OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: 2 Nov 04 Minutes V2, with attendance info


Minutes for 2 Nov 2004 WSS call, v2

Minutes taken by Frederick Hirsch
Changes - added link for SwA interop results email, attendance info, added Ramana Turlapati  for SwA issues action item.

Call Date: Tuesday, 02 November 2004
Time: 07:00am - 09:00am Pacific Time

Our thanks to Lockheed Martin for sponsoring this call

Agenda:

1. Call to order, roll call

Quorum reached.

2. Reading/approving minutes of last meeting (19th October 2004) http://www.oasis-open.org/archives/wss/200410/msg00066.html <http://www.oasis-open.org/archives/wss/200410/msg00066.html>

Reposted with attendance list. Minutes approved without objection.

* Tony Updates on 1.1 proposals/edits, issue list review

Errata status - all further updates to 1.1, not errata. Errata complete today.

282 - updated in 1.1 document,

298 - made change in 1.1 in section 7.1 to clarify Hal's text

309 - did not see issue in core, need clarification on this, need pointer to exact problem

84 - review text - cases where transform is not needed, do not want to require use of transform always.

103 - updated in 1.1

310 - updated in 1.1

315 - changed in 1.1

Kelvin - Is 1.1 doc posted?

Tony - Not yet, will post soon. Will be merged with VJ's changes.

Tony requests clarification on 309.

Hal offers to provide clarification on issue 309.

Hal will review 84.

3. Standard submission status

Announcement went out for standardization for two profiles. Karl is leaving OASIS end of this week, Mary McCrae is new staff contact.

4. Errata status

Discussed in Tony update.

5. Other document status (SwA, Kerberos, 1.1 proposals/edits)

Frederick - SwA profile 13 draft out last week, minor changes. Please give feedback http://www.oasis-open.org/archives/wss/200410/msg00068.html <http://www.oasis-open.org/archives/wss/200410/msg00068.html>

VJ Resolution text for issues 317, 318, 319 rolled into 1.1, already posted, Tony incorporating in newest 1.1 draft

Kerberos interop will be handled by Gudge, please send comments on scenarios document.

Ron - where are updates for each issue?

VJ - each is marked

Ron - which change bar for which issue

VJ - should be clear, issues are distinct

6. Issue list review

Issue list Number 52,

http://www.oasis-open.org/apps/org/workgroup/wss/download.php/9897/wss-i <http://www.oasis-open.org/apps/org/workgroup/wss/download.php/9897/wss-i>

ssues-52.htm

84 - Hal/Tony to follow up

250 - Ron sent email:

http://www.oasis-open.org/archives/wss/200411/msg00005.html <http://www.oasis-open.org/archives/wss/200411/msg00005.html>

Proposal: Two different attributes - one to type token, other for type reference. Also change name of ValueType Please review before next meeting

263 - still open - Gudge action item

271 - Looking for someone to follow-up on this issue Hal can encode domain in username, even though not standard. To do completely would be difficult Ron asks if member of Wells-Fargo in TC?

Kelvin - No

Marked as closed, not that username can include other attributes if needed.

282, 298, - Tony updated, leave marked as pending, people should review update when Tony sends update to list

309 - Tony needs help finding issue in core.

Token profile editors should review other token profiles to determine if any action is required.

310 - pending, VJ sent out, needs review and feedback Ron - should this issue be on X.509 token profile VJ - we had discussed having this in core as a general mechanism

315 - Tony updated, pending, needs review and feedback

317 - open

Hal - leave open, sent email regarding this.

http://www.oasis-open.org/archives/wss/200410/msg00069.html <http://www.oasis-open.org/archives/wss/200410/msg00069.html>

Requires further discussion on list

AI - Hal and VJ to discuss and propose text

318, 319 - pending, VJ sent out, needs review and feedback

330 - leave pending, editorial changes to be incorporated by editors

331, 332 - open, assign to editors (Tony)

333 closed

Resolved in both scenarios and SwA profile.

334 open, Ron to propose text before next WSS call (16 Nov)

Ron sent message -

http://www.oasis-open.org/archives/wss/200411/msg00003.html <http://www.oasis-open.org/archives/wss/200411/msg00003.html>

Proposal is to anticipate SAML 2.0 attribute by adding another AssertionID, which has different namespace.

Should add both for SAML 1.1 and SAML 2.0.

Ron - proposed as errata for 1.1

Paul - ok with that, but not earlier

Already agreed to add 1.1 attribute, now deciding whether to add 2.0 as well. Ron draft specific text to enable vote on this.

336 - closed

Frederick - Changed in draft 13 of SwA profile.

337 - closed

Addressed in scenarios document

338 - open

WSS Templates proposal

Hal - define set of specific message exchanges to be reviewed for security issues.

Would like TC to accept this as work item

Frederick - is this a charter change

Hal - completely consistent, yet charter lists deliverables, so might need to change list of deliverables for charter.

Paul Cotton - looked at minutes of first F2F, made list of other possible deliverables, decided on concrete deliverables for TC, amended charter, charter specifies only normative deliverables, others were postponed. Not clear whether this requires charter change, but perhaps intent was to limit charter to normative deliverables

Hal - this proposed work is non-normative

Paul - question about adding work to work plan until other work is done, concern about slowing 1.1 work impacting WS-I Basic Security Profile work. Additional issue of transition to new IPR policy, prefer completion of technical work before transition. Not in scope of charter right now, concerned about IPR.

