OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [wss] Re: Final Minutes WSS-TC 10.4.2004 (and comments on issue 444)


Ron, the minutes below do not capture my concern on issue 444 (issues list at [1]) that the TC should investigate the decisions it has already made with respect to the X.509 errata.

 

In furtherance of this investigation, I also offer the following information:

* On 2005-Feb-22, Mike McIntosh sent an e-mail [2] which resulted in the opening of issue 371 (see issues list [1])

* Ron Monzillo replied, and the different proposals were discussed at the 2005-Mar-08 meeting [3], wherein a tentative consensus was reached and Mike was assigned the action to document that consensus in the form of a revised proposal.

* Mike sent the revised proposal [4] to the list on 2005-Mar-19.

* At its 2005-Mar-22 meeting [5] the TC decided to adopt the revised proposal and directed the editors to make the change to the errata.

* At its 2005-Apr-19 meeting [6] the TC changed issue 371 to pending review.  I cannot find any document claiming to show the changes to the errata that could justify changing 371 to pending review.

* At its 2005-May-03 meeting [7] the TC changed issue 371 to closed on the grounds that it was pending review at the last meeting.

 

So, as far as I can tell, the change to the X.509 errata documented in [4] was agreed to by the TC but never implemented.

 

[1] http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14858/OASIS%20Web%20Services%20Security%20Issues%20List%2078.htm

[2] http://lists.oasis-open.org/archives/wss/200502/msg00051.html

[3] http://lists.oasis-open.org/archives/wss/200503/msg00020.html

[4] http://lists.oasis-open.org/archives/wss/200503/msg00025.html

[5] http://lists.oasis-open.org/archives/wss/200503/msg00037.html

[6] http://lists.oasis-open.org/archives/wss/200504/msg00016.html

[7] http://lists.oasis-open.org/archives/wss/200505/msg00026.html

 

&Thomas.

 


From: Ron Williams [mailto:ron.williams@us.ibm.com]
Sent: Wednesday, October 12, 2005 7:27 AM
To: wss@lists.oasis-open.org
Cc: klawrenc@us.ibm.com; abbieb@nortel.com
Subject: [wss] Re: Final Minutes WSS-TC 10.4.2004

 

 

On Oct 12, 2005, at 9:26 AM, Ron Williams wrote:



With Abbie's affiliation Fixed -

 

Cheers!

 

____________________________________

        Call to order/roll call    10.4.05 9:04:28 

    AM

Chairs: Kelvin Lawrence,

Secretary: Don Flinn

Minutes: Ron Williams

 

Attendance

Attendance List

 

Voting Members

 

Maneesh         Sahu            Actional Corporation

Duane           Nickull         Adobe

Hal             Lockhart        BEA Systems, Inc.

Denis           Pilipchuk       BEA Systems, Inc.

Corinna         Witt            BEA Systems, Inc.

Rich            Levinson        Computer Associates

Thomas          DeMartini       ContentGuard

Dana            Kaufman         Forum Systems, Inc.

Toshihiro       Nishimura       Fujitsu Limited

Kefeng          Chen            GeoTrust

Irving          Reid            Hewlett-Packard

Kojiro          Nakayama        Hitachi

Derek           Fu              IBM

Kelvin          Lawrence        IBM

Mike            McIntosh        IBM

Anthony         Nadalin         IBM

Ron             Williams        IBM

Don             Flinn           Individual

Kate            Cherry          Lockheed Martin

Paul            Cotton          Microsoft Corporation

Vijay           Gajjala         Microsoft Corporation

Martin          Gudgin          Microsoft Corporation

Chris           Kaler           Microsoft Corporation

Frederick       Hirsch          Nokia Corporation

Abbie           Barbir          Nortel

Prateek         Mishra          Oracle Corporation

Vamsi           Motukuru        Oracle Corporation

Ben             Hammond         RSA Security

John            Linn            RSA Security

Rob             Philpott        RSA Security

Pete            Wenzel          SeeBeyond

Ronald          Monzillo        Sun Microsystems

John            Weiland         US Dept of the Navy

Hans            Granqvist       VeriSign

 

Members

 

Steve        Anderson         BMC Software

Carolina    Canales-Valenzuela Ericsson

Jeff        Hodges         NeuStar, Inc.

Blake        Dournaee         Sarvega

Will         Raymond         Tibco

 

Member that regained voting status after 10/4/05 Meeting

 

Steve         Anderson         BMC Software

Jeff         Hodges         NeuStar, Inc.

