[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [wss] Minutes for Telecon, Tuesday 5 November 2002
Minutes for WSSTC Telecon, Tuesday 5 November 2002 Dial in info: +1 913 312 4173 #319026 Minutes taken by Steve Anderson ====================================================================== Summary ====================================================================== Votes: - Minutes from 29 October 2002 meeting accepted (unanimous) - F2F will be held 11-12 December in Baltimore, at XML 2002 event New (General) Action Items: - JohnS to update issues list with new and pending items, with intent to close pending issues next call - Kelvin to post latest draft of docs to web site - Kelvin to confirm with OASIS that we will use their facilities - Chairs to post logistics for F2F Issues List Action Items & Status Updates: - 34: Tony to add clarifying text - Issue marked pending - 35: Editors to change to list of one encoding type, base64 - Issue marked pending - 36: Tony to add clarifying text - Issue marked pending - 37: Tony to add clarifying text - Issue marked pending - 38: Konstantin to propose new wording on email list - 39: Tony to add clarifying text - Issue marked pending - 40: Issue closed, latest revision is acceptable - 41: Issue closed, latest revision is acceptable - 42: Tony to add clarifying text - Issue marked pending - 43: Issue closed, latest revision is acceptable - 44: Ron to add clarifying text - Issue marked pending ====================================================================== Raw Notes ====================================================================== > > Agenda: > > 1. Roll call > - Attendance attached to bottom of these minutes - Quorum achieved > > 2. Review minutes from previous meeting (10/29) > < http://lists.oasis-open.org/archives/wss/200211/msg00032.html > > - [VOTE] unanimous consent, accepted > > 3. Review action list (picking up from where we left off) > - JohnS: recommends continuing with existing issues (04), then return to updates that have been made since last call - 34 - Tony: some people may want random number, so timestamp may not suffice - Proposal on table is to allow both - Tony: can clarify that nonce can be in form of random number - [ACTION] Tony add clarifying text - No objections. Mark issue as pending. - 35 - alternative encodings that could be supported include base64 (which is already there) - Hal: hex encoding is bulkier - preference for base64 - Phill: generally will be generating encoding from a binary blob, rather than cut/paste of something previously encoded - JohnS: also want to allow for future encodings, but a list of encodings that for now only includes base64 seems fine - regular XML extensibility mechanisms will allow for adding to the list - JohnS: XML attribute used to specify encodings, and we'll reduce the list of values down to base64 - [ACTION] editors to make this change - No objections. Mark issue as pending. - 36 - JohnS: we will restrict all forms of datetime down to UTC - can't restrict it in schema, just in normative - currently listed as "SHOULD" rather than "MUST" - is there value in leaving it flexible? - Rob: interoperability will suffer if left as SHOULD - RLBob: if left as SHOULD, implementations have to accommodate other formats - RLBob: on other hand, if circumstances prevent control of form of datetime, requirement can't be met - Phill: only case of not being able to generate UTC that he can imagine is when you don't know what TZ you're in, in which case interop is shot anyway - Tony: proposes "implementations MUST be able to process UTC format" and others are optional - [ACTION] Tony to add clarifying text - No objections. Mark issue as pending. - 37 - JohnS: Should we just add another group in there for replay? - Tony: proposes doing nothing, since this is just a side- effect of the spec itself, rather than a new type of threat introduced by the spec - Ron: believes group 2 covers replay - Tony: agrees - Ron: group 2 could be clarified further - Rob: proposes putting reference to Security Considerations in back of doc, which discusses replay attacks further - [ACTION] Tony to add clarifying text - No objections. Mark issue as pending - 38 - Kelvin: in latest rev of docs, this is line 241, and there is already