[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: OASIS WS-Security TC Minutes, April 6th, 2004
Agenda 1. Call to order, roll call 2. Reading / approving minutes of last meeting (March 30, 2004) 3. OASIS vote on spec 4. Issues list review 5. Interops 6. Other business 7. Adjournment 1. meeting was called to order 10:25 AM, Kelvin Lawrence and Chris Kaler were in the Chair. John R. Weiland, US Navy, acted as recording secretary for this meeting. Steve Anderson did Roll Call: Attendance of voting members 48 out of 58 in attendance, quorum achieved. Attendance of Voting Members Merlin Hughes Betrusted Hal Lockhart BEA Symon Chang CommerceOne Davanum Srinivas CA Thomas DeMartini ContentGuard Guillermo Lao ContentGuard TJ Pannu ContentGuard Sam Wei Documentum John Hughes Entegrity Tim Moses Entrust Toshihiro Nishimura Fujitsu Kefeng Chen GeoTrust Irving Reid HP Jason Rouault HP Yutaka Kudo Hitachi Paula Austel IBM Derek Fu IBM Maryann Hondo IBM Kelvin Lawrence IBM Mike McIntosh IBM Anthony Nadalin IBM Nataraj Nagaratnam IBM Ron Williams IBM Don Flinn Individual Bob Morgan Individual Paul Cotton Microsoft Vijay Gajjala Microsoft Alan Geller Microsoft Chris Kaler Microsoft Ellen McDermott Microsoft John Shewchuk Microsoft Richard Levinson Netegrity Prateek Mishra Netegrity Frederick Hirsch Nokia Abbie Barbir Nortel Lloyd Burch Novell Charles Knouse Oblix Steve Anderson OpenNetwork Ramana Turlapati Oracle Ben Hammond RSA Security Andrew Nash RSA Security Martijn de Boer SAP Blake Dournaee Sarvega Coumara Radja Sarvega Pete Wenzel SeeBeyond Yassir Elley Sun Microsystems Jeff Hodges Sun Microsystems Ronald Monzillo Sun Microsystems Jan Alexander Systinet John Weiland US Navy Attendance of Prospective Members and Observers Maneesh Sahu Westbridge Technology Steven Lewis Booz Allen Hamilton Corinna Witt BEA Don Adams TIBCO Membership Status Changes Senthil Sengodan Nokia - Granted voting status after 4/6/2004 concall -- Steve Anderson OpenNetwork Meeting was delayed due to *7 pressed in error which locks the conference call, members were routed to sub conference and then combined when problem was remedied. Roll to be called again at end of meeting to register those who were unable to gain admittance to the conference in a timely manner. 2. Reading and approving March 30, 2004 minutes. Minutes accepted unanimously with no objections. 3. Kelvin Lawrence addressed agenda item 3, to discuss the vote and hopefully close the one loose end on the vote. Vote closed March 31, 2004 official results are as follows: 364 members 77 yes 1 no 22% of total, characterized as Pretty good results for an OASIS member vote for a specification with such a diverse nature. The order of business this morning is to address the no vote. OASIS procedures state if there are any no votes, the OASIS staff will contact the TC chairs which Karl Best has done. The TC is asked to take a position and communicate back to the staff. We are asked to look at the ballot, understand the no vote and then get back to OASIS staff with our position. This should not be too difficult because emails we have seen from Yutaka Kudo (Hitachi) has clarified quite a bit his position. Kelvin thought that Mr. Kudo's email stated that his intent was not to hold up the vote, but to make a point of some things that need to get clarified as soon as possible. Mr. Kudo confirmed this, and mentioned his issues with the URI in the spec document particularly the URI for the type attribute such as value type and encoding type attribute. The URIs are in the form of URI fragments but the base URI for these fragments are not clear. During the 3rd interop testing some company's implementations failed to operate due to misunderstanding of URI value. Mr. Kudo wishes to discuss this because it is an important issue in the specification. Kelvin confirms Mr. Kudo's intention not to hold up the spec and called on the TC to decide how we will formally take a position. Kelvin suggests a motion that we write the OASIS staff we plan for the spec to proceed as is and address the issue in errata. Kelvin asks for a motion. Hal Lockhart so moved, Irving Reid seconds. Hal suggests the wording that the TC votes to accept the specifications as an OASIS standard. Irving states that we should inform OASIS that we will address the issues as errata, Hal agreed. Definition, or statement was clarified as informing OASIS that the TC has voted to move forward with publication and the issue addressed in errata and incorporated in subsequent versions. Chris confirms that a motion is on the floor, Kelvin asks for anyone who missed the original roll call to speak up to be counted in the vote. Irving Reid asks whether the definition should be more precise, and include exactly what our response is. Hal brings up comments on ballot that only voting members can see. (he attempts to find them but later we find that the comments accompany yes votes and also get included in errata). Kelvin states the no vote on the ballot did not contain comments, he approached the Hitachi representative to clarify as did Karl Best. Kelvin intends to inform the OASIS staff: 1. That we proceed with publication of the spec. 2. TC will do something with spec update in future or errata and work on the issues raised. 3. Discussed the issue with the representative and ensure his issues are addressed in the appropriate manner. Vote is called. Quorum is confirmed. Kelvin asks for objections, no response. Carried unanimously, no objections made. Kelvin proposed to raise this in issues list. Ron Monzillo states "Kudo - san's email has a concrete proposal of how to deal with this and that it be pasted into issues list." Hal then finds the comments that were from Wells Fargo, accompanying a yes vote. Chris Kaler mentions that Karl Best had indicated a change about errata. The OASIS staff does not want the errata in the document, but are perfectly fine with front page of the final spec having a statement about non-normative errata and providing a URL. Chris Kaler asks the editors to provide a quick update on the compilation of the errata: Tony has errata compiled, but needs to understand when all errata will be compiled for publishing once. A formal document, rather than a list of items, takes a couple of days. Are there other issues that we need to close prior to publishing? Paul Cotton asks Tony if he proposes batching of errata rather than a one by one basis. Tony asks before pushing out what our decisions will be. Hal proposes We ask Tony to assemble the current errata to a document and vote to accept it after being posted to the list. Future updates can be decided. Motion Tony be directed to assemble errata into document and be voted on in two weeks. No objections, carried unanimously. Vote will not hold up release of spec. Paul Cotton suggests format used in XACML spec. Agenda item 4 - Issues list and status of other profiles. 