minutes 1/27

[Maryann Hondo <mhondo@us.ibm.com>]

minutes 1/27

Agenda 

1.        Call to order, roll call 
2.        Reading/approving minutes of last meeting
(Jan 13th) [1] 
3.        Ballot results [2] and next steps
4.        Status of other documents (Editors/all) 
5.        Issues list status/review
6.        Status of other profiles/interop planning
etc          
7.        Other business 
8.        Adjournment 

#1Attendance
of Voting Members
  Gene Thurston AmberPoint
  Frank Siebenlist Argonne National Lab
  Merlin Hughes Betrusted
  Hal Lockhart BEA
  Symon Chang CommerceOne
  Guillermo Lao ContentGuard
  TJ Pannu ContentGuard
  Sam Wei Documentum
  John Hughes Entegrity
  Tim Moses Entrust
  Toshihiro Nishimura Fujitsu
  Kefeng Chen GeoTrust
  Yutaka Kudo Hitachi
  Paula Austel IBM
  Maryann Hondo IBM
  Kelvin Lawrence IBM
  Anthony Nadalin IBM
  Ron Williams IBM
  Don Flinn Individual
  Paul Cotton Microsoft
  Vijay Gajjala Microsoft
  Chris Kaler Microsoft
  Ellen McDermott Microsoft
  John Shewchuk Microsoft
  Richard Levinson Netegrity
  Frederick Hirsch Nokia
  Abbie Barbir Nortel
  Charles Knouse Oblix
  Steve Anderson OpenNetwork
  Vipin Samar Oracle
  Jerry Schwarz Oracle
  Eric Gravengaard Reactivity
  Ben Hammond RSA Security
  Andrew Nash RSA Security
  Rob Philpott RSA Security
  Martijn de Boer SAP
  Blake Dournaee Sarvega
  Coumara Radja Sarvega
  Pete Wenzel SeeBeyond
  Yassir Elley Sun Microsystems
  Jeff Hodges Sun Microsystems
  Ronald Monzillo Sun Microsystems
  Jan Alexander Systinet
  John Weiland US Navy
  Phillip Hallam-Baker VeriSign
  
  
Attendance of Prospective Members or Observers
  Mike McIntosh IBM
  Alan Geller Microsoft

Membership Status Changes
  Ramana Turlapati Oracle - Granted voting status after 1/27/2004
call
  Alan Geller Microsoft - Requested membership 1/13/2004
  Joe Barbush Novell - Requested membership 1/21/2004
  Senthil Sengodan Nokia - Lost prospective status 1/27/2004
  Tim Alsop CyberSafe - Lost prospective status 1/27/2004
  cyc cyc IBM - Lost prospective status 1/27/2004
  Eleanor Robinson Individual - Lost prospective status 1/27/2004
  John Shewchuk Microsoft - Returned from LOA 1/27/2004

42 of 58 quorum achieved
#2
Chris:
        accepting
the minutes?
        no
objections
#3
Kelvin:
        rundown
on the vote
        mail
went to the list
        2
ballots
         
     1st)
         
      required 2/3 no more than 1/4 against  ....54-0

         
      that one is passed
         
     2nd) 
         
      required a majority 
         
      30 is the bar
         
      37 is a majority
         
      so that passed as well

Chris asked for any other comments on
the ballots  (agenda item #3) before we proceed
no comment

What's next (agenda item #3)

What's missing from the checklist?
Kelvin has started and will share with
the list......there are 10 stages that the TC chairs have to prepare text
on

• SPEC with right name,
• text on what spec is about, summary of how this works with other standards,
• need 3 orgs saying they have successfully used the spec [has received 3, others can be added if anyone wants to] within the IPR policy,
•  provide commentary on disposition of the public review period [Chris has pulled together a summary of the issues & their disposition],
•  summarize the ballots for committee draft
•  previous attempts to standardize documented (none that we are aware of)
•  pointer to comments archive
• statement from chairs that everyone has received the IPR policy
•  pointers to ballots and comments

(missing one)

earliest to submit would be the 15th
of Feb.
Kelvin will send proposed text  for
the process doc to list first

ACTION:
Kelvin ....to send pointer to IPR policy
to list

Rob:
The chairs are expected to make sure
that everyone has been notified of the policy......
what I did was send a note  to
the list and pointing to the ipr policy

Kelvin:
     Did that.
     look at the TC home
page, any claims are there
    if anyone has any additional
IP claims they need to make a declaration

Chris:
 ...called for IP again....no response

#4
Updates from the editors:
        Ron:
         
      was not able to provide a diff .....not a
MS word expert...provided a new doc
         
      primary change was to change znames to URIs
         
      in security token ref, had been relying on
elements defined by SAML ......needed to convey that information
         
      switched from direct references to key identifier
references
         
      updated all the examples to be consistent
         
      would like to do a pdf diff to localize the
changes in this revision....didn't turn out as well as hoped....still trying

         
      Rich Levinson comment on security token dereference
transfer when doing  sender vouches 

Yasir 
we should be looking into interop

Chris :
 yes thats agenda item 6

Ron:
question on Kerberos profile
is there another profile?
Tony: 
 where did you see it? not on this list...there is only one here
Ron: 
is there a relationship with the one
submitted outside?
Tony.
not an overlap
Ron,
having two documents is confusing
can you define the difference
Tony,
shouldn't be confusing ....not submitting
the other document to this TC
Ron,
I will raise the issues on the list....maybe
you can clarify the overlaps

Paul
it would help BSP in WS-I if you guys
had a schedule for these other profiles

Chris
noted
Kelvin and I are trying to get the paperwork
filed and then move on to get these done as soon as possible,
Kerberos and xrml are moving along and
with all Ron's changes, SAML looks like its moving too

Paul
WSI can't move to a public sched until
you do

Chris
any other comments?

