OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Minutes v3, 9 August 2005 - with attendance


V3 corrected Duane Nickull name.

Minutes, WSS TC Conference Call, 09 August 2005 
Minute-taker - Frederick Hirsch, Nokia

We are grateful to Oracle for sponsoring this call

AI Tony/Duane Nickull to review Kerberos token profile with respect to
RFC 4120 (and obsoleted RFC 1510). Reference in profile to be updated.

AI Tony to review text at line 984 in core, see if improvement needed.

AI Gudge/VJ to add issue to issues list for encrypted key reference
(Corrina issue)

Agenda:
1. Call to order, roll call

34 voting members, need 22 - have quorum.

2. Reading/approving minutes of last meeting (July 26th) [1] No
objections to approving the minutes. Minutes approved.

3. Issue list review & document status 

One public review comment on public review comment list - regarding RFC.

Issue list
310 - pending
Frederick - the new text in the latest core WSS draft at line 984 seems
to be unclear.

Tony to review text. 

334 - pending
Frederick - why don't we include xml:id in the list at line 500. Seems
painful to require all profiles to be updated to support it.

Xml:id at proposed rec, stays in proposed rec until W3C AC decides to
approve. Closes in September.

Text in this section does not preclude use of xml:id so no action here
required.

389 - pending

403 pending
Changes are in uploaded document

338 open, no change

394 - open

updated status in issues list
Ron had action item to send pointer to document to Abbie - done. 

Gudge sent comment to discussion list
RFC 1510 (Kerver v5) has been obsoleted by RFC 4120 Need to check that
Kerberos token profile does not require adjustment.

Paul - is RFC 4120 backward compatable?
Gudge - provides more explanation and detail, clarifies aspect of
protocol and intended use, so not clear that it is backward compatible.

Tony - we've started reviewing these, will look at it. Asks for help
from others on TC. 

AI Tony to drive review of RFCs with respect to Kerberos profile, doing
initial inspected

Duane Nickull from Adobe also volunteers to review RFC 4120/RFC 1510
with respect to Kerberos token profile.

References in Kerberos token profile should reference correct RFC.

Open issue on this item.

Hal - need to decide whether another public review is required, 2 weeks
if so. Only required if substantive changes are made.

Kelvin - Need to track potential changes to determine what is required.
Paul Cotton - do you think any of the changes so far are technical Hal
Lockhart- yes Paul Cotton - then to be safe, public comment should be
submitted for such changes Tony Nadalin- issues list can be treated as
comments Hal Lockhart - 310, 334, 389, 403 Paul Cotton - for every
substantive public comment we can expect to raise an issue, so issues
list can serve as list of comments/issues.

Frederick - Jeff Hodges is at Neustar (to answer Hans question)

4. Interop status for 1.1 

Gudge
Tony - Oracle, Microsoft, IBM have completed the interop, wrapping up
with fourth party.

Tony - a few minor issues may result from interop, nothing major.
Gudge - some clarifications, nothing major.

5. Other business 

Hans - RSA & Verisign would like to work together in OASIS in WSS with a
one-time password profile.
Would like to consider submission - is there interest in the main TC?

Frederick - asks about IPR implications, appropriate in WSS or new TC
under new IPR policy?

Hal - asks about openness
Hans - vendor neutral profile, include all existing One time password
(OTP) mechanisms.

Hal - need an editor and a draft to get started 

Frederick - what are plans for the Minimalist Profile, and how long do
we plan to keep TC running

Paul - charter enumerates tokens we should profile in WSS, cannot extend
charter. Charter mentions core and 4 profiles.

Paul - Do we only need 3 to approve adding this, or the whole TC?
Hal - or at least majority?

Paul - are there others with IPR that need to join TC so that we are
protected?

Hans - idea is general framework can support variety of methods, which
might have IPR, but not in the general framework

Hal - not sure TC should do this.

Chris - SwA is about interpretation of security header in specific
scenario - input document talked about attachments, took out of 1.0, but
addressed in 1.1 which original input document in charter had
considered, so was in scope.

Charter:
http://www.oasis-open.org/committees/wss/charter.php

Don - charter mentions initial work, not too narrow.

Ron - can be considered related to password derived key work, so can
consider close to the work already done

Kelvin - is there more you could share so TC can evaluate it for TC
consideration.

Simon Chang/Tibco - interested in seeing more detail

Hans - will send more information to list

Additional public review comment
Corinna - sent comment to TC rather than public list - comment on
encrypted key reference. Should be added to issue list and public review
comments.

Gudge - need to clarify what to add to issues list, not clear what to
add

See
http://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200507/m
sg00041.html

http://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200507/m
sg00040.html

http://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200507/m
sg00039.html

Add issue to issue list. Not all agree there is an issue, but can close
if we agree.

AI Gudge/VJ to add issue to issues list for encrypted key reference.

Hal - will sponsor teleconference 6 Sept, 18 Oct. 

Chairs request additional volunteers to provide teleconference bridges.
 
6. Adjournment 

[1] http://lists.oasis-open.org/archives/wss/200507/msg00042.html

---

Attendance of voting members

Maneesh Sahu, Actional Corporation
Gene Thurston, AmberPoint
Hal Lockhart, BEA Systems, Inc.
Denis Pilipchuk, BEA Systems, Inc.
Corinna Witt, BEA Systems, Inc.
Steve Anderson, BMC Software
Rich Levinson, Computer Associates
Thomas DeMartini, ContentGuard
Toshihiro Nishimura, Fujitsu Limited
Kefeng Chen, GeoTrust
Irving Reid, Hewlett-Packard
Derek Fu, IBM
Kelvin Lawrence, IBM
Mike McIntosh, IBM
Anthony Nadalin, IBM
Nataraj Nagaratnam, IBM
Kojiro Nakayama, Hitachi
Don Flinn, Individual
Kate Cherry, Lockheed Martin
Paul Cotton, Microsoft Corporation
Martin Gudgin, Microsoft Corporation
Chris Kaler, Microsoft Corporation
Frederick Hirsch, Nokia Corporation
Abbie Barbir, Nortel
Vamsi Motukuru, Oracle Corporation
Prateek Mishra, Oracle Corporation
Ben Hammond, RSA Security
Rob Philpott, RSA Security
Blake Dournaee, Sarvega
Pete Wenzel, SeeBeyond
Ronald Monzillo, Sun Microsystems
Symon Chang, TIBCO Software, Inc.
John Weiland, US Dept of the Navy
Hans Granqvist, VeriSign

Prospective Voting Members Attendance

John Linn, RSA Security
Maryann Hondo, IBM
Duane Nickull, Adobe

---------------



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]