[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: 2 Nov 04 Minutes V2, with attendance info
Minutes for 2 Nov 2004 WSS call, v2
Minutes taken by
Frederick Hirsch
Changes - added link for SwA interop results email,
attendance info, added Ramana Turlapati for SwA issues action
item.
Call Date: Tuesday, 02 November 2004
Time: 07:00am - 09:00am
Pacific Time
Our thanks to Lockheed Martin for sponsoring this
call
Agenda:
1. Call to order, roll call
Quorum
reached.
2. Reading/approving minutes of last meeting (19th October 2004)
http://www.oasis-open.org/archives/wss/200410/msg00066.html
<http://www.oasis-open.org/archives/wss/200410/msg00066.html>
Reposted
with attendance list. Minutes approved without objection.
* Tony Updates
on 1.1 proposals/edits, issue list review
Errata status - all further
updates to 1.1, not errata. Errata complete today.
282 - updated in 1.1
document,
298 - made change in 1.1 in section 7.1 to clarify Hal's
text
309 - did not see issue in core, need clarification on this, need
pointer to exact problem
84 - review text - cases where transform is not
needed, do not want to require use of transform always.
103 - updated in
1.1
310 - updated in 1.1
315 - changed in 1.1
Kelvin - Is
1.1 doc posted?
Tony - Not yet, will post soon. Will be merged with VJ's
changes.
Tony requests clarification on 309.
Hal offers to provide
clarification on issue 309.
Hal will review 84.
3. Standard
submission status
Announcement went out for standardization for two
profiles. Karl is leaving OASIS end of this week, Mary McCrae is new staff
contact.
4. Errata status
Discussed in Tony update.
5.
Other document status (SwA, Kerberos, 1.1 proposals/edits)
Frederick -
SwA profile 13 draft out last week, minor changes. Please give feedback http://www.oasis-open.org/archives/wss/200410/msg00068.html
<http://www.oasis-open.org/archives/wss/200410/msg00068.html>
VJ
Resolution text for issues 317, 318, 319 rolled into 1.1, already posted, Tony
incorporating in newest 1.1 draft
Kerberos interop will be handled by
Gudge, please send comments on scenarios document.
Ron - where are
updates for each issue?
VJ - each is marked
Ron - which change bar
for which issue
VJ - should be clear, issues are distinct
6. Issue
list review
Issue list Number 52,
http://www.oasis-open.org/apps/org/workgroup/wss/download.php/9897/wss-i
<http://www.oasis-open.org/apps/org/workgroup/wss/download.php/9897/wss-i>
ssues-52.htm
84
- Hal/Tony to follow up
250 - Ron sent email:
http://www.oasis-open.org/archives/wss/200411/msg00005.html
<http://www.oasis-open.org/archives/wss/200411/msg00005.html>
Proposal:
Two different attributes - one to type token, other for type reference. Also
change name of ValueType Please review before next meeting
263 - still
open - Gudge action item
271 - Looking for someone to follow-up on this
issue Hal can encode domain in username, even though not standard. To do
completely would be difficult Ron asks if member of Wells-Fargo in
TC?
Kelvin - No
Marked as closed, not that username can include
other attributes if needed.
282, 298, - Tony updated, leave marked as
pending, people should review update when Tony sends update to list
309 -
Tony needs help finding issue in core.
Token profile editors should
review other token profiles to determine if any action is required.
310 -
pending, VJ sent out, needs review and feedback Ron - should this issue be on
X.509 token profile VJ - we had discussed having this in core as a general
mechanism
315 - Tony updated, pending, needs review and
feedback
317 - open
Hal - leave open, sent email regarding
this.
http://www.oasis-open.org/archives/wss/200410/msg00069.html
<http://www.oasis-open.org/archives/wss/200410/msg00069.html>
Requires
further discussion on list
AI - Hal and VJ to discuss and propose
text
318, 319 - pending, VJ sent out, needs review and
feedback
330 - leave pending, editorial changes to be incorporated by
editors
331, 332 - open, assign to editors (Tony)
333
closed
Resolved in both scenarios and SwA profile.
334 open, Ron
to propose text before next WSS call (16 Nov)
Ron sent message
-
http://www.oasis-open.org/archives/wss/200411/msg00003.html
<http://www.oasis-open.org/archives/wss/200411/msg00003.html>
Proposal
is to anticipate SAML 2.0 attribute by adding another AssertionID, which has
different namespace.
Should add both for SAML 1.1 and SAML
2.0.
Ron - proposed as errata for 1.1
Paul - ok with that, but not
earlier
Already agreed to add 1.1 attribute, now deciding whether to add
2.0 as well. Ron draft specific text to enable vote on this.
336 -
closed
Frederick - Changed in draft 13 of SwA profile.
337 -
closed
Addressed in scenarios document
338 - open
WSS
Templates proposal
Hal - define set of specific message exchanges to be
reviewed for security issues.
Would like TC to accept this as work
item
Frederick - is this a charter change
Hal - completely
consistent, yet charter lists deliverables, so might need to change list of
deliverables for charter.
Paul Cotton - looked at minutes of first F2F,
made list of other possible deliverables, decided on concrete deliverables for
TC, amended charter, charter specifies only normative deliverables, others were
postponed. Not clear whether this requires charter change, but perhaps intent
was to limit charter to normative deliverables
Hal - this proposed work
is non-normative
Paul - question about adding work to work plan until
other work is done, concern about slowing 1.1 work impacting WS-I Basic Security
Profile work. Additional issue of transition to new IPR policy, prefer
completion of technical work before transition. Not in scope of charter right
now, concerned about IPR.
Kelvin - decision of TC, yet need to determine
priorities, including profiles to complete
Hal - not sure what is holding
up Minimalist profile. Kerberos and SwA are almost done, in interop. Concerned
about risks regarding insecure applications.
Ron - do this in context of
existing profiles, which describe their vulnerabilities already, are we already
doing this?
Frederick - questions similarity to WS-I Basic Security
Profile scenarios document
Hal - related but does not profile detailed
templates for message content, more detailed level of detail.
Have
produced draft.
Don Flynn - Sounds like non-normative primer.
Hal
- template should only work on completed work, but yes resourcing might be an
issue.
Don - should be separate document, not hold up other
work.
Hal - looking for resolution whether it should be done in this
TC
John Weiland - ebXML is doing something similar?
Hal - less
specific, and more high level. Could be good source of requirements
Ron -
Why profiling efforts that are already occurring isn't useful
Hal -
concern is that engineers don't have enough guidance
Ron - asked whether
BSP profiles completed
Hal - WS-I focus has been on
interoperability
Ron - questions whether profiles are template activity
or need for independent activity
Don - possible interactions among
profiles
Hal - clarify WSS Profiles and WS-I basic security profile
(BSP)
Ron - thought BSP was mapping security to exchange
pattern
Frederick - WS-I security scenarios document
Hal - not as
much detail, not on current WS-I BSP plan.
Hal - propose we discuss on
next WSS call
Issue still open, TC members need to review and discuss
with colleagues, need to decide at later meeting
Paul - Microsoft will
need more than 2 weeks Frederick - agree that time is needed for
review
Kelvin - Hal will work on it, answer questions
Hal - any
objection to Hal continuing work, posting material to list
Paul - no
objection
Kelvin - using list for discussion is ok, as long as consistent
with IPR policy
339 - open,
http://lists.oasis-open.org/archives/wss/200410/msg00067.html
<http://lists.oasis-open.org/archives/wss/200410/msg00067.html>
Proposal
to add pkipath reference for X.509 token profile 1.1, not an errata item. URL
and copy of document to create reference were provided in email.
Action
item on editors to update X.509 token profile.
7. SwA interop
summary
Blake - 4 participants, Actional, Sun, IBM, Oracle participated.
4 scenarios, interop for 1st three, last scenarios added later so not everyone
could implement.
Send summary to list: http://www.oasis-open.org/archives/wss/200411/msg00007.html
Sent
issues list:
http://www.oasis-open.org/archives/wss/200411/msg00004.html
<http://www.oasis-open.org/archives/wss/200411/msg00004.html>
Frederick
- Action item to send mail listing issues and impact related to SwA
profile.
Maneesh from Actional noted some issues,
Ramana
Turlapati - Action item to post to list these issues
8. Interop
planning status (SwA2, Kerberos)
SwA2 - Scheduled for 15 Nov for second
interop
Gudge - Scenarios document to list, please post comments and
corrections to list. Gudge is running interop.
9. Other
business
None
10.
Adjournment
Adjourned.
---
Attendance of Voting
Members
Gene Thurston AmberPoint
Frank Siebenlist
Argonne National Lab
Hal Lockhart BEA
Corinna Witt
BEA
Merlin Hughes Betrusted
Chong-Jen Hsu
CommerceOne
Thomas DeMartini ContentGuard
Guillermo Lao
ContentGuard
Sam Wei Documentum
Tim Moses Entrust
Dana Kaufman Forum Systems
Toshihiro Nishimura Fujitsu
Kefeng Chen GeoTrust
Irving Reid HP
Kojiro Nakayama
Hitachi
Paula Austel IBM
Maryann Hondo IBM
Kelvin
Lawrence IBM
Mike McIntosh IBM
Anthony Nadalin IBM
Ron Williams IBM
Bob Morgan Internet2
Kate Cherry Lockheed
Martin
Paul Cotton Microsoft
Vijay Gajjala
Microsoft
Chris Kaler Microsoft
Richard Levinson
Netegrity
Prateek Mishra Netegrity
Frederick Hirsch
Nokia
Abbie Barbir Nortel
Lloyd Burch Novell
Steve
Anderson OpenNetwork
Vamsi Motukuru Oracle
Ramana Turlapati
Oracle
Ben Hammond RSA Security
Martijn de Boer
SAP
Blake Dournaee Sarvega
Coumara Radja Sarvega
Pete Wenzel SeeBeyond
Jeff Hodges Sun Microsystems
Ronald
Monzillo Sun Microsystems
Jan Alexander Systinet
Symon Chang
TIBCO
John Weiland US Navy
Phillip Hallam-Baker
VeriSign
Maneesh Sahu Westbridge Technology
Attendance of
Prospective Members or Observers
Martin Gudgin Microsoft
Ramanathan Krishnamurthy IONA
Don Flinn Individual
Membership
Status Changes
Ramanathan Krishnamurthy IONA Requested membership
10/19/2004
Alan Geller (formerly) Microsoft LOA 10/26 -
12/10
Davanum Srinivas CA Granted voting status after 11/2/2004
call
Nataraj Nagaratnam IBM Lost voting status after 11/2/2004
call
Carolina Canales-Valenzuela Ericsson Lost prospective status
after 11/2/2004
call
--------------
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]