RE: [wss] wss-minutes June 17th

["Steve Anderson" <sanderson@opennetwork.com>]

attendance info inserted
--
Steve


-----Original Message-----
From: Maryann Hondo [mailto:mhondo@us.ibm.com]
Sent: Tuesday, June 17, 2003 11:41 AM
To: wss@lists.oasis-open.org
Subject: [wss] wss-minutes June 17th






WSS-TC

Attendance of voting members:
  Gene Thurston AmberPoint
  Frank Siebenlist Argonne National Lab
  Merlin Hughes Baltimore Technologies
  Irving Reid Baltimore Technologies
  Peter Dapkus BEA
  Hal Lockhart BEA
  Symon Chang CommerceOne
  Thomas DeMartini ContentGuard
  Guillermo Lao ContentGuard
  TJ Pannu ContentGuard
  John Hughes Entegrity
  Tim Moses Entrust
  Toshihiro Nishimura Fujitsu
  Jason Rouault HP
  Yutaka Kudo Hitachi
  Maryann Hondo IBM
  Kelvin Lawrence IBM
  Anthony Nadalin IBM
  Nataraj Nagaratnam IBM
  Bob Morgan Individual
  Paul Cotton Microsoft
  Chris Kaler Microsoft
  Frederick Hirsch Nokia
  Senthil Sengodan Nokia
  Lloyd Burch Novell
  Charles Knouse Oblix
  Steve Anderson OpenNetwork
  Vipin Samar Oracle
  Jerry Schwarz Oracle
  Eric Gravengaard Reactivity
  Peter Rostin RSA Security
  Martijn de Boer SAP
  Pete Wenzel SeeBeyond
  Ronald Monzillo Sun Microsystems
  Jan Alexander Systinet
  John Weiland US Navy
  Phillip Hallam-Baker VeriSign

33 voting members sufficient for quorum

minutes review:
      kelvin to steve......consolidated minutes in one file but date still
says Wed.
      jerry, add to attendance

minutes approved

at the F2F several actions were taken:

editorial actions (captured in the minutes from F2F) from F2F
   Chris K, suggestion to translate those into issues
   Hal, clarification of the action item.....the shoulds/must comment is
   really .....how you determine to do multiple signatures &
   encryptions....at the end the agreement was for Tony to investigate the
   issue and report back
   Chris, be the point person to coordinate the next interop....only
   received one name....needs a point person for virtual testing [private
   email off the list]
   Chris/Kelvin, which approach should be taken to identifying all the
   editors and contributors (SAML and XACML each had different mechanisms)
   Tim posted the XACML, please look at both models and vote for a
   preference
   Text on reporting faults....should be an action......some discussion on
   whether or not faults are optional....Hal ...text is nonspecific in SOAP
   specs.... it says the fault must be "generated" but not necessarily
   returned. [long debate at the f2f and this will be an issue to track]
   Merlin, some discussion on whether he posted text to list[transforms]
   for his action from f2f ......Comment, Ron- Merlin did NOT post anything

Document status [issues list review]:
   11-closed
   30- pending.....waiting for next draft
   31-pending....have a namespace until OASIS comes through with theirs
   62-pending -- no change
   67- pending--- no change
   69- pending---no change
   70-pending-- no change
   72-pending --resolutions from f2f waiting for next draft
   74-pending-- Hal proposed text
   76-80 pending ---Tim review latest draft & sent comments....Tim & Phil
   have a common draft that resolves his issues, so that they can deliver
   the next draft of the profile.....hope to close by end of the week
   82-open---Kelvin --note of cleaning up before going to standard
   84-open  ---encryption transform...status is that Tony is to propose
   text (see bullet 2)
   86- defer till after v1
   90- pending - clarification of embedded---waiting for editorial update
   from f2f
   94-pending....related to 101
   95-pending....clarify what ids are used----editorial update
   96,97,98-pending --waiting for editorial
   99 -open  ..hal- it might be useful to know what key identifier
   scheme[encoding type] is being used....proposal ...in STR, value type
   for key identifier should refer to key itself ....currently its a
   hint.....it might imply a token type.... either define a separate type
   (x509-1, x509-2)....scheme expressed in some form, as opposed to just
   X509 key identifier....jerry, isn't the qname pointing to  a profile?
   chris, we could add  text that it could identify a different class....
       Ron- make a corresponding change to a direct reference[ some
      discussion ]
      Tim, don't need to use those references ....
      Jerry, you need to know what it points to
      Merlin, additional comments {sorry!}
      ACTION- move to pending...Hal to propose text  [two things , some
      text for document, summarize some of the other issues]
   100- closed, mail sent
   101-open-move to pending-, the way the sig structure works, the
   reference is outside the signature...this could be a hole for
   non-repudiation ,
      merlin- signature just relates to the key ...
      chris- there are some certs that can have additional constructs
      hal- if you want to rely on a signature you need to know what
      certificate
      chris- propose adding paragraph to security considerations section
      hal, also need to touch area where we make recommendations, there's
      no crypto binding between cert and signed data and this should be
      addressed
      jerry, is this an issue for the X509 profile?
      tim, is this a non-repudiation issue? and it relates more to the X509
      profile
      chris, we do need to add some text to security considerations
      ACTION---chris to work with hal
   102- pending, remove section
      Merlin, mandating processing order does nothing
      ACTION- editors remove
   103-pending
      value type optional....if you have no value type its unclear what you
      could do with it
      you can look at content type, but it should be recommended to provide
      a value type
      two issues....one for BST and one for reference
      ACTION: chris....change text required on BST, recommended on
      reference
   104- pending
      ACTION:Merlin to get text to editors
   105-closed
      Merlin- to get text to Hal, ordering for signature & encryption,
      email already started
   106-pending
      Eric-  there was an action to take out section 9.3 on attachment at
      f2f
      ACTION: Chris to do update


Jerry -would like a reply to his posting on issue 73

Kelvin, when can we expect updated drafts?


two issues across the docs:
      profiles describe how key identifiers apply
      xml notation syntax, only defined in core, other profiles should
point to it

Ron-done
Tim- goal is 20th
Tony- shoot for 23rd

shot at committee spec by end of month


Chris & Kelvin:
followup interop
message #93 on the 16th, 3 things to be there, sig transform, timestamps,
ordering
Hal volunteered to try to pull this together-Chris to put forward a
proposal

signature & encryption in a different order....
is 5 to test expiration? seems more like conformance, than interop
what is the intent?

chris, propose to drop 5 and modify 7 includes timestamp...fold C into 7 as
well (encrypt before sign)

Chris & Hal to gen up scenarios....
post a rough outline
get agreement,
then work out the details


try to have a parallel path, work on the docs, do another interop

Any other business?
Chris---Any blocking issues for moving forward on 7/1?

need a hard date for new  v1 issues....can it be this Friday?
do we need a special call?
another call next week might be an issue for folks who need to attend WS-I.

we have a round of specs by the 23rd,
we have a two week period to resolve any issues and re-rev the specs by
email

call on the 1st
the vote will be by kavi

please monitor email







You may leave a Technical Committee at any time by visiting http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup.php