[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Modified: DSS-X Conference Call 168+
Event Title: DSS-X Conference Call 168+
Date: Monday, 31 October 2016, 06:00pm to 07:00pm CET
Call will be established by co-chairs through skype.
This meeting counts towards voter eligibility.
1. Welcome by the chair (Juan Carlos Cruellas)
5.1 Meeting minutes of #168 on 2016-OCT-17
6. Core and Profile Maintenance
6.1 Local Signature Profile
6.2 Profile for Comprehensive Multi-Signature Verification Reports
6.2.1 Open Action Items from Previous Call(s)
AP on AK to contact Detlev for reminding him to submit modified version of this profile.
6.3.1 Open Action Items from Previous Call(s)
AP => All members will review the change and errata document provided in Documents/Core and propose any additions that
Input from Andreas (https://www.oasis-open.org/apps/org/workgroup/dss-x/email/archives/201610/msg00016.html):
comments on the Errata document.
The first two sections are agreed upon, I assume.
I'm not sure that I get the problem right. The @URIs of the
A bit too tricky for the core I would guess. The request is plausible
I don't want to import with this design flaw into the core! It's so PDF
Dtmo the selection of a key of set of keys should be defined by the
A response set will become invalid in an undetermined period of time (
The enumeration of available keys is critical from the security point of
Moreover the management of the available keys is the primary duty of a
Already fixed, I assume.
The Verification profile is already dealing with both versions of SAML.
And additional remarks on Core from Andreas (https://www.oasis-open.org/apps/org/workgroup/dss-x/email/archives/201610/msg00017.html):
I would like to propose some additional changes to the core once we are going to touch it:
1. Each request may be attributed with a set of profiles. Therefore drop the profile attributes from RequestBaseType and ResponseBaseType. Introduce a set of 'AppliedProfile' items to OptionalOutputs.
7. New Profile Candidates
7.1.1 Open Action Items from Previous Call(s)
7.1.2 Review of Changes in Document / Discussion
7.2 Server Site Profile for JEE Code Signing
7.2.1 Open Action Items from Previous Call(s)
7.2.2 Review of Changes in Document / Discussion
9. Next meetinga
9.1 Next meeting
Suggested is 2016-NOV-14
Registration Meeting #170:
9.2 Further upcoming Meetings
* 2016-DEC-12 (#172)
Owner: Mr. Stefan Hagen
Group: OASIS Digital Signature Services eXtended (DSS-X) TC
Sharing: This event is shared with the OASIS Open (General Membership), and General Public groups. Public Event Link
BEGIN:VCALENDAR CALSCALE:GREGORIAN METHOD:REQUEST VERSION:2.0 PRODID:-//Kavi Corporation//NONSGML Kavi Groups//EN X-MS-OLK-FORCEINSPECTOROPEN:TRUE BEGIN:VTIMEZONE TZID:Europe/Paris BEGIN:STANDARD DTSTART:20001029T030000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10 TZNAME:CET TZOFFSETFROM:+0200 TZOFFSETTO:+0100 END:STANDARD BEGIN:DAYLIGHT DTSTART:20000326T020000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3 TZNAME:CEST TZOFFSETFROM:+0100 TZOFFSETTO:+0200 END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT STATUS:CONFIRMED TRANSP:OPAQUE DTSTAMP:20161031T165148Z DTSTART;VALUE=DATE-TIME;TZID=Europe/Paris:20161031T180000 DTEND;VALUE=DATE-TIME;TZID=Europe/Paris:20161031T190000 SEQUENCE:3 SUMMARY:DSS-X Conference Call 168+ LAST-MODIFIED:20161031T165148Z ORGANIZER:firstname.lastname@example.org DESCRIPTION:Call will be established by co-chairs through skype.\nIf par ticipating for the first time\, please send skype id to co-c hairs by private e-mail.\nNote: Due to partial non-accessibi lity of skype-chat-service:\nPlease use our alternate chat r oom at http://webconf.soaphub.org/conf/room/dss-x\n\nAgenda: 1. Welcome by the chair (Juan Carlos Cruellas)\n\n2. Minute s taker\nAll write into the chat\, Stefan assembles and uplo ads into document area.\n\n3. Roll call\n\n4. Approval of th e agenda\n\n5. Approval of minutes from previous calls\n \n\ n5.1 Meeting minutes of #168 on 2016-OCT-17\n\nURL=https://w ww.oasis-open.org/committees/download.php/59153/dssx-168-dra ft-minutes-shagen-20161017.txt\n\n \n\n6. Core and Profile M aintenance\n\n6.1 Local Signature Profile\n\n6.2 Profile for Comprehensive Multi-Signature Verification Reports\n\n6.2.1 Open Action Items from Previous Call(s)\n\nAP on AK to cont act Detlev for reminding him to submit modified version of t his profile.\n\n6.3 Core\n\n6.3.1 Open Action Items from Pre vious Call(s)\n\nAP =>\; All members will review the chang e and errata document provided in Documents/Core and propose any additions that \n needs consideration.\n\nInput fr om Andreas (https://www.oasis-open.org/apps/org/workgroup/ds s-x/email/archives/201610/msg00016.html):\n\ncomments on the Errata document. \n\nThe first two sections are agreed upon \, I assume.\n\nSection 3.1.1:\n\nI'\;m not sure that I g et the problem right. The @URIs of the\nds:References correl ate to the RefURI of the input documents. Multiple\ninput do cuments result in a set of ds:References.\n\nSection 4.1.1:\ n\nA bit too tricky for the core I would guess. The request is plausible\nbut I may introduce complexity I would like to be addressed in a\nspecific profile\, not in the core. Prob ably it wouldn'\;t be sufficient to\nrequire one element to be present but a set of elements. Or an\nalternative set of elements ... and the generic '\;MgmtData'\; will ne ed\nspecial care to be taken! And we would need to define so me type of error\nresponse. I would prefer to keep it off th e core.\n\nSection 4.2.1:\n\nI don'\;t want to import wit h this design flaw into the core! It'\;s so PDF\nspecific \, keep it e.g. in the PAdES profile.\n\nSection 4.3.1:\n\nD tmo the selection of a key of set of keys should be defined by the\nusage context of the DSS endpoint. This may be done by the user but in a\nuser friendly manner. The KeyInfo stru cture is not fit for this.\n\nA response set will become inv alid in an undetermined period of time (\ne.g. by key expiry \, key renewal). Introducing additional complexities on\nthe user side.\n\nThe enumeration of available keys is critical from the security point of\nview.\n\nMoreover the managemen t of the available keys is the primary duty of a\nsigning se rver. But this is already weakened by the KeySelector. What\ nshould be filled in here when we don'\;t tell which keys are available? My\nproposal would be: drop both\, this enum eration request and the KeySelector.\n\nSection 5.1:\n\nAlre ady fixed\, I assume.\n\nSection 5.2:\n\nThe Verification pr ofile is already dealing with both versions of SAML.\nThis c ould be applied to the core\, too. ut my recommendation woul d be:\nUswe SAML 2.0 only!\n\nAnd additional remarks on Core from Andreas (https://www.oasis-open.org/apps/org/workgroup /dss-x/email/archives/201610/msg00017.html):\n\nI would like to propose some additional changes to the core once we are going to touch it:\n\n1. Each request may be attributed with a set of profiles. Therefore drop the profile attributes fr om RequestBaseType and ResponseBaseType. Introduce a set of '\;AppliedProfile'\; items to OptionalOutputs.\n2. Eac h request may be attributes with a set of policies. The sect ion regarding '\;ServicePolicy'\; does not explicitly state the option for multiple policies. Introduce a set of & #39\;AppliedPolicy'\; items to OptionalOutputs.\n3. Strea mline the core by dropping EscapedXML and InlineXML.\n4. Con sider replacing dss:AnyType by xades:AnyType. The slightly d ifferent structures with same name cause irritations.\n5. Cl earify the cardinality and the intentions of the optional el ements by enumerating them in OptionalInputs and OptionalOu tputs explicitly.\n6. Give a the specific type '\;xs:bool ean'\; to the flag-type OptionalInputs '\;Return*'\ ; elements.\n\n7. New Profile Candidates\n\n7.1 PAdES\n\n7.1 .1 Open Action Items from Previous Call(s)\n\n7.1.2 Review o f Changes in Document / Discussion\n\n7.2 Server Site Profil e for JEE Code Signing\n\n7.2.1 Open Action Items from Previ ous Call(s)\n\n7.2.2 Review of Changes in Document / Discuss ion\n\n8. AOB\n\n9. Next meetinga \n\n9.1 Next meeting\n\nSu ggested is 2016-NOV-14\n\nRegistration Meeting #170:\nURL=ht tps://www.oasis-open.org/apps/org/workgroup/dss-x/event.php? event_id=43619\n\n9.2 Further upcoming Meetings\n\n\n* 2016- NOV-28 (#171)\n URL=https://www.oasis-open.org/apps/org/wor kgroup/dss-x/event.php?event_id=43620\n\n* 2016-DEC-12 (#172 )\n URL=N/A\n\n* Winter-Break\n\n \nGroup: OASIS Digital Si gnature Services eXtended (DSS-X) TC\nCreator: Mr. Stefan Ha gen URL:https://www.oasis-open.org/apps/org/workgroup/dss-x/event.php?event_id=43618 UID:https://www.oasis-open.org/apps/org/workgroup/dss-x/event.php?event_id=43618 BEGIN:VALARM ACTION:DISPLAY DESCRIPTION:REMINDER TRIGGER;RELATED=START:-PT00H15M00S END:VALARM END:VEVENT END:VCALENDAR