OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [wsi_secprofile] Re: BSP WG Meeting #4 Minutes 2003-06-12



Anthony Nadalin wrote:

>
>
>  
>
>>e) OASIS WS-Security TC meeting Chair reported on his discussion of
>>    
>>
>WS-Security TC schedule with WSS TC members,
>  
>
>>where he made the request to complete their Core >specification
>>and several Token Profiles ASAP.
>>WSS TC response was that they need more interoperability tests before
>>producing Committee Draft.
>>Chairs opinion (subjective) that the order in which Token Profiles will
>>be tested and stabilized will be Username/Password, X.509, Kerberos, SAML,
>>XrML. Having stable Username/Password and X.509 Profiles should be
>>enough for us to get started.
>>    
>>
>
>Just to be clear the TC agreed that there were specific tests that needed
>to be performed before the TC would vote to have a Committee draft (we see
>this as a virtual interop event). A straw poll was taken and an
>overwhelming majority votes to go with a core specification and the
>username and x509 profiles in version 1.0.
>  
>
During the WSS F2F, the chairs of the WSS TC polled us (the attendees)
to determine the minimum set of documents/profiles that we require to
support our planned use of ws-security. The responses to this least common
denominator question,  indicated that the core, the Username/Password
profile, and the X509 profile, comprised the minimum set.

In addition to the minimum set, almost everyone indicated an interest
in (if not requirement for) one or more additional token profiles.

A recommendation was made during the discussion that versioning of
the core be decoupled from token profile versioning. If adopted, this
idea could make it unnecessary to designate specific token profiles as
included in a version 1.0 of the specification.

The TC took inventory of the remaining aspects of the core that should be
subjected to (interop) testing, and agreed that this testing should occur
before the end of the public review period. The proposed plan is to
enter the public review period (i.e. issue the committee draft) before
any additional interop testing occurs.

Ron

>  
>
>>Clearly we need to cover attachments. This scenario provides a lot
>>more
>>details that the others. They should all be at the same level of detail.
>>I
>>would prefer to separate SSL/TLS from attachments at least initially.
>>Perhaps we need a "pure" SSL/TLS scenario.
>>    
>>
>
>WSS-TC Core specification does cover attachments, we should see if that
>provides enough
>
>
>Anthony Nadalin | work 512.436.9568 | cell 512.289.4122
>
>
>
>  
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]