[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] wss-minutes June 17th
attendance info inserted -- Steve -----Original Message----- From: Maryann Hondo [mailto:mhondo@us.ibm.com] Sent: Tuesday, June 17, 2003 11:41 AM To: wss@lists.oasis-open.org Subject: [wss] wss-minutes June 17th WSS-TC Attendance of voting members: Gene Thurston AmberPoint Frank Siebenlist Argonne National Lab Merlin Hughes Baltimore Technologies Irving Reid Baltimore Technologies Peter Dapkus BEA Hal Lockhart BEA Symon Chang CommerceOne Thomas DeMartini ContentGuard Guillermo Lao ContentGuard TJ Pannu ContentGuard John Hughes Entegrity Tim Moses Entrust Toshihiro Nishimura Fujitsu Jason Rouault HP Yutaka Kudo Hitachi Maryann Hondo IBM Kelvin Lawrence IBM Anthony Nadalin IBM Nataraj Nagaratnam IBM Bob Morgan Individual Paul Cotton Microsoft Chris Kaler Microsoft Frederick Hirsch Nokia Senthil Sengodan Nokia Lloyd Burch Novell Charles Knouse Oblix Steve Anderson OpenNetwork Vipin Samar Oracle Jerry Schwarz Oracle Eric Gravengaard Reactivity Peter Rostin RSA Security Martijn de Boer SAP Pete Wenzel SeeBeyond Ronald Monzillo Sun Microsystems Jan Alexander Systinet John Weiland US Navy Phillip Hallam-Baker VeriSign 33 voting members sufficient for quorum minutes review: kelvin to steve......consolidated minutes in one file but date still says Wed. jerry, add to attendance minutes approved at the F2F several actions were taken: editorial actions (captured in the minutes from F2F) from F2F Chris K, suggestion to translate those into issues Hal, clarification of the action item.....the shoulds/must comment is really .....how you determine to do multiple signatures & encryptions....at the end the agreement was for Tony to investigate the issue and report back Chris, be the point person to coordinate the next interop....only received one name....needs a point person for virtual testing [private email off the list] Chris/Kelvin, which approach should be taken to identifying all the editors and contributors (SAML and XACML each had different mechanisms) Tim posted the XACML, please look at both models and vote for a preference Text on reporting faults....should be an action......some discussion on whether or not faults are optional....Hal ...text is nonspecific in SOAP specs.... it says the fault must be "generated" but not necessarily returned. [long debate at the f2f and this will be an issue to track] Merlin, some discussion on whether he posted text to list[transforms] for his action from f2f ......Comment, Ron- Merlin did NOT post anything Document status [issues list review]: 11-closed 30- pending.....waiting for next draft 31-pending....have a namespace until OASIS comes through with theirs 62-pending -- no change 67- pending--- no change 69- pending---no change 70-pending-- no change 72-pending --resolutions from f2f waiting for next draft 74-pending-- Hal proposed text 76-80 pending ---Tim review latest draft & sent comments....Tim & Phil have a common draft that resolves his issues, so that they can deliver the next draft of the profile.....hope to close by end of the week 82-open---Kelvin --note of cleaning up before going to standard 84-open ---encryption transform...status is that Tony is to propose text (see bullet 2) 86- defer till after v1 90- pending - clarification of embedded---waiting for editorial update from f2f 94-pending....related to 101 95-pending....clarify what ids are used----editorial update 96,97,98-pending --waiting for editorial 99 -open ..hal- it might be useful to know what key identifier scheme[encoding type] is being used....proposal ...in STR, value type for key identifier should refer to key itself ....currently its a hint.....it might imply a token type.... either define a separate type (x509-1, x509-2)....scheme expressed in some form, as opposed to just X509 key identifier....jerry, isn't the qname pointing to a profile? chris, we could add text that it could identify a different class.... Ron- make a corresponding change to a direct reference[ some discussion ] Tim, don't need to use those references .... Jerry, you need to know what it points to Merlin, additional comments {sorry!} ACTION- move to pending...Hal to propose text [two things , some text for document, summarize some of the other issues] 100- closed, mail sent 101-open-move to pending-, the way the sig structure works, the reference is outside the signature...this could be a hole for non-repudiation , merlin- signature just relates to the key ... chris- there are some certs that can have additional constructs hal- if you want to rely on a signature you need to know what certificate chris- propose adding paragraph to security considerations section hal, also need to touch area where we make recommendations, there's no crypto binding between cert and signed data and this should be addressed jerry, is this an issue for the X509 profile? tim, is this a non-repudiation issue? and it relates more to the X509 profile chris, we do need to add some text to security considerations ACTION---chris to work with hal 102- pending, remove section Merlin, mandating processing order does nothing ACTION- editors remove 103-pending value type optional....if you have no value type its unclear what you could do with it you can look at content type, but it should be recommended to provide a value type two issues....one for BST and one for reference ACTION: chris....change text required on BST, recommended on reference 104- pending ACTION:Merlin to get text to editors 105-closed Merlin- to get text to Hal, ordering for signature & encryption, email already started 106-pending Eric- there was an action to take out section 9.3 on attachment at f2f ACTION: Chris to do update Jerry -would like a reply to his posting on issue 73 Kelvin, when can we expect updated drafts? two issues across the docs: profiles describe how key identifiers apply xml notation syntax, only defined in core, other profiles should point to it Ron-done Tim- goal is 20th Tony- shoot for 23rd shot at committee spec by end of month Chris & Kelvin: followup interop message #93 on the 16th, 3 things to be there, sig transform, timestamps, ordering Hal volunteered to try to pull this together-Chris to put forward a proposal signature & encryption in a different order.... is 5 to test expiration? seems more like conformance, than interop what is the intent? chris, propose to drop 5 and modify 7 includes timestamp...fold C into 7 as well (encrypt before sign) Chris & Hal to gen up scenarios.... post a rough outline get agreement, then work out the details try to have a parallel path, work on the docs, do another interop Any other business? Chris---Any blocking issues for moving forward on 7/1? need a hard date for new v1 issues....can it be this Friday? do we need a special call? another call next week might be an issue for folks who need to attend WS-I. we have a round of specs by the 23rd, we have a two week period to resolve any issues and re-rev the specs by email call on the 1st the vote will be by kavi please monitor email You may leave a Technical Committee at any time by visiting http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]