Draft Minutes of June 15 WSS TC meeting (will repost with roll call whenavailable)

[Paula K Austel <pka@us.ibm.com>]

Minutes of June 15 WSS TC meeting
Paula Austel,IBM recording minutes

1. Call to order, roll call
Steve Anderson did Roll Call:
Attendance of voting members
<add roll call information here>

2. Reading/approving minutes of last meeting (June 1st)
Meeting minutes approved. 

3. CD Vote on "REL Token Profile" results. 
Kelvin reviewed results.
There were questions about whether the vote closed
early. Kelvin checked with Karl Best and he didn't see any problems. OASIS
staff believes the tool is working. Reflector seems to be working slowly.
Voting results were:
44 yes, 1 no, 2 abstain
47/61 voted
44 is more than required 2/3
Vote passed. 
We now have a committee draft, need to get the draft
circulating more widely. 
Hal: Need a vote to go to public review. Should we
wait for SAML profile to be ready? 
Review SAML interop first before making decision about
public drafts.
Paul Cotton: Since REL is a committee draft he has
sent document to WS-I BSP to review. Working group would prefer that TC
does not wait for SAML profile before approving this for public comment.

Hal: Document is already public (unlike WS-I) but
public review is a separate issue. 
Rob: Easier to get vote if we batch documents together.
Kelvin: We might confuse people if we have too many
small releases.
Wait 2 weeks to decide on making REL profile available
for public review (document is already public and can be viewed by non-TC
members)
Paul Cotton: Would like to see public review period
soon.   

4. SAML interop status 
Results posted to the list: http://lists.oasis-open.org/archives/wss/200406/msg00044.html
Chris: Vijay is traveling but looks like interop was
great success. Almost everything worked. We have 3 vendors with implementations
that are interoping. We seem to be ready for a vote on a committee draft
for SAML.
Kelvin: are there still some concerns listed in email
or have they all been addressed.
Ron: There are some issues that reflect on core document.
Value type for encoding. In SAML profile Value type is string encoded.
Core requires base64 encoding. Incompatibility there. Core doesn't offer
enough options. Would prefer not to change the SAML profile. This refers
to the KeyIdentifier inside a security token reference. 
Hal: Inconsistencies between X509 token profile and
mandates of core spec. Unambiguous reference to a token. If we are looking
at revisions to SAML profile then we should reconsider X509 profile too.

ACTION: Open a new issue to handle this. 
Paula/Tony: There are some outstanding issues from
IBM that need to be posted to the list. Interop took 3 weeks and some issues
are still being resovled. 
Rich: All problems that came up in interop have been
dealt with. Would like to understand the issues from IBM.
ACTION: All interop issues that have not been
addressed MUST be posted to the list by end of day next Tuesday (June 22).



5. Errata status and review 
The errata was lost and is being reconstructed.
6. Status of other profiles (SAML, XrML, Kerberos) 
Alan Geller has volunteered to take over the Kerberos
interop.
7. Issues list review  
Issue 277: 
Issue 283 post:
http://lists.oasis-open.org/archives/wss/200406/msg00028.html
Hal 277 and 283 are the same issue. Close them both.

Issue 282 (Password based key derviation): (Hal) need
to provide more detailed text. No objections to current proposal. 
Issue 285: (Attachments Profile - Frederick) New draft
of transform document. http://www.oasis-open.org/apps/org/workgroup/wss/download.php/7236/wss-swa-profile-1.0-draft-04-diff.pdf
Added new transforms and incorporated comments so
far. People should review the draft. Need to move this forward as a profile.

Mike: Not sure about insertion and deletion - how
does the new transform effect that? If I sign every part, I have the same
protection. The new transform protects reordering. 
Frederick: we should look at the draft. 

8. Discussion of attachments proposal
Martin G.: XML encryption intended for XML data. When
we use this for binary data should there be a warning that data should
not be parsed after it has been decrypted? 
Frederick: Issue of content ID and content location.
Should you decouple canonicalization from transform?

Frederick: mime canonicalization versus xml canoncalization
- we should take this discussion to the list. 
9 . Pending OASIS public events & demo opportunities (FYI and discussion)
[2] 
10 . Other business 
11 . Adjournment
At 11:00am 



----------------------------------------------------------
Paula K. Austel
Web Services Security
IBM T.J. Watson Research Center
(914)784-5025
Tieline 863-5025