[dss] Final Minutes for December 16, 2002 Meeting

[Robert Zuccherato <robert.zuccherato@entrust.com>]

Title: Final Minutes for December 16, 2002 Meeting

Added Dan Greenwood as having attended.

        Robert.

Final Minutes, 12/16/02 DSS TC telephonic meeting.

Attendance

Voting Members

Adams, Carlisle
Andivahis, Dimitri
Bohren, Jeff
Cruellas, Juan Carlos
Greenwood, Daniel
Griffin, Phil
Hirsch, Frederick
Linn, John
Lockhart, Hal
Moskovitz, Ram
Ross, John
Pope, Nick
Sankar, Krishna
Srivastava, Manoj
Triglia, Alessandro
Wang, Kate
Yuval, Gideon
Zuccherato, Robert

Prospective members

Kasselman, Pieter
Messing, John
Holm, Ron
Anderson, Steve
Kaliski, Burt

17 voting members were counted as present, with 5 prospective members
attending.

Liaisons

Nick Pope offered to be the liaison to ETSI which considers the legal and
technical
recognition of signatures in Europe. The focus is on the means for securing
documents long term, with emphasis on timestamping, signature formats, CRL
status, etc. Upon motion duly considered, Nick Pope was named as the liaison
to ETSI.

John Messing of LegalXML discussed the work of the CourtFiling TC and the
eNotary TC. CourtFiling involved the submission of documents to courts on
behalf of litigants and a query-response mechanism to view them. Electronic
signatures have not been a focus of the work to date. The eNotary TC is
considering a
syntax that can be included within the signed XML data or
an X-509 certificate extension (or both) in order to provide a shorthand way
to express equivalent or disparate registration procedures employed by
various RA's and their legal significance in machine readable ways. This is
intended to enable relying parties to "mix and match" brands and types of
certificates in order to perform their due diligence and reduce their own
liability in connection with certificate usage. Upon motion duly considered,
John Messing was named as the
liaison to the CourtFiling TC and the eNotary TC.

John Ross discussed the XML timestamp standard being considered by the EML
TC and how it might be affected by the work of this TC. Upon motion duly
considered, John Ross was named as the liaison to EML.

Input documents. These were already provided to the TC.

Advanced Electronic Signatures Standard from ETSI (Nick Pope), XML security
timestamping protocol (Juan Carlos Cruellas), Authenticating downloaded
content (RAM Moskovitz)

1. Nick Pope introduced the European Candidate Advanced Electronic
Signatures Standard from ETSI which builds upon XML DSIG from W3C. AES
extends DSIG with respect to signature validity over long periods. There is
a placeholder for timestamps, as well as for OCSP and CRL applicable at the
time of timestamp.

There is a means for regular maintenance of timestamping over the archived
life of the documents on an annual or other regular time period basis.

Juan Carlos added with regard to the AES of ETSI that there were other
features relevant to web services in business environments including a
pointer for the applicable signature policy; commitment type, and means for
expressing the role of the signer.

Signature policy concerns rules for the validation of electronic signatures,
regarding business rules, such as roles. Frequency of signature validation
for long term records is one of a number of technical aspects.

The specification has been passed on to the W3C DSIG workgroup which is
reviewing it.

Section 4 gives an overview of the purpose of the ETSI specification.

2. XML security timestamping protocol (Juan Carlos Cruellas)

This document is similar to the Entrust submission discussed last week in that both deal with
timestamping protocols. Both of them use URI as a way to identify
policies. However, these policies could also be identified by OIDs.

It is commented that the TS 101903 contains a XML schema definition for an
element able to deal with both ways of identification. This element was defined
when envisaging the issue of identifying signature policies.

Different models of timestamping use cases contained in the document may be
useful to this TC.

3. Verisign's "Authenticating downloaded content" was introduced by Ram
Moskovitz. This focuses on content distribution security and a possible code
signing replacement. It involves centralizing the functions at a server
which has the role of authenticating rather than through widely distributed
keys.

It is not written for XML but the design could be expressed in XML.

4. Use of input documents.

Hal Lockhart reminded the group of the IPR Oasis Rules- Each input document
must have IPR statements per Oasis Rules, from all contributors, even with
respect to publicly posted conference documents, which still may be subject
to copyrights.

5. Use cases

The Chair suggested that use cases might be helpful to consider in relation
to a requirements document. A use case subcommittee was proposed. It could
act as 1. a repository of use cases and 2. a recommending body for those use
cases that it finds as helpful for the TC requirements documents.

There may also be national or regional legal requirements that may make
certain use cases that are acceptable under one legal regime impossible to
achieve in another geographical area with a different system of laws.

Krishna Sankar, Manoj Srivastava, John Messing, and Nick Pope volunteered
for the subcommittee.

The creation of a subcommittee with the volunteer membership was duly moved,
discussed and adopted.

The January 13, 2003 meeting of the TC will be sponsored by Krishna Sankar.
Other sponsors for other meetings are sought. There being no further
business, the meeting was convened at 1:00 PM EST by the Chair.