clarification here - Hal: changing "inappropriate" to "unauthorized" isn't necessarily a clarification - Hal: so by unauthorized you mean the sender isn't allowed to make claim? - Tony: yes - Hal: it's a matter of trust - Hal: needs clarification, but not suggesting that this state how that authorization is determined - Hal: it's not a case of "cannot be processed", which sounds like a syntax issue - Hal: can live with "unauthorized" if it is well understood - Konstantin: what if "inappropriate" or "unauthorized" is removed entirely? - it would sound like it can only be rejected on technical grounds - "unacceptable" may be clearer - John: the reasons for rejecting it are out of scope - Proposal to change "unauthorized" to "unacceptable" - RLBob: this discussion indicates need for more text or discussion on processing rules - Hal: case of missing claims is confusing too - discussion of processing model, which may need further development - discussion of scope - [ACTION] Konstantin to propose new wording on email list, which will be discussed further - issue still open - 39 - in latest rev, this is lines 253-256 - Ron: read this as a problem with the example, not the spec - Konstantin: wants explanation why these elements are in there - [ACTION] Tony to add clarifying text - No objections. Mark issue as pending. - 40 - Lines 539-541 in new rev - Tony: this should already be fixed in new rev - Konstantin: in new doc, only one paragraph is left - issue closed - 41 - Section 9.4.1, Encryption section, Item 4, line 1027 in new rev (3) - Tony: this should already be fixed in new rev - Konstantin: accepts correction - issue closed - 42 - Section 10.3, Line 1168 in new rev - "materially" replaced by "substantially", which doesn't help much - John: seeking proposal to change this - John: these terms lead to interpretation, so the question is whether we tighten them down further - Chris: intent here is to detect stale msgs - what is "substantial"? - Kelvin: need clarifying text to explain the purpose - Hal: prefers "difference between the times should be minimized" - Tony: no matter how you word it, there will be controversy - Hal: can live with either - Chris: this isn't conformance-driven - [ACTION] Tony to add clarifying text - No objections. Mark issue as pending - 43 - Lines 1433-1434 in new rev - Konstantin: new rev fixes problem - issue closed - 44 - Don: Prateek pointed out that the SAML binding defers to the core for c14n, so that seems fine - SAML spec points at inclusive, the SAML WSS Binding defers to WSS core - Phill: inclusive c14n simply won't work unless the validation is done in exactly the same context, which isn't likely - Ron: Not sure if this is a problem for this TC, seems it is a SAML problem - Kelvin: is this a problem for us to address or is there feedback to send to the SAML TC via liaisons? - Hal: SAML TC's intention is absolutely to move to exclusive c14n as the one required form, but that can't be done until SAML v2.0 - current version of SAML doesn't preclude use of exclusive c14n, it just recommended what was available at the time, which was inclusive c14n - JohnS: proposes that this is a problem for SAML TC, because the SAML WSS Binding can't contradict SAML spec - Prateek: believes this is a problem for SAML WSS Binding, and there's no conflict, since SAML doesn't preclude exclusive c14n - the only confusing part is that the binding would require a non-mandatory aspect of SAML - Ron: so we shouldn't allow for c14n's that aren't exclusive? - Phill: can't see how such a thing could work without writing our own composability process - so maybe wording as "MUST" use exclusive c14n is overbearing, but the wording should strongly suggest using it - [ACTION] editor of SAML WSS Binding (Ron) to clarify - No objections. Mark issue as pending > > 4. Close any pending issues if there is a new version of the > documents > - [ACTION] JohnS to update issues list with new and pending items, and close pending items next week - Kelvin: would like to get target date for producing an interim spec for interop testing - Chris: proposes 7 days for getting all issues out on table, which we can work through and close - Kelvin: so we probably need one more call like this to go through issues, then give editors time to incorporate changes - Bill Cox: believes it will take 2 cycles of drafts - Chris: this is definitely a moving thing, but we just want to get something stable to do dev work on - Bill: doesn't think one 2-hour call won't be sufficient to close all the issues we've dealt with so far - John: asking everyone to get all of their issues submitted by Monday (11 November), and he will produce the next issues list by Wed pm (13 Nov), and issues collected after that will be collected for next round - Current plan: - All outstanding issues submitted by Monday 11 Nov (ideally based on the Core Draft 3 document) - New issues list posted by EOD Wednesday 13 Nov - WSS TC to make as much progress as possible in e-mail prior to next call (19 Nov) - WSS TC phone call Tuesday 19 Nov will focus on resolving open issues - Editors to produce new drafts as quickly as possible (shoot for 7 days or less) - Once issues with the core spec have been resolved, we will have a call to vote (strictly to designate it an interop draft) - Then we focus on the profiles (probably during the F2F) - [ACTION] Kelvin to post latest draft of docs to web site - Tony: please keep old revisions available - Rob: would help if issues list cites line numbers relative to draft doc version > > 5. Update on face-to-face > - Kelvin: vote tally: 28 expressed strong preferences, most for A - Chris: since most favor A, and we have facilities, suggests we go with A - Phill: given current progress and our push for interop draft, do we need a F2F? - could defer, and have next F2F be an interop event - Hal: we'll get quicker progress at F2F rather than on concalls - perhaps we should be scheduling our next F2F now, and skip the December window - Chris: concerned about pushing that out for the high-bandwidth conversations - December date risks not having quorum - Phill: quorum isn't essential, work can get done, and results will have to get ratified at next call - Chris: wouldn't want to work through large number of items, just to have to rehash them on a call - Tony: the longer we talk about any of these dates, the less likely any will work out - leaning toward 11-12 December at XML 2002 event in Baltimore - Chris: Call for objections to this date - Phill: can't make A or B, but abstains (Hemma can) - Jeff: can't make B, but Ron can, so abstains - [VOTE] No objections. F2F will be held 11-12 December in Baltimore. - [ACTION] Kelvin to confirm with OASIS that we will use their facilities - [ACTION] Chairs to post logistics for F2F > > 6. Any other business > - none > > 7. Adjourn > - Adjourned ----------------------------------------------------------------------- Attendance of Voting Members: Don Adams TIBCO Zahid Ahmed Commerce One Steve Anderson OpenNetwork Conor Cahill AOL Greg Carpenter Nokia William Cox BEA Thomas DeMartini ContentGuard Yassir Elley Sun Microsystems Don Flinn Quadrasis Peter Furniss Choreology Simon Godik Overxeer Eric Gravengaard Reactivity Phillip Hallam-Baker Verisign Erick Herring Digital Evolution Jeff Hodges Sun Microsystems Maryann Hondo IBM Chris Kaler Microsoft Charles Knouse Oblix Yutaka Kudo Hitachi Kelvin Lawrence IBM Hal Lockhart Entegrity Solutions Monica Martin Drake Certivo, Inc. Prateek Mishra Netegrity Ronald Monzillo Sun Microsystems Bob Morgan (individual) Joel Munter Intel Anthony Nadalin IBM Nataraj Nagaratnam IBM Toshihiro Nishimura Fujitsu Rob Philpott RSA Security William Pope Choreology Hemma Prafullchandra Verisign Peter Rostin RSA Security Jason Rouault HP Jerry Schwarz Oracle John Shewchuk Microsoft Frank Siebenlist Argonne National Lab Andrew Sweet Perficient Gene Thurston AmberPoint Sirish Vepa Sybase Sam Wei Documentum Rob Weltman Netscape/AOL Pete Wenzel SeeBeyond Attendance of Observers or Prospective Members: Guillermo Lao ContentGuard Hank Simon Lockheed Martin Frederick Hirsch Nokia Tim Hall Talking Blocks Konstatine Beznosov Quadrasis Membership Status Changes: Guillermo Lao ContentGuard - granted voting status after call John Weiland Navy - granted voting status after call Phil Griffin Griffin Consulting - granted voting status after call Anne Manes (individual) - withdrew prior to call Andrew Fetterer CrossLogix - withdrew prior to call -- Steve
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC