[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] Minutes for Telecon, Tuesday 20 May 2003
More corrections: - Michael Nguyen added to attendance (missed it in my last correction) - Vijay Gajjala added to attendance -- Steve -----Original Message----- From: Steve Anderson Sent: Wednesday, May 21, 2003 11:15 AM To: OASIS WSSTC (E-mail) Subject: RE: [wss] Minutes for Telecon, Tuesday 20 May 2003 One correction: Michael Nguyen in fact did not lose voting status. -- Steve -----Original Message----- From: Steve Anderson Sent: Tuesday, May 20, 2003 3:41 PM To: OASIS WSSTC (E-mail) Subject: [wss] Minutes for Telecon, Tuesday 20 May 2003 Minutes for WSSTC Telecon, Tuesday 20 May 2003 Dial in info: 1 (309) 495-0763 Access Code: 7224370 Minutes taken by Steve Anderson ====================================================================== Summary ====================================================================== Votes: - Minutes from 6 May 2003 meeting accepted (unanimous) New (General) Action Items: - none Issues List Action Items & Status Updates: - 30: - [ACTION] Editors to reference text from core-12, lines 168- 174, in all docs - PENDING - 46: - CLOSED - 69: - [ACTION] All profile editors to explain how key identifier is used for that token type, if at all - PENDING - 70: - [ACTION] Eric will start discussion thread on AI-70 - 72: - [ACTION] Hal to start discussion thread on AI-72 - 73: - [ACTION] Editors to make a proposal for AI-73 - 74: - [ACTION] Hal to propose text for AI-74 - 80: - PENDING - 81: - CLOSED - 84: - [ACTION] Hal to propose text for AI-84 - new: multiple recipient email (Hal) - CLOSED - new: complaint with interop example 2 - CLOSED ====================================================================== Raw Notes ====================================================================== > > Agenda: > > 1. Roll call > - Attendance attached to bottom of these minutes - Quorum achieved > > 2. Review minutes from previous meeting (5/6/2003) > < http://lists.oasis-open.org/archives/wss/200305/msg00026.html > > - [VOTE] unanimous consent, accepted > > 3. Interop/F2F logistics update > - Chris: decided on San Fran on last call - looking at downtown Hyatt - Mon (9 Jun) noon to Thurs (12 Jun) noon - we'll know more in a day or two - will send out info when available - trying to make sure we have net access - hold off making hotel reservation until we get it nailed down, but can book flights now - if anyone has food allergies/requirements, send to Chris - Kelvin: will update Kavi calendar with info when available > > 4. Interop scenarios updates [Hal] > - Hal: posted new version last night - changes were slight - there was an issue with SOAP:mustUnderstand equaling 1 vs. true in SOAP 1.1 - decided it's preferable to leave keyUsage out entirely - however, some CAs insist on it - a few more cut & paste errors have been found and will be fixed - need suggestions on error reporting - this is version 03, and was only posted to mail list - Kelvin: will post to Kavi - Hal: interested in input on whether and how to specify errors - there were 2 other items, which will result in changes to core spec, which will be reflected shortly - there didn't seem to be any interest in his multi-party encryption - there were some subtleties around encrypting passwords - fairly stable - Chris: will gen a couple certs and send to list - Hal: there was in issue for Chris on providing additional schema **** - Chris: did forget application schema, will send out shortly - Kelvin: there were cases where "XX" was in the absolute URIs - Chris: those have been changed, all will reflect 2003/06 - Hal: who is bringing network hardware, DNS, etc for the interop? - Chris: it is his goal to provide lots of that > > 5. Any editorial updates/document status [Editors] > - Phill: revised X509 draft quite substantially, accounting for Tim's issues - in orig doc, it just said 'put X509 cert in' - now can put in PKCS 7 blobs - also, if you encrypt the message, you don't need to send the entire cert to validate the key, can just send issuer and serial num of key - several cosmetic changes - more info in introduction - main changes are to section 3.3, specifying 