[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for 7/29/03
The minutes for the July 29, 2003 telecom is submitted. As usual, all corrections and omission are cheerfully received. Please post them to the list. Cheers Don ==================== Donald Flinn Managing Partner Flint Security Phone: 781/856-7230 e-mail: flinn@alum.mit.edu http://flintsecurity.com ================================================================== Minutes July 29, 2003 Summary of Minutes: Roll Call Quorum Achieved Previous minutes Approved Outstanding Action Items: Hal to complete spreadsheet from first interop. Chis needs the names of all participants in interop and will set up a private e-mail list to coordinate the interop. Get your name to Chris if you will be in the interop so that you can be included in this private e-mail. New Action Item - Tim and Merlin to work on text for signing anything which includes an STR. Documents: Minor editorial tasks needed on the documents. Interop document Hal summarized it and requested that everyone look it over and comment as soon as possible. There was a discussion on the compatibility of the X.509 document with the upcoming interop. Phillip will update the X.509 document as per the discussion. Issues: 31 and 82 still open. 15, 20, 21, 22, 23, 24, 25 pending. (See raw notes for details.) New issue: Profiles must define what value is implied if a specific value is not specified. Version V1 of the specification: On the next call, the goal is to close all version 1 issues and then to move for vote on the core and X.509 and Username profiles. The vote will be to move the three documents to Committee Spec, which will begin the review period === Raw Notes === Outstanding Action Items: Hal has not completed updated version of spreadsheet from the first interop Chris: to coordinate interop names. Request that all potential participants submit their names to Chris Documents Ron no new document but has received two comments Tony Has sent a message on the core Interop Document Hal Scenarios have continues the numbering from the last scenario and added a text name for each. S4 - Session Key In some previous exchange the two parties are to have agreed on a symmetric key Encrypt uses this key Verify using appropriate certificates Request & response same as before S5 - Overlapping Signatures There are two signatures where one signature overlaps the other. No encryption Response not encrypted S6 Encrypt and Sign Request Body encrypted and signed Response Body encrypted and signed. Encryption and signature keys reversed. S7 Signed token Request body signed and encrypted Signature also protects token by means of enclosed STR security de-reference transform Signature over both encrypted token and body Response body signed and encrypted with key reversed. Discussion of the X.509 profile with respect to the interop. Concern that it doesnt conform to the Interop scenario. Phillip took an action item to revise the X.509 profile to make it compatible with the interop Tim concerned that progress in X.509 profile is not sufficient for the interop Jerry X.509 doesnt conform to Interop scenario. Tim X.509 doesnt include transform. How to do encryption on X.509 not fully defined Tim havent decided if or when to use the transform Decryption transform is questionable All Profiles must say key identifier is not used or, if used, which one used. Specify the key and certificate. Can be optional as long as each profile has a default Jerry In the X.509, the signature must be validated using a DN name. Need to add the possible use of a token reference Rev of core is also needed on decryption transform. This item is in the issues list. Question about the WSDL for the interop. Hal Copied the latest WSDL from the last interop document. If there is any problem with that WSDL let him know. Issues 31 Open: Being worked at Oasis level 62 Text added Closed 69 Closed: All profiles now call out how Key Identifiers are used. 74 Closed 82 Open 90 Closed 99 Closed: Profiles must define what value is implied if specific value is not specified. (*New issue) 104 Closed: Text added 105 - Closed 109 Closed Text added 113 - Closed Text added 115 Pending Phil to make edit 120 Pending: Editor to post update to Username Profile 121 Pending: Editor to post update to Username Profile 122 Pending: Editor to post update to Username Profile 123 Pending: Editor to post update to Username Profile 124 Pending: Editors of profile to update 125 Pending: Editor to post update to Username Profile 126 - Closed Tim Signature transform. X.509 doesnt make use of the signature transform. Merlin has defined new transform. Tim and Merlin to work on text for signing anything with STR included in it. When will next interop take place? Chris to set up private e-mail list with details. Need to send e-mail if you want to Between now and next call look at Hals interop doc. And sign up When are we ready to go to version 1 Next Call Close all V1 Issues Go for vote on Core, X.509 and Username Committee spec to begin review period Adjourn ============================================================ Attendance of Voting Members taken by Steve Anderson Gene Thurston AmberPoint Frank Siebenlist Argonne National Lab Merlin Hughes Baltimore Technologies Irving Reid Baltimore Technologies Peter Dapkus BEA Hal Lockhart BEA Symon Chang CommerceOne Thomas DeMartini ContentGuard Guillermo Lao ContentGuard TJ Pannu ContentGuard Shawn Sharp Cyclone Commerce Sam Wei Documentum Tim Moses Entrust Toshihiro Nishimura Fujitsu Jason Rouault HP Yutaka Kudo Hitachi Maryann Hondo IBM Don Flinn Individual Paul Cotton Microsoft Vijay Gajjala Microsoft Chris Kaler Microsoft Chris Kurt Microsoft John Shewchuk Microsoft Prateek Mishra Netegrity Frederick Hirsch Nokia Senthil Sengodan Nokia Ed Reed Novell Charles Knouse Oblix Steve Anderson OpenNetwork Vipin Samar Oracle Jerry Schwarz Oracle Eric Gravengaard Reactivity Andrew Nash RSA Security Martijn de Boer SAP Pete Wenzel SeeBeyond Yassir Elley Sun Microsystems Jeff Hodges Sun Microsystems Ronald Monzillo Sun Microsystems Jan Alexander Systinet Don Adams TIBCO John Weiland US Navy Phillip Hallam-Baker VeriSign Attendance of Observers or Prospective Members Derek Fu IBM Howard Melman Novell John Hughes Entegrity Membership Status Changes Rich Salz Data Power - Granted voting status after call Ganesh Vaideeswaran Documentum - Lost voting status due to inactivity Stuart King Reed Elsevier - Lost voting status due to inactivity Morten Jorgensen Vordel - Lost voting status due to inactivity
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]