute used to specify encodings, and we'll 
          reduce the list of values down to base64
        - [ACTION] editors to make this change
        - No objections. Mark issue as pending.
    - 36
        - JohnS: we will restrict all forms of datetime down to UTC
        - can't restrict it in schema, just in normative
        - currently listed as "SHOULD" rather than "MUST"
        - is there value in leaving it flexible?
        - Rob: interoperability will suffer if left as SHOULD
        - RLBob: if left as SHOULD, implementations have to accommodate
          other formats
        - RLBob: on other hand, if circumstances prevent control of
          form of datetime, requirement can't be met
        - Phill: only case of not being able to generate UTC that he
          can imagine is when you don't know what TZ you're in, in 
          which case interop is shot anyway
        - Tony: proposes "implementations MUST be able to process UTC
          format" and others are optional
        - [ACTION] Tony to add clarifying text
        - No objections. Mark issue as pending.
    - 37
        - JohnS: Should we just add another group in there for replay?
        - Tony: proposes doing nothing, since this is just a side-
          effect of the spec itself, rather than a new type of threat
          introduced by the spec
        - Ron: believes group 2 covers replay
        - Tony: agrees
        - Ron: group 2 could be clarified further
        - Rob: proposes putting reference to Security Considerations
          in back of doc, which discusses replay attacks further
        - [ACTION] Tony to add clarifying text
        - No objections. Mark issue as pending
    - 38
        - Kelvin: in latest rev of docs, this is line 241, and there
          is already clarification here
        - Hal: changing "inappropriate" to "unauthorized" isn't 
          necessarily a clarification
        - Hal: so by unauthorized you mean the sender isn't allowed to
          make claim?  
        - Tony: yes
        - Hal: it's a matter of trust
        - Hal: needs clarification, but not suggesting that this state
          how that authorization is determined
        - Hal: it's not a case of "cannot be processed", which sounds
          like a syntax issue
        - Hal: can live with "unauthorized" if it is well understood
        - Konstantin: what if "inappropriate" or "unauthorized" is
          removed entirely?
        - it would sound like it can only be rejected on technical 
          grounds
        - "unacceptable" may be clearer
        - John: the reasons for rejecting it are out of scope
        - Proposal to change "unauthorized" to "unacceptable"
        - RLBob: this discussion indicates need for more text or 
          discussion on processing rules
        - Hal: case of missing claims is confusing too
        - discussion of processing model, which may need further
          development
        - discussion of scope
        - [ACTION] Konstantin to propose new wording on email list,
          which will be discussed further
        - issue still open
    - 39
        - in latest rev, this is lines 253-256
        - Ron: read this as a problem with the example, not the spec
        - Konstantin: wants explanation why these elements are in there
        - [ACTION] Tony to add clarifying text
        - No objections. Mark issue as pending.
    - 40
        - Lines 539-541 in new rev
        - Tony: this should already be fixed in new rev
        - Konstantin: in new doc, only one paragraph is left
        - issue closed
    - 41
        - Section 9.4.1, Encryption section, Item 4, line 1027 in new
          rev (3)
        - Tony: this should already be fixed in new rev
        - Konstantin: accepts correction
        - issue closed
    - 42
        - Section 10.3, Line 1168 in new rev
        - "materially" replaced by "substantially", which doesn't help
          much
        - John: seeking proposal to change this
        - John: these terms lead to interpretation, so the question is
          whether we tighten them down further
        - Chris: intent here is to detect stale msgs
        - what is "substantial"?
        - Kelvin: need clarifying text to explain the purpose
        - Hal: prefers "difference between the times should be
          minimized"
        - Tony: no matter how you word it, there will be controversy
        - Hal: can live with either
        - Chris: this isn't conformance-driven
        - [ACTION] Tony to add clarifying text
        - No objections. Mark issue as pending
    - 43
        - Lines 1433-1434 in new rev
        - Konstantin: new rev fixes problem
        - issue closed
    - 44
        - Don: Prateek pointed out that the SAML binding defers to the
          core for c14n, so that seems fine
        - SAML spec points at inclusive, the SAML WSS Binding defers to
          WSS core
        - Phill: inclusive c14n simply won't work unless the validation
          is done in exactly the same context, which isn't likely
        - Ron: Not sure if this is a problem for this TC, seems it
          is a SAML problem
        - Kelvin: is this a problem for us to address or is there
          feedback to send to the SAML TC via liaisons?
        - Hal: SAML TC's intention is absolutely to move to exclusive
          c14n as the one required form, but that can't be done until
          SAML v2.0
        - current version of SAML doesn't preclude use of exclusive
          c14n, it just recommended what was available at the time,
          which was inclusive c14n
        - JohnS: proposes that this is a problem for SAML TC, because
          the SAML WSS Binding can't contradict SAML spec
        - Prateek: believes this is a problem for SAML WSS Binding,
          and there's no conflict, since SAML doesn't preclude
          exclusive c14n
        - the only confusing part is that the binding would require a
          non-mandatory aspect of SAML
        - Ron: so we shouldn't allow for c14n's that aren't exclusive?
        - Phill: can't see how such a thing could work without writing
          our own composability process
        - so maybe wording as "MUST" use exclusive c14n is overbearing,
          but the wording should strongly suggest using it
        - [ACTION] editor of SAML WSS Binding (Ron) to clarify
        - No objections. Mark issue as pending