# 5
VJ published a new doc 
comments from nishimura, updated the
issues list with closed items, saml ones pending, 

Chris  
#234
to Ron......version issue ... which
version of SAML
Ron,
i can say that the document describes
how to use SAML 1.0 and 1.1 it doesn't include specific requirements 
Chris,
Can you look at it and see if it can
be closed?

#242
update saml profile to use new URL?
Closed

#243 
update XRML
closed

#245 
rename to follow naming conventions
closed

#249 
closed 
non global attributes does not support
element extensibility....
SAML has a work around
should schema support mixed content....

ACTION: open a new  issue
this aspect should be remembered 
should be a way to extend key identifiers
but maybe it should be a different kind of key identifier 
allow structured sub content

#250
Ron,  found when identifying a
new reference type
leave open
need a discussion on the list

#251
leave open

key identifier value types and direct
reference value types in schema have slightly different semantics
core relative, and others are token
profile relative 
one issue on consistency.....
could be confusion in future ...need
guidelines about  trying to create value types that are profile version
specific URIs


#252, #253 closed
trivial editorial bugs

Chris,
put in errata
should we begin a "next"?

Tony,
rolling in edits on the list?
Chris
collect errors
start a next version and start fixing
the editorial bugs there
Tony,
what's your timeframe?
Chris,
we're going to be finding errors, should
we track in errata and then roll them in?

Paul,
there is no OASIS policy on the errata
collection...and I'm a little concerned about that
it would not affect my vote, we need
not only a v-next, but we need to be able to have someone be able to 
look at the original and the v-next
and be able to see both....
prefer the front matter have a pointer
that says ....for information on errata see....

Hal
need a distinction between errata and
new features

ACTION
Chris & Kelvin, find out about  OASIS
policy on errata

Paul,
there is no policy, I have checked 
Hal,
several TC's have ignored that
Paul,
we need (as a continuing TC) to track
this....at an absolute minimum

ACTION:
Editors will collect errata
TC  will determine how to deal
with it 

Don,
how do you connect it with the version?

Rob
we put a link on the web site pointing
to it

Kelvin
asked staff yesterday, typos should
be published in an errata doc
normative stuff that needs to change,
this needs to be a committee draft 

Bob Morgan,
not start on a 1.next until the committed
decides to do that

Chris,
dispose of #252,253, #255
have editors capture those in a running
errata doc

any objections?
no taken as unanimous consent.

#254
soap message normalization may be used
as a transform should be a canonicalization
this is also errata

252-255 should be closed

Ron,
question on embedded references 
core spec requires the specification
of a canonicalization algorithm .....

Merlin,
not sure what the purpose of embedded
is
on transform, rather not introduce that
linkage and its better to be explicit rather than implicit
common practice is to be fixed
but good practice is explicit 

Ron,
wanted to understand this...when you
specify the transform we chose to specify that you must specify alg.
embedded helps when you can't put ids
on soap instances....you can wrap them in the STR
Hal,
is there agreement that if you have
an embedded you will get the same result?
Merlin, 
you will get a different result 
Ron,
but the security properties are the
same

str transform strips the str
what about attributes?
embedded result ....  is the element
content of the embedded

Hal, the purpose of embedded was to
let us hang the usage attribute on a token...we should explicitly use the
str transform when you are using the embedded
in any case with the str transform you
are not covering the usage attribute
you need another transform to get the
signature over the usage attribute

Jerry,
it doesn't hurt to sign the same content
twice
when you sign an STR you are also signing
the sub-elements 
Ron,
I found this confusing....what happens
with embedded.....
Hal,
to create a simpler rule
better practice always use the transform
and if you have attributes sign it separately without the transform
Ron,
doesn't answer the question of why to
use the transform on the embedded.
should be clarification in the text

what to do if you want to sign the attributes?

ACTION:  New Issue:
STR attributes are not protected
or does the transform need to be modified?
that would be simplest
transform decides what the input is
to the digest


VJ there are some more issues that we
will get to on the next call

Item #6
Chris:
status of other profiles and interops

gotten pings from people, were not able
to participate in earlier events but are ready now
can we run the original 7 (virtual)
again 
there are 3 potential interops (SAML,
XRML, core) could run simultaneously

(?) using the new schema?
yes, (Chris) we always use the newest
schema

People please send mail who would like
to participate, when and what ......

Hal,
can someone create an interop doc for
Kerberos?
Chris,
Was that Hal volunteering?

Action:
Tony & Hal to develop  a Kerberos
scenario

Hal,
would like input ...what do people want
to do with Kerberos?



Kelvin:
other business
everyone should have seen that OASIS
is holding a symposium....do we want as a TC to meet there.
OASIS would like groups to come....how
many people will be there anyway for other TC items

Paul
What are the dates? 

Pete,
mid-Apil 26-29
TC meeting rooms available on 28 &
29th

Paul,
asking 58 members if they want to do
an interop doesn't get you the answers you want
pick a date and then you will get the
response, unless we have a concrete proposal in two weeks we'll be at the
same point

Chris
ACTION
proposal on interop

Kelvin,
Any other business?

Rich Levinson
item #6 
based on saml profile updates need to
update the saml interop doc ...will do that this week