[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for WSS conf call, 2003-11-04
Sorry for the delay. - RL "Bob" --- Minutes for OASIS WSS-TC conference call, Tuesday 04 November 2003 Scribe: RL "Bob" Morgan Summary: * Minutes from previous call (2003-10-21) accepted unanimously * no other votes * major issues discussed: domain attribute in UsernameToken SOAP 1.1 vs 1.2 SOAP mustUnderstand SOAP message normalization Agenda: 1. roll call: attendance at end of this note, quorum achieved 2. review/approve minutes from previous call (2003-10-21) [VOTE] approved, unanimous consent 3. Public Review status/ status of document updates / next steps core and username token documents (Tony Nadalin): target date of 11/15 for docs ready for review both core and username token Kelvin: still owes TC proposal on namespaces X.509 token doc (Kelvin): new document posted, status not clear Phill Hallam-Baker not on call SAML token doc (Ron Monzillo) some discussion on list ... SAML interop spec posted (Rich Levinson) Hal: ask for consideration of "value type" comment from Dave Orchard as new issue 4. Issues list review [31] Kelvin still to provide proposal [127] Hal to provide non-normative text on non-visible namespaces Hal: text provided on list a couple of months ago he will dig up message reference, incorporate comments from Merlin [133] changes accepted, editors to make changes [134] closed based on Merlin's rec [135] will be addressed by proposal re issue 31 [136] remains pending [137] PasswordDigest in username profile, nonce first or last Hal: appeared to be resolved via list discussion no technical change required, perhaps take text as rationale Hal will propose text [138] - [162] remain pending waiting on editors to incorporate some may have been incorporated into X.509, don't know yet [169] replay token to different receiver Jerry made posting re including domain in hash Hal: if domain is part of username (eg foo@bar) then it's already included Jerry: but user wouldn't add it Hal: but client has to know it, and would add it Hal: if it's included, should be element, not attribute Hal: proposed text taken from WS-I document TC instructed to review messages and consider issue [171] - [172] remain pending waiting on editors to incorporate [173] SOAP 1.1 vs 1.2 terminology Hal: plan has been to (a) support all SOAP versions; (b) have normative text and examples be 1.1; (c) Hal will create appendix about changes required for 1.2; but is this will of TC? biggest problem is Dsig apparently being undefined for SOAP 1.2 Dave Orchard suggested possible approaches in msg Bob: is it that Dsig can't be used with SOAP 1.2? Rich: it is possible to create 1.2 messages that can't be signed because they have no non-Infoset serialization Rich: section 5 of core would have to be rewritten make clear that 1.2 can be used with XML 1.0 serialization (long discussion of mustUnderstand issue) how to resolve? ask OASIS TAB for guidance that would apply across many TCs? yes, but need to make progress more quickly participants will summarize positions to the list Hal: please make issue 190 Open rather than Pending Kelvin: OK Kelvin: 173 will remain Open, will cover both editorial and tech issues [196] QNames and URIs TC: read W3C document on this topic, consider its implications [200] normalization and intermediaries and signature breakage Hal: should recommend new transform (SOAP message normalization) may not need it in case of security token reference Rich: yes, need this normalization in various cases Hal: but this is an untested normalization, introduced at last minute ... Ron: is this related to 1.2, since it's an Infoset norm? Hal: should make supporting both 1.1 and 1.2 easier [206] multiple encryptions and ordering Hal: approach is agreed on, just have to make text clear probably general cleanup needed in doc about processing rules/order [217] awaiting proposal from Jerry, Kelvin will check [233] security considerations improvements Paula: working with Tony on draft [234] SAML ... Ron will update Irving: back to [190] ... made posting at end of October proposing handling of mustUnderstand encourage TC to read and consider another question: in absence of mU, can implementation handle only part of an extension, or must it implement the whole thing Bob: a new Issue? Irving: part of defining mU ... 5. Other business Rich L re SAML interop doc need to agree on high-level objectives of scenarios may lead to layering of scenarios, simple, signed, SSL, etc (more discussion of signing and SSL) testing of SSL may not be important for interop ... Ron: use of authn assertions/statements may not be that useful Hal: note that current issues list is not clear enough about dispositions of issues Kelvin: yes, will go thru and do that 6. Adjournment ---------------------------------------------------------------------- Attendance of Voting Members: Gene Thurston AmberPoint Frank Siebenlist Argonne National Lab Merlin Hughes Baltimore Technologies Peter Dapkus BEA Hal Lockhart BEA Thomas DeMartini ContentGuard Guillermo Lao ContentGuard TJ Pannu ContentGuard Sam Wei Documentum John Hughes Entegrity Tim Moses Entrust Toshihiro Nishimura Fujitsu Irving Reid HP Jason Rouault HP Yutaka Kudo Hitachi Derek Fu IBM Kelvin Lawrence IBM Anthony Nadalin IBM Nataraj Nagaratnam IBM Ron Williams IBM Don Flinn Individual Bob Morgan Individual Paul Cotton Microsoft Vijay Gajjala Microsoft Ellen McDermott Microsoft Prateek Mishra Netegrity Frederick Hirsch Nokia Abbie Barbir Nortel Lloyd Burch Novell Ed Reed Novell Charles Knouse Oblix Vipin Samar Oracle Jerry Schwarz Oracle Eric Gravengaard Reactivity Rob Philpott RSA Security Martijn de Boer SAP Pete Wenzel SeeBeyond Yassir Elley Sun Microsystems Jeff Hodges Sun Microsystems Ronald Monzillo Sun Microsystems Jan Alexander Systinet Don Adams TIBCO John Weiland US Navy Attendance of Prospective Members or Observers Coumara Radja Sarvega Kefeng Chen GeoTrust Blake Dournaee Sarvega Richard Levinson Netegrity Davanum Srinivas CA Paula Austel IBM David Orchard BEA Systems Chris Ferris IBM Membership status changes Coumara Radja Sarvega - Granted voting status after 11/4/2003 call Kefeng Chen GeoTrust - Granted voting status after 11/4/2003 call Jonathan Tourzan Sony - Lost voting status after 11/4/2003 call Andrew Nash RSA Security - Lost voting status after 11/4/2003 call
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]