[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Raw Minutes Chat for meeting #215 on 2018-09-10
[18:01] Room information was updated by: Stefan Hagen
Agenda:
-------
1. Welcome by the chair (Stefan Hagen)
2. Minutes taker
All write into the chat, Stefan assembles and uploads into document area.
3. Roll call
4. Approval of the agenda
5. Approval of minutes from previous calls
5.1 Minutes from call #214 on 2018-08-20:
URL = https://www.oasis-open.org/committees/download.php/63759/chat_trace_dss-meeting-20180820-214.txt
6. Candidate(s) for Co-Chair position
Candidate(s):
* Andreas Kuehne offered candidature for Co-Chiar position in DSS-X TC.
URL=https://www.oasis-open.org/archives/dss-x/201809/msg00004.html
Seconded by Ernst Jan van Nigtevecht:
URL=https://www.oasis-open.org/archives/dss-x/201809/msg00005.html
Also supported by Detlef Huehnlein:
URL=https://www.oasis-open.org/archives/dss-x/201809/msg00006.html
In addition, supported by Ezer Farhi:
URL=https://www.oasis-open.org/archives/dss-x/201809/msg00007.html
* Other conadidates ready for election during this meeting?
Full debate and possible motion to elect candidate(s) as Co-Chair(s)
7. DSS Core 2.0 Status of CSD01 in public review
Announcement and invitation for comment:
URL=https://www.oasis-open.org/news/announcements/invitation-to-comment-on-digital-signature-service-core-protocols-elements-and-bi
7.1 Duration of comment period
The public review started August 30, 2018 at 00:00 UTC and ends September 28 at 23:59 UTC.
7.2 Public comments received so far
Note: The TC will not start work on DSS Core 2.0 before the public review has ended.
7.2.1 Query on existing libraries for DSS Version 2.0 (by Dazza Greenwood)
URL=https://lists.oasis-open.org/archives/dss-x-comment/201808/msg00001.html
"[...] Are there any libraries or other open source projects implementing this updated protocol?
I'd like to try it out as a way to better understand the how the functionality and flow are intended to work. [...]"
8. Profiles
8.1 How to proceed with the X.509 certificate validation protocol.
Aspects that deserve discussion (there are maybe more):
* Approach the SCVP authors?
* How to deal with the presumably expired patent?
8.2 Local and Remote Signature Profile
8.2.1 Authentication Procedure for Remote Signing
Question deserving debate and decide if we either:
Refer to RFC 7235 https://www.ietf.org/rfc/rfc7235.txt for the necessary authentication procedure for remote signing
OR
Handle the necessary authentication procedure for remote signing in the DSS-protocol itself.
8.2.2 Namespace for SignRequest
Question deserving debate:
Should the SignRequest component be part of either
The cg namespace (cg for ChipGateway
OR
The dss2 namespace (dss2 for Digital Signature Services version 2)
9. Next meeting
Suggested to meet again on 2018-SEP-24 (usual bi-weekly schedule again)
10. AOB
10.1 Agree to forward the TS 119 442 to ETSI as a TC review.
Draft produced by members of the TC:
URL=https://www.oasis-open.org/archives/dss-x/201809/msg00001/comments-TS119442V0010-dss-x_v0.2.doc
[18:02] Stefan Hagen: Starting 18:03 CEST
[18:03] Stefan Hagen: 1. Welcome by the chair (Stefan Hagen)
2. Minutes taker
All write into the chat, Stefan assembles and uploads into document area.
3. Roll call
[18:04] Stefan Hagen: Voting Members: 3 of 4 (75%) (used for quorum calculation) AK, EJvN, SH
[18:04] Stefan Hagen: We are quorate
[18:04] Stefan Hagen: 4. Approval of the agenda
[18:05] Stefan Hagen: @Detlef: Maybe skip one Detlef<n> in chat and add one to voice (join)?
[18:05] Stefan Hagen: ... just joking, we know, that member<N> means connectivity problems
[18:05] Detlef1: Hi, I'm in a train and try to connect via phone.
[18:06] Stefan Hagen: All good - just veto in case you spot something wrong in chat - and we continue with our wonderfully packed agenda
[18:06] Stefan Hagen: Agenda approved
[18:06] Stefan Hagen: 5. Approval of minutes from previous calls
5.1 Minutes from call #214 on 2018-08-20:
URL = https://www.oasis-open.org/committees/download.php/63759/chat_trace_dss-meeting-20180820-214.txt
[18:07] Stefan Hagen: Minutes approved unchanged as published
[18:07] Stefan Hagen: 6. Candidate(s) for Co-Chair position
Candidate(s):
* Andreas Kuehne offered candidature for Co-Chiar position in DSS-X TC.
URL=https://www.oasis-open.org/archives/dss-x/201809/msg00004.html
Seconded by Ernst Jan van Nigtevecht:
URL=https://www.oasis-open.org/archives/dss-x/201809/msg00005.html
Also supported by Detlef Huehnlein:
URL=https://www.oasis-open.org/archives/dss-x/201809/msg00006.html
In addition, supported by Ezer Farhi:
URL=https://www.oasis-open.org/archives/dss-x/201809/msg00007.html
* Other conadidates ready for election during this meeting?
Full debate and possible motion to elect candidate(s) as Co-Chair(s)
[18:08] Stefan Hagen: No other candidate for today.
[18:08] Stefan Hagen: I move, that Andreas becomes Co-Chair to join Stefan Hagen (me) in facilitating the DSS-X TC.
[18:09] Ernst Jan: I second the motion
[18:10] Stefan Hagen: Motion carries, Andreas Kuehne is Co-Chair of the DSS-X as he accepts the election.
[18:10] Stefan Hagen: Congratulation to Andreas from All
[18:10] Detlef1: congrats!
[18:11] Stefan Hagen: Stefan will nudge nicely Chet or the Admin in charge, to do anything, that Stefan (as chair) cannot do, to put Andreas' powers into place
[18:11] Stefan Hagen: 7. DSS Core 2.0 Status of CSD01 in public review
Announcement and invitation for comment:
URL=https://www.oasis-open.org/news/announcements/invitation-to-comment-on-digital-signature-service-core-protocols-elements-and-bi
[18:11] Stefan Hagen: 7.1 Duration of comment period
The public review started August 30, 2018 at 00:00 UTC and ends September 28 at 23:59 UTC.
[18:12] Stefan Hagen: 7.2 Public comments received so far
Note: The TC will not start work on DSS Core 2.0 before the public review has ended.
[18:12] Stefan Hagen: 7.2.1 Query on existing libraries for DSS Version 2.0 (by Dazza Greenwood)
URL=https://lists.oasis-open.org/archives/dss-x-comment/201808/msg00001.html
"[...] Are there any libraries or other open source projects implementing this updated protocol?
I'd like to try it out as a way to better understand the how the functionality and flow are intended to work. [...]"
[18:13] Stefan Hagen: https://www.oasis-open.org/archives/dss-x/201809/msg00009.html
[18:15] Stefan Hagen: Detlef reports from current status of the implementation he has knowledge of (FutureTrust related projects) for validation as well as signature and seal generation service all use not full version 2.0 protocol - TL;DR no candidates for conformance and not really ripe for public consumption
[18:17] Stefan Hagen: Andreas reports from his FutureTrust related projects that some JSON focused areas are already ripe enough to aid implementers with version 2.0 but he suggests to optimise the benefit, these might be merged before communicating v2 ready tools
[18:18] Stefan Hagen: Detlef expects that the proportion of OASIS related code that is available in the FutureTrust related projects is ready as reference implementation (too early) and the proportion also might change (many stakeholders)
[18:19] Stefan Hagen: Andreas also thinks verification might benefit from enhancements / polishing
[18:21] Stefan Hagen: Suggested: "The TC has considered your request for libraries ready to deal with version 2.0 and is fully conscious, that such libraries are an important part of migration strategies and to in general help implementers to get up to speed as soon as possible, but there are a few cleanups and mergers of isolated non-public tools to make, until these can be considered helpful for the general public and stable w.r.t. the core specification version 2.0" then in addition, give reference to a JIRA issue tracking this
*Update* after the meeting: https://issues.oasis-open.org/browse/DSSX-24 created "Public Comment 201809c00009 By Dazza Greenwood Requesting Library Support"
[18:24] Stefan Hagen: Andreas: Another accelerating support for implementers should be the OpenAPI/Swagger specification (we will have to find out on 1) status of OASIS wide swagger hub account) and 2) schemastore (JSON schema has been uploaded and will be kept in sync by Stefan or other members of the TC
[18:26] Stefan Hagen: 8. Profiles
8.1 How to proceed with the X.509 certificate validation protocol.
Aspects that deserve discussion (there are maybe more):
* Approach the SCVP authors?
* How to deal with the presumably expired patent?
[18:28] Stefan Hagen: Andreas: From FutureTrust project there was request to validate a certificate not "only" signatures. Andreas did implement and noticed, that this profile mimics the already existing RFC that describes the SCVP protocol.
[18:29] Stefan Hagen: Andreas: Suggests to contact the authors and notes, that Stefan brought to his attention, that IETF noted pending patent claims - but Andreas thinks, these should a) be kind of non-patentable (too broad) or also b) expired
[18:29] Stefan Hagen: Ernst-Jan and Stefan second the suggested approach to contact the authors
[18:29] Stefan Hagen: All agree
[18:31] Stefan Hagen: Andreas will draft a mail and send it to the TC members for review
[18:31] Stefan Hagen: 8.2 Local and Remote Signature Profile
8.2.1 Authentication Procedure for Remote Signing
Question deserving debate and decide if we either:
Refer to RFC 7235 https://www.ietf.org/rfc/rfc7235.txt for the necessary authentication procedure for remote signing
OR
Handle the necessary authentication procedure for remote signing in the DSS-protocol itself.
[18:33] Stefan Hagen: Tabled for a few minutes as Participant is changing trains ...
[18:33] Stefan Hagen: 8.2.2 Namespace for SignRequest
Question deserving debate:
Should the SignRequest component be part of either
The cg namespace (cg for ChipGateway
OR
The dss2 namespace (dss2 for Digital Signature Services version 2)
[18:34] Stefan Hagen: Detlef: Is OK with the DSS-ing inclusion of the Signrequest (secton 8.2.2)
[18:34] Stefan Hagen: The fully qualified name would thus be dss2:SignRequest
[18:35] Stefan Hagen: Back to 8.2.1 Authentication Procedure for Remote Signing
Question deserving debate and decide if we either:
Refer to RFC 7235 https://www.ietf.org/rfc/rfc7235.txt for the necessary authentication procedure for remote signing
OR
Handle the necessary authentication procedure for remote signing in the DSS-protocol itself.
[18:36] Stefan Hagen: Thomas Koch from Luxemburg suggested to move authentication to the TLS / HTTPS layer - which Detlef likes as we would not need to deal with the initial authentication step inside our protocol
[18:37] Stefan Hagen: Ernst Jan would also in principle like to delegate this unspecific task to an existing transport layer solution, as long as we along the way do not identify blockers (that would hamper the existing and planned / envisioned use cases)
[18:38] Stefan Hagen: Ernst Jan and Detlef: In the case of a conflict, we would resort to a DSS specific solution.
[18:38] Stefan Hagen: Andreas: Asks for details on the functional commands / phases that are to be "delegated" as to understand if there are upstream changes to the core or other profiles
[18:39] Stefan Hagen: Note: RFC 7235 is "Hypertext Transfer Protocol (HTTP/1.1): Authentication"
[18:40] Stefan Hagen: Ernst-Jan: Does the envisioned solution support Two-Factor Authentication?
[18:41] Stefan Hagen: Detlef: Not directly, it could be used via OAuth Token - challenge based mechanisms are described there (RFC) as a framework - so we might need additional plumbing
[18:42] Stefan Hagen: Ernst-Jan: Summarises, that the reference to the RFC 7235 is presumably not enough and we should give additional guidance, so as one use case TFA should be clearly included and described as far as needed for the profie
[18:44] Stefan Hagen: All agree to analyse and try to go along a RFC 7235 but also add OAuth and TFA so we do in any case not need to deal with OTP (one time passwords) and the like explicitly.
[18:44] Stefan Hagen: Detlef would like to not require a third party for authentication
[18:44] Stefan Hagen: All agree that some more sketched plans and a bit of a prose and sample code will be required to finally decide
[18:46] Stefan Hagen: Ernst-Jan: Looking at eIDas then authentication is actually delegate to a third party - he sees the use of third party growing across Europe. Samples span Belgium and German applications cross using the services
[18:49] Stefan Hagen: Detlef will send a schema revision to Andreas to get feedback soon
[18:50] Stefan Hagen: Andreas welcomes this
[18:50] Stefan Hagen: 9. Next meeting
Suggested to meet again on 2018-SEP-24 (usual bi-weekly schedule again)
[18:50] Stefan Hagen: All agree
Andreas will not be available on September 24
Still all will meet on September 24 (focus on profiles and comment triage of DSS Core PRD01)
[18:50] Stefan Hagen: 10. AOB
10.1 Agree to forward the TS 119 442 to ETSI as a TC review.
Draft produced by members of the TC:
URL=https://www.oasis-open.org/archives/dss-x/201809/msg00001/comments-TS119442V0010-dss-x_v0.2.doc
[18:53] Stefan Hagen: All agree and think this is a good step forward and these comments should be made available to the ETSI working group - Andreas will send this document as feedback from the TC and in the name of the TC as the new Co-Chair
[18:55] Stefan Hagen: Every eventual future Core DSS Version 2 PRD01 comment from ETSI is hopefully carefully considering if delaying the planned schedule is worth the change (only non-substantial changes would allow us to stick with the "go directly to CS01"-plan); Hopefully we embedded already the many comments from ETSI before the CSD01 into the PRD01.
[19:01] Stefan Hagen: Detlef: FutureTrust project plans to start an initiative "Go eiDas!" and asks if we as the committee show some support for this initiative which is a win win in his opinion; maybe we could ask TC admin or IDTrust section - the Co-Chairs will act accordingly and report in one of the next two meetings
[19:01] Stefan Hagen: Meeting adjourned
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]