> 
> 4. Close any pending issues if there is a new version of the 
>    documents
>

- [ACTION] JohnS to update issues list with new and pending items, and
  close pending items next week
- Kelvin: would like to get target date for producing an interim spec 
  for interop testing
    - Chris: proposes 7 days for getting all issues out on table,
      which we can work through and close
    - Kelvin: so we probably need one more call like this to go 
      through issues, then give editors time to incorporate changes
    - Bill Cox: believes it will take 2 cycles of drafts
    - Chris: this is definitely a moving thing, but we just want to
      get something stable to do dev work on
    - Bill: doesn't think one 2-hour call won't be sufficient to close
      all the issues we've dealt with so far
    - John: asking everyone to get all of their issues submitted by
      Monday (11 November), and he will produce the next issues list
      by Wed pm (13 Nov), and issues collected after that will be
      collected for next round
    - Current plan:
        - All outstanding issues submitted by Monday 11 Nov
          (ideally based on the Core Draft 3 document)
        - New issues list posted by EOD Wednesday 13 Nov
        - WSS TC to make as much progress as possible in e-mail prior
          to next call (19 Nov)
        - WSS TC phone call Tuesday 19 Nov will focus on resolving
          open issues
        - Editors to produce new drafts as quickly as possible (shoot
          for 7 days or less)
        - Once issues with the core spec have been resolved, we will
          have a call to vote (strictly to designate it an interop
          draft)
        - Then we focus on the profiles (probably during the F2F)
    - [ACTION] Kelvin to post latest draft of docs to web site
    - Tony: please keep old revisions available
    - Rob: would help if issues list cites line numbers relative to
      draft doc version

> 
> 5. Update on face-to-face
>

- Kelvin: vote tally: 28 expressed strong preferences, most for A
- Chris: since most favor A, and we have facilities, suggests we go
  with A
- Phill: given current progress and our push for interop draft, do
  we need a F2F?
- could defer, and have next F2F be an interop event
- Hal: we'll get quicker progress at F2F rather than on concalls
- perhaps we should be scheduling our next F2F now, and skip the 
  December window
- Chris: concerned about pushing that out for the high-bandwidth 
  conversations
- December date risks not having quorum
- Phill: quorum isn't essential, work can get done, and results will 
  have to get ratified at next call
- Chris: wouldn't want to work through large number of items, just to
  have to rehash them on a call
- Tony: the longer we talk about any of these dates, the less likely
  any will work out
- leaning toward 11-12 December at XML 2002 event in Baltimore
- Chris: Call for objections to this date
    - Phill: can't make A or B, but abstains (Hemma can)
    - Jeff: can't make B, but Ron can, so abstains
- [VOTE] No objections. F2F will be held 11-12 December in Baltimore.
- [ACTION] Kelvin to confirm with OASIS that we will use their
  facilities
- [ACTION] Chairs to post logistics for F2F

> 
> 6. Any other business
>

- none

> 
> 7. Adjourn
>

- Adjourned


-----------------------------------------------------------------------

Attendance of Voting Members:

  Don Adams TIBCO
  Zahid Ahmed Commerce One
  Steve Anderson OpenNetwork
  Conor Cahill AOL
  Greg Carpenter Nokia
  William Cox BEA
  Thomas DeMartini ContentGuard
  Yassir Elley Sun Microsystems
  Don Flinn Quadrasis
  Peter Furniss Choreology
  Simon Godik Overxeer
  Eric Gravengaard Reactivity
  Phillip Hallam-Baker Verisign
  Erick Herring Digital Evolution
  Jeff Hodges Sun Microsystems
  Maryann Hondo IBM
  Chris Kaler Microsoft
  Charles Knouse Oblix
  Yutaka Kudo Hitachi
  Kelvin Lawrence IBM
  Hal Lockhart Entegrity Solutions
  Monica Martin Drake Certivo, Inc.
  Prateek Mishra Netegrity
  Ronald Monzillo Sun Microsystems
  Bob Morgan (individual)
  Joel Munter Intel
  Anthony Nadalin IBM
  Nataraj Nagaratnam IBM
  Toshihiro Nishimura Fujitsu
  Rob Philpott RSA Security
  William Pope Choreology
  Hemma Prafullchandra Verisign
  Peter Rostin RSA Security
  Jason Rouault HP
  Jerry Schwarz Oracle
  John Shewchuk Microsoft
  Frank Siebenlist Argonne National Lab
  Andrew Sweet Perficient
  Gene Thurston AmberPoint
  Sirish Vepa Sybase
  Sam Wei Documentum
  Rob Weltman Netscape/AOL
  Pete Wenzel SeeBeyond


Attendance of Observers or Prospective Members:

  Guillermo Lao ContentGuard
  Hank Simon Lockheed Martin
  Frederick Hirsch Nokia
  Tim Hall Talking Blocks
  Konstatine Beznosov Quadrasis


Membership Status Changes:

  Guillermo Lao ContentGuard - granted voting status after call
  John Weiland Navy - granted voting status after call
  Phil Griffin Griffin Consulting - granted voting status after call
  Anne Manes (individual) - withdrew prior to call
  Andrew Fetterer CrossLogix - withdrew prior to call

--
Steve



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC