OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: [VER 2] OASIS WSS TC Minutes 2005-11-01


OASIS WSS TC Minutes 2005-11-01

New Action Items

None.

1. Call to order/roll call

Voting Members

Maneesh         Sahu            Actional Corporation
Duane           Nickull         Adobe
Gene            Thurston        AmberPoint
Hal             Lockhart        BEA Systems, Inc.
Denis           Pilipchuk       BEA Systems, Inc.
Corinna         Witt            BEA Systems, Inc.
Steve           Anderson        BMC Software
Rich            Levinson        Computer Associates
Thomas          DeMartini       ContentGuard
Dana            Kaufman         Forum Systems, Inc.
Toshihiro       Nishimura       Fujitsu Limited
Kefeng          Chen            GeoTrust
Kojiro          Nakayama        Hitachi
Derek           Fu              IBM
Mike            McIntosh        IBM
Anthony         Nadalin         IBM
Ron             Williams        IBM
Don             Flinn           Individual
Kate            Cherry          Lockheed Martin
Paul            Cotton          Microsoft Corporation
Vijay           Gajjala         Microsoft Corporation
Martin          Gudgin          Microsoft Corporation
Chris           Kaler           Microsoft Corporation
Jeff            Hodges          NeuStar, Inc.
Frederick       Hirsch          Nokia Corporation
Abbie           Barbir          Nortel
Prateek         Mishra          Oracle Corporation
Ben             Hammond         RSA Security
John            Linn            RSA Security
Rob             Philpott        RSA Security
Pete            Wenzel          SeeBeyond
Ronald          Monzillo        Sun Microsystems
John            Weiland         US Dept of the Navy
Hans            Granqvist       VeriSign

Members

Jan             Alexander       Microsoft
Will            Hopkins         BEA
Mike            Rudolph         Wells Fargo

Regained or gained voting status after this meeting

Jan             Alexander       Microsoft
Mike            Rudolph         Wells Fargo

2. Reading/Approving minutes of last meeting (Oct 18th)
[VER 4]
http://lists.oasis-open.org/archives/wss/200510/msg00063.html
[VER 5]
http://lists.oasis-open.org/archives/wss/200510/msg00070.html 

[VER 5] adopted unanimously.

3. Issues list review
http://www.oasis-open.org/apps/org/workgroup/wss/download.php/15131/OASI
S%20Web%20Services%20Security%20Issues%20List%2080.htm

a) Pending Review

Issue 404 - Move to Closed

Issue 439 - Move to Closed

Issue 441 - Move to Closed

Issue 443 - Move to Closed

Issue 445 - Move to Closed

b) Pending (Yellow)

Issue 428 - Move to Pending Review

Issue 431 - Move to Pending Review

Issue 440 - Move to Pending Review

Issue 444 - Done but not yet posted.  Should be done on Nov 1 or Nov 2.
Remains as Pending.

Issue 446 - Move to Pending Review

Issue 449 - Move to Pending Review

FYI the Core Namespace is the following:
http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd

Frederick to change the SwA Namespace to be like the Core Namespace (see
above) from:
http://docs.oasis-open.org/wss/wss1-1-SwAProfile-1.0.xsd
to:
http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1.xsd 

Related action item for which there was no issue:
AI 2005-10-18-05 Tony to determine correct legal notices text (Mary to
provide this text) and then the other Editor's should adopt the same
text.

Tony: Do SAML and SwA have the correct legal notice text?

Thomas: REL will need to be checked.

Ron: I did not change SAML.  

Frederick: SwA and Tony's docs have the correct text.

Chris: The Editor's need to get the right legal text in SAML and REL
documents.

Ron: Is the title of the WSS Core document final as:
"Web Services Security: SOAP Message Security 1.1 (WS-Security 2004)"

Chris: Does anyone think we should change this title.

TC: No response.

Chris: Then the title of the Core spec will NOT be changed.

Ron: Should the copyright be 2002-2005 in all the documents? 

Frederick: In the older documents yes.

Paul:
Note the Core spec currently says:
>Copyright (C) OASIS Open 2005. All Rights Reserved.
This should be changed to "2002-2005" in Core, X.509, Username, SAML and
REL.
This copyright can be "2004-2005" in Kerberos and SwA.
 
c) Open

Issue 338 - No progress.

Issue 448 - Move to Pending.
http://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200510/m
sg00049.html 
Tony agreed to implement the missing three changes.

Issue 450 - Move to Pending
http://lists.oasis-open.org/archives/wss-comment/200510/msg00002.html 
Editor to change: 

a) The [XMLSIG] reference to remove the URI
(http://www.w3.org/TR/xmldsig-core/):

>[XMLSIG] D. Eastlake, J. R., D. Solo, M. Bartel, J. Boyer , B. Fox , E.
Simon. 
>Signature Syntax and Processing, W3C Recommendation, 12 February 2002.
 
b) In the Schema file change the URI from the undated reference to the
dated reference for the Feb 2002 document.

Ron: No change need to SAML.

d) Closed

Issue 391 - Abbie will post the [V1] of the document.  

Summary: We have edits pending to all the documents. 

e) New Issues

AI 2005-10-18-03 Ron to raise a new issue to cover his proposal to make
TokenType mandatory in the Kerberos Token Profile. 
http://lists.oasis-open.org/archives/wss/200511/msg00005.html 

After discussion of Ron's proposal the following changes were approved
unanimously:

a) Lines 227-228 (to match value at 220-221):
Change "#Kerberosv5APREQSHA1" to "#Kerberosv5_AP_REQ"

b) Line 160 
Remove "and wsse11:TokenType".

c) Line 161:
Replace "for this token" with "for this attribute".

d) Lines 202-204

Original text:
"When a Kerberos Token is referenced using <wsse:SecurityTokenReference>
the
@ValueType attribute is not required. If specified, the URI listed above
as Kerberos token type MUST be specified."

Replacement text:
"When a Kerberos Token is referenced using <wsse:SecurityTokenReference>
the @TokenType attribute SHOULD be specified, and its value MUST be the
URI that identifies the Kerberos token type as defined for a
corresponding BinarySecurityToken/@ValueType attribute.  The
Reference/@ValueType attribute is not required. If specified, its value
MUST be equivalent to that of the @TokenType attribute."

Gudge: The sentiment is that the @TokenType attribute is optional but
when it occurs its value must match the value from the table that
defines the values for @ValueType.

Chris: Mark this new issue as Pending.

4. Public review status & outlook for 1.1 final phases

Ron: How will we process the Pending Review items?

Chris: Let's get the documents posted by end of business on Wed Nov 2
and give the TC 24-48 hours to review the Pending Review issues.  Then
we can initiate any votes before the end of the week so we have some
chance to make the monthly OASIS Nov 15 deadline.

Chris: One ballot to make the draft Committee Specifications and the
second ballot is to request standardization by OASIS.

MOVED by Hal Lockhart, seconded Tony Nadalin

The WSS TC approves the submission of the current WSS 1.1 documents as
modified at today's meeting for Committee Specification vote.

WSS TC also requests that the resulting WSS 1.1 Committee Specification
be submitted for OASIS standardization.

Adopted unanimously.

5. Other business

None.

6. Adjournment

The meeting adjourned at 9:00 PDT.

/paulc

Paul Cotton, Microsoft Canada
17 Eleanor Drive, Nepean, Ontario K2E 6A3
Tel: (613) 225-5445 Fax: (425) 936-7329
mailto:Paul.Cotton@microsoft.com



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]