[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [wss] Minutes for January 28, 2003 Conference Call
1. Roll Call Quorum achieved (Steve will provide the roll-call details). 2. Kelvin: (a) OASIS is moving to the Kavi system for managing the activities of working groups. It will include facilities for voting etc. (b) Sponsors for WSS TC conference call are urgently needed. Participants are strongly urged to sponsor a call; approximately 45-55 people call in. (c) Revised minutes have been posted and are available at: http://lists.oasis-open.org/archives/wss/200301/msg00064.html John Shewchuk: clarifications around the discussion of policy in the minutes. Minutes are accepted modulo John's clarifications which he will post to the list. (d) Rob Philpott: naming conventions for WSS documents Discussion has been ongoing for some time. Suggested names for the core documents: Web Services Security : SOAP Message Security Web Services Security : Core Specification Suggested names for the "binding" documents Web Services Security : <Token-Type> Token Profile Web Services Security : <Token-Type> Token Binding The Token Profile choice was preferred by many individuals. Kelvin: would like to take a vote and close this issue. John Shewchuk: concern that "Web Services Security : SOAP Message Security" sounds limiting as additional specifications (some of which have already been published) leverage this specification to solve additional problems. These problems go beyond solving just the issue of "SOAP Message Security". Rob Phillpott: Does that not suggest that this specification should stay focussed on "SOAP Message Security"? Ed Reed: Concern that name should clarify distinction between this and other security-related efforts such as, for example, various other "Web Service" Security specifications published in December. Kelvin : There will be also a formal OASIS name that formally and unambiguously identifies this effort. Kelvin: call for vote on the choices. Steve takes the vote: 34 (option 1) 13 (option 2) 37 (option 1) 11 (OPTION 2) THerefore, the names Web Services Security : SOAP Message Security Web Services Security : <Token-Type> Token Profile are chosen. ACTION: Editors to make changes to document names. (e) John Shewchuk: in contact with Ron Monzillo and Tim Moses on the issue of Policy specifications etc. Will respond in greater detail later. (f) Editors speak to the current state of the documents. Ron Monzillo: SAML Token Profile http://lists.oasis-open.org/archives/wss/200212/msg00100.html Some comments on Sender Vouches have been received. Additional issue is a missing transform description. Ron will publish new version addressing issues in the next week. Tony Nadalin: SOAP Message Security Document http://lists.oasis-open.org/archives/wss/200301/msg00062.html Main achievement is the separation of password issues from the main document. (Issue 53). The user-name and password token is now described separately in document http://lists.oasis-open.org/archives/wss/200301/msg00067.html Ron Monzillo: concern about the exact split between the two documents. Phil Hallan-Baker Revised XRML Profile document is ready and now that naming conventions are ready, should be able to publish soon. Have not received any comments on Kerberos and X.509 Profile document. Comments are solicited. Phil plans to publish fresh versions of all three profiles later in the week. (g) Chris Kaler: Are the drafts mature enough for inter-operability testing? Zahid Ahmed: are there specific dates for the inter-op demo? Chris, Kelvin: Sometime in March was considered a reasonable target. WSS TC Co-Chairs begin to work through the current issues list. http://lists.oasis-open.org/archives/wss/200301/msg00019.html ISSUE 06: Closed. ACTION: Kelvin to update Road Map URL in WSS TC pages to the permanent URL. ISSUE 09: Closed. ISSUE 10, 11: Deferred. ISSUE 19: Pending. ISSUE 25: Deferred to POST-interOp. ISSUE 28: Closed. ISSUE 46: Deferred until scenarios discussion completes. ISSUE 47: Closed. ISSUE 48, 49: Closed. ISSUE 50: Closed. Ron: Has Chris Kaler's use model for tokens be added to the SOAP message security document? Tony, Chris: it has been added as an appendix. ISSUE 52: Closed. ISSUE 53: Closed. ISSUE 56: Closed. ACTION: Kelvin to speak with Karl Best concerning OASIS namespace linked to OASIS web site. Jeff Hodges: concern that IPR statement does not reference the wsu component of the document. Chris: IPR statement does not reference any namespace only relevant document. ISSUE 59: Pending (Phil will post new version of XRML Profile). ISSUE 60: Pending. Tom DeMartini: concern about use of term of "proof of possession" in various drafts. What does it mean? Ron Monzillo: support this concern. Mostly used in the profiles, but does occur in one place in the core. If that could be removed carefully, then it could be systematically removed from all the profiles. Phil H-B: prefer authentication to proof of possession. Ron Monzillo: message senders provide proof, message recipients authenticate senders. Phil H-B: concern that proof of possession is being used in a non-standard way. Ron will propose text to move this forward. Thomas Demartini: points to message http://lists.oasis-open.org/archives/wss/200301/msg00006.html General discussion driven by Ron and Thomas. ACTION: Tony, Ron and Thomas to propose text and update main and subsidiary drafts. ISSUE 61: Pending ACTION: Tony to work with Frederick to resolve. ISSUE 62: Deferred to POST-interop draft. Chris, what is this issue really? Ron: This has to do with independent versioning of the profiles. ISSUE 63: Resolved. ACTION: Tony, Ron and Chris will define a transform that will help settle this issue. Don Flinn: This is an important issue. It should be settled before the interOp. Ron Monzillo: Jerry has published a note on this issue. http://lists.oasis-open.org/archives/wss/200212/msg00104.html ISSUE 64, 65: Deferred to Post InterOp. (h) Chris Kaler: Are there any other issues (other than ISSUE 63, and user-name and password) that are blocking before we consider the drafts mature enough for an inter-operability. Ron Monzillo: issue of working with tokens that are signed in the SOAP header but the token itself is found elsewhere. Gene Thurston, Ron Monzillo: Perhaps there is a need for a generic security token reference form? LOOK AT ACTION 63 ABOVE. Prateek: concern that current draft of the password model requires availability of plain text password in the security system. I view this as a blocking issue for the interOperability draft. This issue is described in: http://lists.oasis-open.org/archives/wss/200212/msg00063.html Ron: SUN lawyers would like to look at the IPR and legal details. Kelvin: Please contact me for IBM position on IPR and legal issues. Chris: Microsoft has published their information to the list. Kelvin: proposal is to work towards an inter-operability scenarios on the list. Discussion on use-case scenarios. (Eric) The original use-case and primer sub-group has not made much progress in this space. Motion to adjourn. Chris Kurt identified himself on the call.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC