[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes from April 19, 2005 WSS TC
Minutes from last meeting:
1. Call to order, roll call
2. Reading/approving minutes of last meeting (5th April [1] )
3. Gartner interop demo - status.
4. Issue list review & document status
5. Kerberos Interop planning status
6. Other business
7. Adjournment
[1] http://lists.oasis-open.org/archives/wss/200504/msg00006.html
1. Call to order, roll call
Call to Order Role Taken
2. Reading/approving minutes of last meeting (5th April [1] )
Unanimous approval of minutes
3. Gartner interop demo - status.
Hal - testing this afternoon event tomorrow. testing going on with usual results, Some work some don't, hopefully everything will be working by the
end of the day. Computer Associates withdrew 14 companies now at the interop. Oasis has made up T shirts for event Testing in West Side room by
100 most activities will occur there. Marketing people providing slip sheets and packages. End User speaker from Wachovia care of Data Power.
Will web cast be done about update of state of standard? Hal will get with Chairs at Interop.
4. Issue list review & document status
Frederick - What is progress when issues are closed on 1.1 and SAML interops will begin. Will all token profiles to 1.1 and incorporate errata?
OASIS would rather see a 1.1 with errata rolled in making it normative. If issues are closed quickly we can get to an interop can be done. No significant
new issues on issues list, could support a new version in a month or two.
version 64 of issues list
250 Should ValueType attribute of STR reference element be moved to top level STR definition? - post v1 review period
Tony - new version of Core X509 and username token profile available. - closed no feed back
310 Hal Lockhart: Clarification on using Key Identifier when SKI extension is not present. Vijay Gajjala; Are there alternative mechanisms that can be used in this case? Revisit.
closed
364 SWA profile: Can XML attachments be XML canonicalized and used in conjunction with SwA profile?
closed
357 Need a Token Type URI in SAML token profile
tabled
371 X.509v1 Certificate support in 1.0 Errata
pending review
373 WSS spec legibility
pending review
374 TokenType URI for EncryptedKey
pending review
376 Manveen: Input format to transform
pending
366 SWA profile: Review MIME headers that are included in signature, make extensible
open no change
370 SWA profile: Add processing rules/guidance for SOAP and MIME intermediaries
open no change
377 xenc:ReferenceList SwA comment
open no change
378 Deprecating or otherwise marking OASIS superceded documents
no status
9 new issues on Kerberose
379 Kerberos TP: Use Kerberos V GSS-API mechanism
Tony - good comment need to provide wrapped and unwrapped content both GSS and Kerberose level.
Current interop only allows unwrapped raw Kerberos was found as part of interop looking at both wrapped and unwrapped.
Another token type URI needed no objections from the TC so 379 pending action item editors add URI for wrapped token and update interop
scenario document
380 Kerberos TP: Service principal names
Tony - service principle name input requested, do we need this in the spec or should it be addressed in the application. Tony stated it belongs in the
application.
Hal - Spec needs clarification should be pending due to it's new status.
381 Kerberos TP: Session key negotiation and key re-use
Tony - problem in interop some used session key and some sub key. Spec leans towards sub key rather than session key. Question is do we want to fix
this with one URI and one processing model that states we use the sub key otherwise use session key.
Clarification - fix in processing, one URI defer to 1510. pending editors add clarification text
382 Kerberos TP: Replay protection and mutual authentication
unwrapped does have potential replay attack, however combined with timestamp would not. Add clarification text - either use the wrapper or
make sure that you are signed and call it out as a security consideration.
pending editors adding clarification text preventing reply by combining with signed timestamp or wrapper as protection.
384 Kerberos TP: Channel Binding
clarification why should AP require additional protection from lower layers. pending additional detail needed - action by editors
385 Kerberos TP: References to obsolete documents
pending 1510 refresh
386 Kerberos TP: Repeat symmetric encryption requirement from Section 3.5 in Section 3.4?
pending action for editor to add clarification
387 Kerberos TP: Undefined terms/missing references
pending editors add terminology.
no 1.1 specific issues open - Volunteers were requested to create a 1.1 interop test scenario document -Martin Gudgin, of Microsoft, volunteered.
Action - create 1.1 interop scenario document - Martin Gudgin.
5. Kerberos Interop planning status
Martin Gudgin - Three participants, no full scenarios working taking at least another week. Interop team will create summary of issues to ensure
the issues make it to the issues list for TC resolution.
6. Other business
Paul Cotton, suggests we be more proactive towards release of 1.1 spec.
A. outstanding question of what will be published in 1.1.
B. know status of SAML token document - Ron not present.
C. Close on SWA and Kerberos, should we wait. OASIS prefers one big package with more tokens.
Status:
1.1 delivered, editorial issues
nothing pending on username and x509 pending interop issues, we are done. Kerberos interop is done SAML still has open issues;
token type URI and new issue tracking incorporation of SAML 2.0. SWA has three issues Frederick will try to have them ready for the next meeting.
We will be close to attempting an interop. 1.1 core document is the only thing with substantive changes, not the token profiles.
SAML 2.0 whether or not SAML needs an interop is a question. 1.1 new features in an interop is the "long pole" on our progress.
Vote put to TC: 1.1, issue a complete document set - unanimously resolved. Concerns include OASIS not having a good way to do errata.
Errata is independent and an OASIS process issue. Paul Cotton accepts for action to talk to OASIS about this as to how we might make our documents
more robust for the future. Chairs have already approached OASIS on this message.
Action for Paul to approach OASIS on errata process issue. Frederick co-volunteers.
Motion to adjourn seconded and carried.
<<WSSTCminutes04192005.txt>>
Very Respectfully,
John R. Weiland
Information Technology Specialist
GS 2210 (APPSW) Code 38 Naval Medicine OnLine
Naval Medical Information Mngmt Cntr
Bldg 27
8901 Wisconsin Ave
Bethesda, Md. 20889-5605
301-319-1159
JRWeiland@us.med.navy.mil
http://navymedicine.med.navy.mil
"GIVE ME A PLACE TO STAND AND I WILL MOVE THE EARTH"
A remark of Archimedes quoted by Pappus of Alexandria
1. Call to order, roll call 2. Reading/approving minutes of last meeting (5th April [1] ) 3. Gartner interop demo - status. 4. Issue list review & document status 5. Kerberos Interop planning status 6. Other business 7. Adjournment [1] http://lists.oasis-open.org/archives/wss/200504/msg00006.html 1. Call to order, roll call Call to Order Role Taken 2. Reading/approving minutes of last meeting (5th April [1] ) Unanimous approval of minutes 3. Gartner interop demo - status. Hal - testing this afternoon event tomorrow. testing going on with usual results, Some work some don't, hopefully everything will be working by the end of the day. Computer Associates withdrew 14 companies now at the interop. Oasis has made up T shirts for event Testing in West Side room by 100 most activities will occur there. Marketing people providing slip sheets and packages. End User speaker from Wachovia care of Data Power. Will web cast be done about update of state of standard? Hal will get with Chairs at Interop. 4. Issue list review & document status Frederick - What is progress when issues are closed on 1.1 and SAML interops will begin. Will all token profiles to 1.1 and incorporate errata? OASIS would rather see a 1.1 with errata rolled in making it normative. If issues are closed quickly we can get to an interop can be done. No significant new issues on issues list, could support a new version in a month or two. version 64 of issues list 250 Should ValueType attribute of STR reference element be moved to top level STR definition? - post v1 review period Tony - new version of Core X509 and username token profile available. - closed no feed back 310 Hal Lockhart: Clarification on using Key Identifier when SKI extension is not present. Vijay Gajjala; Are there alternative mechanisms that can be used in this case? Revisit. closed 364 SWA profile: Can XML attachments be XML canonicalized and used in conjunction with SwA profile? closed 357 Need a Token Type URI in SAML token profile tabled 371 X.509v1 Certificate support in 1.0 Errata pending review 373 WSS spec legibility pending review 374 TokenType URI for EncryptedKey pending review 376 Manveen: Input format to transform pending 366 SWA profile: Review MIME headers that are included in signature, make extensible open no change 370 SWA profile: Add processing rules/guidance for SOAP and MIME intermediaries open no change 377 xenc:ReferenceList SwA comment open no change 378 Deprecating or otherwise marking OASIS superceded documents no status 9 new issues on Kerberose 379 Kerberos TP: Use Kerberos V GSS-API mechanism Tony - good comment need to provide wrapped and unwrapped content both GSS and Kerberose level. Current interop only allows unwrapped raw Kerberos was found as part of interop looking at both wrapped and unwrapped. Another token type URI needed no objections from the TC so 379 pending action item editors add URI for wrapped token and update interop scenario document 380 Kerberos TP: Service principal names Tony - service principle name input requested, do we need this in the spec or should it be addressed in the application. Tony stated it belongs in the application. Hal - Spec needs clarification should be pending due to it's new status. 381 Kerberos TP: Session key negotiation and key re-use Tony - problem in interop some used session key and some sub key. Spec leans towards sub key rather than session key. Question is do we want to fix this with one URI and one processing model that states we use the sub key otherwise use session key. Clarification - fix in processing, one URI defer to 1510. pending editors add clarification text 382 Kerberos TP: Replay protection and mutual authentication unwrapped does have potential replay attack, however combined with timestamp would not. Add clarification text - either use the wrapper or make sure that you are signed and call it out as a security consideration. pending editors adding clarification text preventing reply by combining with signed timestamp or wrapper as protection. 384 Kerberos TP: Channel Binding clarification why should AP require additional protection from lower layers. pending additional detail needed - action by editors 385 Kerberos TP: References to obsolete documents pending 1510 refresh 386 Kerberos TP: Repeat symmetric encryption requirement from Section 3.5 in Section 3.4? pending action for editor to add clarification 387 Kerberos TP: Undefined terms/missing references pending editors add terminology. no 1.1 specific issues open - Volunteers were requested to create a 1.1 interop test scenario document -Martin Gudgin, of Microsoft, volunteered. Action - create 1.1 interop scenario document - Martin Gudgin. 5. Kerberos Interop planning status Martin Gudgin - Three participants, no full scenarios working taking at least another week. Interop team will create summary of issues to ensure the issues make it to the issues list for TC resolution. 6. Other business Paul Cotton, suggests we be more proactive towards release of 1.1 spec. A. outstanding question of what will be published in 1.1. B. know status of SAML token document - Ron not present. C. Close on SWA and Kerberos, should we wait. OASIS prefers one big package with more tokens. Status: 1.1 delivered, editorial issues nothing pending on username and x509 pending interop issues, we are done. Kerberos interop is done SAML still has open issues; token type URI and new issue tracking incorporation of SAML 2.0. SWA has three issues Frederick will try to have them ready for the next meeting. We will be close to attempting an interop. 1.1 core document is the only thing with substantive changes, not the token profiles. SAML 2.0 whether or not SAML needs an interop is a question. 1.1 new features in an interop is the "long pole" on our progress. Vote put to TC: 1.1, issue a complete document set - unanimously resolved. Concerns include OASIS not having a good way to do errata. Errata is independent and an OASIS process issue. Paul Cotton accepts for action to talk to OASIS about this as to how we might make our documents more robust for the future. Chairs have already approached OASIS on this message. Action for Paul to approach OASIS on errata process issue. Frederick co-volunteers. Motion to adjourn and carried. minutes taken by John R. Weiland Information Technology Specialist GS 2210 (APPSW) Code 38 Naval Medicine OnLine Naval Medical Information Mngmt Cntr Bldg 27 8901 Wisconsin Ave Bethesda, Md. 20889-5605 301-319-1159 JRWeiland@us.med.navy.mil http://navymedicine.med.navy.mil "GIVE ME A PLACE TO STAND AND I WILL MOVE THE EARTH" A remark of Archimedes quoted by Pappus of Alexandria
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]