Kelvin - decision of TC, yet need to determine priorities, including profiles to complete

Hal - not sure what is holding up Minimalist profile. Kerberos and SwA are almost done, in interop. Concerned about risks regarding insecure applications.

Ron - do this in context of existing profiles, which describe their vulnerabilities already, are we already doing this?

Frederick - questions similarity to WS-I Basic Security Profile scenarios document

Hal - related but does not profile detailed templates for message content, more detailed level of detail.

Have produced draft.

Don Flynn - Sounds like non-normative primer.

Hal - template should only work on completed work, but yes resourcing might be an issue.

Don - should be separate document, not hold up other work.

Hal - looking for resolution whether it should be done in this TC

John Weiland - ebXML is doing something similar?

Hal - less specific, and more high level. Could be good source of requirements

Ron - Why profiling efforts that are already occurring isn't useful

Hal - concern is that engineers don't have enough guidance

Ron - asked whether BSP profiles completed

Hal - WS-I focus has been on interoperability

Ron - questions whether profiles are template activity or need for independent activity

Don - possible interactions among profiles

Hal - clarify WSS Profiles and WS-I basic security profile (BSP)

Ron - thought BSP was mapping security to exchange pattern

Frederick - WS-I security scenarios document

Hal - not as much detail, not on current WS-I BSP plan.

Hal - propose we discuss on next WSS call

Issue still open, TC members need to review and discuss with colleagues, need to decide at later meeting

Paul - Microsoft will need more than 2 weeks Frederick - agree that time is needed for review

Kelvin - Hal will work on it, answer questions

Hal - any objection to Hal continuing work, posting material to list

Paul - no objection

Kelvin - using list for discussion is ok, as long as consistent with IPR policy

339 - open,

http://lists.oasis-open.org/archives/wss/200410/msg00067.html <http://lists.oasis-open.org/archives/wss/200410/msg00067.html>

Proposal to add pkipath reference for X.509 token profile 1.1, not an errata item. URL and copy of document to create reference were provided in email.

Action item on editors to update X.509 token profile.

7. SwA interop summary

Blake - 4 participants, Actional, Sun, IBM, Oracle participated. 4 scenarios, interop for 1st three, last scenarios added later so not everyone could implement.

Send summary to list:
http://www.oasis-open.org/archives/wss/200411/msg00007.html

Sent issues list:

http://www.oasis-open.org/archives/wss/200411/msg00004.html <http://www.oasis-open.org/archives/wss/200411/msg00004.html>

Frederick - Action item to send mail listing issues and impact related to SwA profile.

Maneesh from Actional noted some issues,

Ramana Turlapati  - Action item to post to list these issues


8. Interop planning status (SwA2, Kerberos)

SwA2 - Scheduled for 15 Nov for second interop

Gudge - Scenarios document to list, please post comments and corrections to list. Gudge is running interop.

9. Other business

None

10. Adjournment

Adjourned.
---

Attendance of Voting Members

  Gene Thurston AmberPoint
  Frank Siebenlist Argonne National Lab
  Hal Lockhart BEA
  Corinna Witt BEA
  Merlin Hughes Betrusted
  Chong-Jen Hsu CommerceOne
  Thomas DeMartini ContentGuard
  Guillermo Lao ContentGuard
  Sam Wei Documentum
  Tim Moses Entrust
  Dana Kaufman Forum Systems
  Toshihiro Nishimura Fujitsu
  Kefeng Chen GeoTrust
  Irving Reid HP
  Kojiro Nakayama Hitachi
  Paula Austel IBM
  Maryann Hondo IBM
  Kelvin Lawrence IBM
  Mike McIntosh IBM
  Anthony Nadalin IBM
  Ron Williams IBM
  Bob Morgan Internet2
  Kate Cherry Lockheed Martin
  Paul Cotton Microsoft
  Vijay Gajjala Microsoft
  Chris Kaler Microsoft
  Richard Levinson Netegrity
  Prateek Mishra Netegrity
  Frederick Hirsch Nokia
  Abbie Barbir Nortel
  Lloyd Burch Novell
  Steve Anderson OpenNetwork
  Vamsi Motukuru Oracle
  Ramana Turlapati Oracle
  Ben Hammond RSA Security
  Martijn de Boer SAP
  Blake Dournaee Sarvega
  Coumara Radja Sarvega
  Pete Wenzel SeeBeyond
  Jeff Hodges Sun Microsystems
  Ronald Monzillo Sun Microsystems
  Jan Alexander Systinet
  Symon Chang TIBCO
  John Weiland US Navy
  Phillip Hallam-Baker VeriSign
  Maneesh Sahu Westbridge Technology

Attendance of Prospective Members or Observers

  Martin Gudgin Microsoft
  Ramanathan Krishnamurthy IONA
  Don Flinn Individual

Membership Status Changes

  Ramanathan Krishnamurthy IONA Requested membership 10/19/2004
  Alan Geller (formerly) Microsoft LOA 10/26 - 12/10
  Davanum Srinivas CA Granted voting status after 11/2/2004 call
  Nataraj Nagaratnam IBM Lost voting status after 11/2/2004 call
  Carolina Canales-Valenzuela Ericsson Lost prospective status after 11/2/2004 call

--------------





[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]