3 ways of identifying cert - problem with identifying a cert path - PKIPath is not a standard yet, & no info on when it will - not widely supported - Ron: thought that it was an official part of X509 v4 - Tony: yes, we validated it before - Phill: then I'll remove PKCS7 - Chris: why remove PKCS7? - Phill: doesn't do what we want to do - allows for any order, and for more certs than are in a path - has an additional, unnecessary signature - PhilG [partially disagrees/agrees] - direction is to allow both, but recommend PKIPath - Phill: for identifying cert by reference, this is logically a STR, but couldn't get syntax to work - e.g., for sending an encrypted message, just need to reference the cert - Chris: would have expected to have an encrypted key inside the Security header, and would have keyInfo within that encrypted key - [more discussion, including key identifiers] - if there is a SKID (security key identifier) present in the cert, you may use that, otherwise use the issuer and serial number - Ron: asking about usecase, which is when we're not sending the cert - Chris: thinks what's in 3.3.3 is fine, but need to also specify what it means for this token type if you specify a key identifier - proposes if people have ideas, send them to Phill, and Phill can produce another draft for discussion > > 6. Discussion of open issues, review latest issues list > - Kelvin: hasn't seen an update from John - can continue on last call's issues list < http://www.oasis-open.org/archives/wss/200305/msg00021.html > - don't recall where we ended - Chris: starting at top - 30: - Chris: supposed to have discussion with editors - Hal: if people take a look at core-12, lines 168-174, he's satisfied with these - Chris: thinks we need to get these into all docs - Jerry: suggests all profiles refer to this rather than duplicating it - Chris: great idea - [ACTION] Editors to reference text from core-12, lines 168- 174, in all docs - PENDING - 31: - Kelvin: Karl Best is attempting to resolve them within 1-2 months - still open - 46: - Hal has sent mail to list - CLOSED - 62: - Ron: thinks he did this - proposal was to include another attribute on STR to identify profile & version, using URNs - Chris: doesn't remember proposal, were there responses? - Ron: Tim commented that he thought it covered the necessary cases < http://www.oasis-open.org/archives/wss/200304/ msg00044.html > - Chris: everyone should look at this & we'll discuss it on next call - 67: - Hal: proposed bunch of different semantics < http://lists.oasis-open.org/archives/wss/200305/ msg00008.html > - 69: - we've made progress already today - [ACTION] All profile editors to explain how key identifier is used for that token type, if at all - PENDING - Hal: interesting, how would that apply to Kerberos? - Chris: for that case, explanation could be to not use them - 70: - Eric: when should a processor decide when it doesn't understand a security header? - Chris: are there objections to interpreting a mustUnderstand on the Security header as applying to all subelements? - Jerry: that seems overly strong, such as when I only need to understand enough to authenticate the message - Chris: mustUnderstand is described to require receiver to understand enough to carry out its semantics, and if authN is the extent of your semantics, then that fits - Irving: good example is a mustUnderstand on a Security header that includes a SAML token, which has advice - advice may be ignored, so the mustUnderstand shouldn't necessarily propagate to sub elements - Chris: try this - mustUnderstand applies to direct child elements - [discussion] - could just require receiver to abide by the standard - Chris: suggests starting a thread of discussion on list - [ACTION] Eric will start discussion thread on AI-70 - 71: - Hal: will get something out shortly on that - 72: - Hal: timestamp trace seems ill-conceived - if people's clocks are synch'ed, everything's fine - if they're not, can't distinguish latency from skew - Chris: there are a number of uses beyond this - Kelvin: would examples help - Hal: yes - [ACTION] Hal to start discussion thread on AI-72 - 73: - Tony: nothing added to docs on this