266, 267, 268 still open. 266, 267 comments on SAML profile. Ron Monzillo will send updated profile today. 266 - Ron thought Manesh's issues were addressed in email. Manesh concurs issue closed. 267 - SAML interop document. Rich Levenson author of SAML interop document, is waiting for any new issues prior to issuing a new version. Waiting on Ron's updated SAML profile. 268 - How do we secure SOAP attachments? Martijn de Boer thought this was postponed, Chris Kaler confirms that this was postponed at the San Francisco F2F interop. Mr. De Boer has written some emails concerning this issue and thought Frederick had also. When are we going to address these issues? How should we prioritize the work? Kerberos profile will have a draft posted in the next 24 hours. When to fold in errata so we have that stuff integrated while we have it all fresh in our minds. Hal suggests chair compile list of postponed issues, the members can then prioritize them. Hal, who can see the voting members comments made in the nature of errata. The comments include doing SAML, and public comments made to list on Missed qname in x509, and incorrect reference into xml encryption. Agenda item #5 General interop final status. Great interop, final results of all test boxes, 89% - 99% passed. 1 vendor had interop problems. Endpoints still hosted, testing continues. Rich levinson requests a list of endpoints. Chris needs to keep confidential, but will compile list for interop thread. Chris will call for any additional updates to summary interop document. Vijay Gajjala gives status on XRML and SAML virtual interops. XRML will take place on the 10th of May, SAML on the 17th of May. 6 companies will do SAML, 2 will do both. Feedback requested. Other Business: TJ Pannu has a new version of the XRML document containing editorial comments, requests feedback. Ron was curious about several emails about identity assertion from the BSP, related to impersonation, identity propagation was term used. Identity propagation with username token was an item on the BSP agenda. What was the status of issue and should it be taken up in the WSS? Ramana Turlapati, from Oracle, posted issue to BSP, Jerry Schwartz had action item to address to the BSP. Ramana summarized the issue, BSP asked in absence of SAML like mechanisms can we use a simple username token to propagate identity in cases like a portal application trying to propagate to a web service. How would I use and sign a username token without a password? Should I sign it? Response from Ron Monzillo, and Mike McIntosh from IBM, was this can be done but issue was interoperability. The token would be signed in a certain way and there should be a profile for that usage. Ron thought the profile should be included in the username token binding document, Hal disagreed. Hal's point was that there are dozens, or more different kinds of ways to use the mechanisms in WSS that have no official assigned semantics one instance is binary security token used when the server is responding with encryption, the key implied by that. BSP could say there should be particular semantics, however WSS does define semantics for many mechanisms. Why do this particular one? Ron thinks we have the binding of security tokens to messages as the principle signature use in this model. Hal says we have general guidance, but have not defined when it's use is required. Ron says the issue is whether the signer is the authoritative for the message or the username identified in the token binding. Every time we bind a token we have to identify is it the binding mechanism we identifies what identities or claims bound or is it the token bound that identifies the claim. In X509, for example, to sign a message we are binding the claim, it seems to be the next natural extension to that to say we are binding claims in a token using another token. Don Flinn thought we were getting into delegation, Ron disagrees claiming impersonation. Hal agrees with Don if it is outside of web services. Ron puts forward a business intermediate model where x contacts y and uses one of our mechanisms to establish identity but y can't sign as x, so signs as itself and presents x's identity to z. The ability of the intermediate, in this case to impersonate the caller. Ramana mentions that WSRP was looking for some way to propagate identity from mid tier to WSRP portlet. That was the origination of the use case. Hal thinks that if it is wired into the spec that everyone will have to use it the same way. Ron found that hard to disagree with but sees benefit in a process that defines one security token that vouches for another. Similar to the SAML model applied to the X509 certificate. The proposal is to use the model, similar to this one, in the sender voucher profile be used in all profiles. Hal says Tony should propose the change for discussion. Kelvin proposes this be taken to the list. Chris Kaler asks for other issues. Anyone who missed the role call was asked to speak up. Kelvin will send the response to Karl Best and copy list. 1120 Chris Motions to adjourn Tony seconds. Very Respectfully, John R. Weiland Information Technology Specialist GS 2210 (APPSW) Code 38 Naval Medicine OnLine Naval Medical Information Mngmt Cntr Bldg 27 8901 Wisconsin Ave Bethesda, Md. 20889-5605 301-319-1159 JRWeiland@us.med.navy.mil http://nmo.navy.mil/ "GIVE ME A PLACE TO STAND AND I WILL MOVE THE EARTH" A remark of Archimedes quoted by Pappus of Alexandria
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]