Will          Raymond         Tibco

 

19 REQUIRED - 31 ATTENDING - Quorum Achieved

        Reading/Approving minutes of last meeting (Sept 20th) [1]    10.4.05 9:13:13 

    AM

            Approved by unanimous consent (no objections registered)    

        Review of actions from prior meeting minutes [1]    10.4.05 9:14:30 

    AM

            Actions are caught up - closed or made issues (Kelvin)    

        One Time Password proposal (continue discussion and try to reach     10.4.05 9:14:37 

    closure)    AM

Chris - limit discussion to 30 mintues

Paul Cotton - had questions answered during dialogue.

Paul Cotton - proposed way forward. Not convinced work is in scope for TC. Simple procedure: Have proponents move that work on OTP  profile is in scope, triggering an electronic ballot to TC to determine whether or not this is to be a deliverable.

Hans - Seems ec vote would take a long time.

Kelvin - if such a motion was put forward - Oasis has 15 days in which to call an electronic ballot - + 7 to 15 days for actual vote, and Oasis is responsible for the ballot. We'd be clarifying the charter, not amending it. 

Mary - 2/3 majority required for passage, no more than 1/4 voting no.

 

Rob - Work item is in scope - TC should decide whether we want to work on deliverable - asserts clarification not required.

Abby agrees with Paul as vote being the most efficient means to address issue.

 

Rob - TC has to decide whether or not TC wants to do the work, and then go forward with "official" mechanism (clarification vote). 

 

Kelvin - decide as a TC how to close issue.

 

Ask chair to work with TC Admin to determine whether OTP profile is in scope.

 

Will (tibco) - RSA assures us that OTP is unencumbered.

 

Kelvin - This TC is still operating under old TC rules.

 

Paul - TC Admin will be reluctant to "rule" on scope issue.

 

Mary - a vote by the TC to 

 

Abbie (Nortel) - Can we simply take a vote to see if the TC wants to do the work?

 

Hal - Only 3 or 4 individuals typically work on profiles, so issue of TC wanting to do the work boils down to those that do the work.

 

Kelvin - we get into situations that only a vote will break the stalemate. Pauls Proposal. Rob's work with TC admin offline. Mary said no admin ruling until a decision (vote) and appeal to admin.

 

Ron Monzillo - decide whether we want to take on the work.

 

(?) What is the objective of the TC following publication of the 1.1 specs.

 

TC - conversion to new IPR rules we have 18 months to switch or vote on shifting to new.

 

Hal - suggest a motion be made . . .

 

Hal - propose to do work - see if TC by simple majority wants to do the work. If yes, Paul can still call for formal charter clarification resulting in formal Oasis vote.

 

Hans - move to "vote on the amended proposal as sent out by john linn, 8.2005, WSS-OTP token profile.

Hal - seconded

Abby - seconded

 

Two questions on 

Tony - framework or technology - unclear as to what is being proposed as input, output, and ipr. Text is unclear.

 

Hans - input - two existing OTP proposals - RSA produced, and one that Verisign has produced - no IP on Verisign producted. This is a framework, not a mechanism.

 

John Lynn (RSA) - conceptually parallel - a method independant framework - no proposal for a particuluar method - the methods themseleves are not in scope of this proposal.

 

RSA - no claims at the level of the document (IPR)  - no claims and no evidence of any. Input document - won't submit if doesn't comply with IP rules.

 

Paul - have to disclose any IPR and that of any other contributor.

 

Asked and answered by RSA and Verisign

 

Will - proposal - do the work to create a framework who's purpose is to support a proprietary format

(discussion) disputes this . . .

 

Interop question -  is there a common format to be implemented and support to enable interop testing.

 

Three companies attest to framework - 

 

Paul - in the past - we actually physical interop testing - interop validates the framework - but underlying mechanisms don't need to be implemented by the participants.l

 

Hal - thinks there are one or more mechanisms that could be implemented for use in interop.

 

Only one framework in the past, and that was the core document.

 

Paul puts the questions - 

Hal and Abby Seconds

Kelvin - Roll Call Vote

 

(Ron's unofficial tally:

        yes    no    abstain

sandhu    (no repsonse)

nichol            a

thurston    (no response)

lockhart    y

fillchuck            a

witt        y

levinson    y

demaritni            a

kafuman            a

nishimuru            a

chen        (no response)

reid        y

nakamuro            a

foo        (no response)

hondo    (no response)

lawrence            a

mcintosh        n

nadalin        n

williams        n

flinn                a

cherry    y

cotton        n

gaya            n

gudge        n

kaler            n

hirsch    y

baiberi        n

mishra    y

motokuru    y

hammond    y

linn        y

philpott    y

dubour    (no response)

wenzel            a

monzillo    y

wailtand    y

hans        y

 

Hal - majority of non-abstenstions

14 yes - 8 no - 9 abstensions: Motion Carries)

 

 

Don Flinn's official tally:

Vote Details

 

Maneesh    Sahu                  

Duane    Nickull                 A

Gene        Thurston                  

Hal        Lockhart         Y

Denis    Pilipchuk                 A

Corinna    Witt              Y

Rich        Levinson         Y

Thomas    DeMartini                  A

Dana        Kaufman                  A

Toshihiro    Nishimura                 A

Kefeng    Chen                  

Irving    Reid              Y

Kojiro    Nakayama                  A

Derek    Fu                  

Maryann    Hondo                  

Kelvin    Lawrence                  A

Mike        McIntosh              N

Anthony    Nadalin              N

Ron        Williams              N

Don        Flinn                  A

Kate        Cherry         Y

Paul        Cotton              N

Vijay    Gajjala              N

Martin    Gudgin              N

Chris    Kaler              N

Frederick    Hirsch         Y

Abbie    Barbir              N

Prateek    Mishra         Y

Vamsi    Motukuru         Y

Ben        Hammond         Y

John        Linn              Y

Rob        Philpott         Y

Martijn    de Boer                  

Pete        Wenzel                  A

Ronald    Monzillo         Y

John        Weiland         Y

Hans        Granqvist         Y

                           

                           

yes             14

no              8

abstain          9

 

 

 

 

Paul move to clarify charter to indicate OTP work is in scope (OTP one time password token profile), to add it to the deliverables.

Abby - seconded

 

Kellvin - Oasis must call the vote

Mary - believes Paul is asking whether the TC needs to change the vote. Any work undertaken by the TC may be appealed to TC admin.

 

Mary - Appeal to TC admin 

TC votes they would like to clarify the charter and undertake the work item with wording as to what the charter should say.

 

You can't clarify the charter and change it - these are two separate processses.

 

Why must whole TC take up the issue?

 

TC has voted to create an OTP profile.

 

Rob Philpott objects to Paul's motion. My opinion that when TC accepts work item - its supposed to be in scope. There is an appeal process whereby 3 or more can appeal. - Withdrawn

 

Hal - agrees - 

 

Tony - you can always call for a clarification.

 

Chris - vote on the final text of the charter clarification.

 

Paul withdraws motion to clarify charter, Abby agrees

 

        Issues list review    10.4.05 10:25:16 

    AM

Pending Review

430 - comments on the call from Mishra/Oracle: closed w/out objection

432 - : closed w/out objection

433 - : closed w/out objection

434 - schema corrections to SAML token 1.1 (scott cantor): closed w/out objection

436 - comments from Mark Wahl: closed w/out objection

437 - comments from Mark Wahl - username profile: closed w/out objection

438 - comments from Wahl - : closed w/out objection

 

Pending

334 - XML Id Issue: Tony Nadalin to incorporate changes: closed w/out objection

404 - RFC 4120 and 1510: Tony - changes made, not on list: pending

405 - (405 done, 429 not complete- monzillo): move to PENDING REVIEW

429 - still being discussed; ron and gudge discussion, about encrypted key - related to kerberos token profile. Ref type should be changed to token type (gudge): OPEN w/out objections

 

Kelvin - for J Hodges - 428 "closed because no action proposed" - Gudge to take AI to trace 428 and was Jeff's proposal on the table when voted. 

 

439 - comments from J Hodges on call - referenced but not cited. Editorial Fixes - changes made, not posted (tony): Status Pending

443 - J Hodges - WSU timestamp description: made not posted (tony): PENDING

 

OPEN

444 - WSS Page contains 10.04 errata - but have backed out certain errata. Paul requests  it be taken out when fixed or adopt proposal via x.509v3 suggestion. Make errata reflect changes in 1.1 document (Paul). X.509 URI's are out of sync with current version (1.1) of the document. (Paul) Wants errata to reflect multiple decisions. (Gudge) replace "#X.509" with "#X.509v1". (Tony) we'll be breaking 1.0 versions by doing this. (Paul) by leaving the "incorrect" URI in the errata will encourage people to continue to do the wrong thing.

 

No objections to making the errata changes (URI Only).

Gudge - Net effect of three issues is to "fix" URI reference.: remains OPEN

 

427 - : CLOSED w/ no action w/out objections

435 - pratik sent a notice to vijay leaving a couple of items. (tony) open item of formal comback. (chris) have to close public comments - missing a few issues from public interop., related to 431: OPEN

445 - changes from erratta no included in v1 - editorial change: moved to PENDING

446 - clarification for STR transform, request someone to make changes and propose text. (Gudge takes AI): OPEN

 

440, 441, 443, (Chris) Wants some discussion on the list so wee can close these.

 

        Public review status/outlook for 1.1 final phases    

        Other business    

            Final Roll - Call    

            Mike McIntosh    

            Gudge    

        Adjournment    10.4.05 10:59:42 

    AM

Motion to adjourn and second.

 

 

<WS-SEC TC Minutes 10.4.2005.opml>

<Minutes 10.4.2005 Final.pdf>

 

 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]