yet - Jerry: more than just clarification, we need to decide what can go in there - originally wanted to allow anything in here that could go under the Security header, but that wasn't well received - [ACTION] Editors to make a proposal for AI-73 - 74: - [ACTION] Hal to propose text for AI-74 - 75: - Jerry: had sent a msg to list, can send another - 76-79: - have all been marked PENDING - Tim: will have a chance to review in beginning of June - Phill: will consult with Carlisle - 80: - Phill: incorporated into latest draft - PENDING - 81: - can be CLOSED - 82: - Kelvin: Tony did a good first pass - need to now double check with XML Encrypt & Signature have closed - leave open - 84: - Chris: saw Hal's mail, and was fine - [ACTION] Hal to propose text for AI-84 - 86: - Chris: with interop activity, hasn't read thoroughly - proposes we leave it open - 87: - still open - Kelvin: is there an owner for this? - Chris: no - - 88: (new) chairs to wrap up release dates - Kelvin: hoping to get with Chris and post proposal - people may post mail stating their view of critical dates - new: binary token & xml token types being abstract (Don) - stays open - new: interop spec uses mustUnderstand=true rather than =1 - Hal: fixed in draft 3 - new: multiple recipient email (Hal) - Hal: not a separate issue, part of the order of decryption - no one commented, so if you want to do it, you're on your own - CLOSED - Kelvin: should go into issues list for tracking - new: complaint with interop example 2 - Hal: fixed in latest draft - CLOSED > > 7. Continue the discussion of the Receipt Token Profile document > < http://lists.oasis-open.org/archives/wss/200305/msg00020.html > > - Kelvin: heard silence on this topic during issues list discussion - Eric: can put presentation together for F2F - sounds great > > 8. Discussion of key TC milestones > - Kelvin: had hoped to get with Chris prior to call - should postpone until next call - people should post strong opinions to list - Hal: has question on whether we'll need another interop - we're currently excluding certain token types - Kelvin: we'll need to impose a date by which all critical issues must be raised > > 9. Other business > - Ron: can we hear more about interop? - what are configurations going to be? - Hal: expects companies to pair off, and test each client against each server - switch pairings until all combination are made - [more discussion] - Eric: sent out a doc last week based on internally-derived tests - Hal: looked very good - Chris will talk with Hal about a script > > 10. Adjourn > - Adjourned ----------------------------------------------------------------------- Attendance of Voting Members: Frank Siebenlist Argonne National Lab Irving Reid Baltimore Technologies Peter Dapkus BEA Hal Lockhart BEA Symon Chang CommerceOne Thomas DeMartini ContentGuard TJ Pannu ContentGuard Shawn Sharp Cyclone Commerce Ganesh Vaideeswaran Documentum John Hughes Entegrity Tim Moses Entrust Toshihiro Nishimura Fujitsu Yutaka Kudo Hitachi Jason Rouault HP Maryann Hondo IBM Kelvin Lawrence IBM Anthony Nadalin IBM Don Flinn Individual Phil Griffin Individual Bob Morgan Individual Chris Kaler Microsoft Vijay Gajjala Microsoft Prateek Mishra Netegrity Frederick Hirsch Nokia Senthil Sengodan Nokia Charles Knouse Oblix Steve Anderson OpenNetwork Vipin Samar Oracle Jerry Schwarz Oracle Eric Gravengaard Reactivity Rob Philpott RSA Security Peter Rostin RSA Security Martijn de Boer SAP Pete Wenzel SeeBeyond Yassir Elley Sun Microsystems Ronald Monzillo Sun Microsystems Sirish Vepa Sybase Jan Alexander Systinet Michael Nguyen The IDA of Singapore Don Adams TIBCO John Weiland US Navy Phillip Hallam-Baker VeriSign Attendance of Observers or Prospective Members: Andrew Nash RSA Security Jonathan Tourzan Sony Membership Status Changes: Trevor Perrin Individual - Granted voting status after 5/20/2003 call Chris Kurt Microsoft - Lost voting status due to inactivity -- Steve You may leave a Technical Committee at any time by visiting http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup.php You may leave a Technical Committee at any time by visiting http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]