OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Draft minutes for Aug 25 meeting

Please see attached.  Corrections and comments to me.  Apologies in 
advance for accrediation and transcription errors.  Boy, that's a hard job.
	/r$

-- 
Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html


DRAFT MINUTES; please send corrections to rsalz@datapower.com

DSS TC meeting, 25 Aug 2003.

Attendance 
        Voting Members
        Juan Carlos Cruellas, self
        Frederick Hirsch, Nokia Mobile Phones
        Burt Kaliski, RSA Security
        Pieter Kasselman, Baltimore
        Andreas Kuehne, self
        Hal Lockhart, BEA Systems
        Tim Moses, Entrust 
        Trevor Perrin, self
        Nick Pope, self
        Rich Salz, DataPower Technology

        *We did not have quorum.*

Requirements document:
        Trevor distributed draft 12.  Major change from draft 11 is
        removing the sentence that marks timestamping as a profile of
        the DSS protocol.  While TS is desired, the relationship to
        the core protocol is TBD.  See Trevor's email of 14-Aug for
        list of changes between drafts 10 and 11.

        Discussion (primarily among Trevor, Pieter, and Nick) about how
        to query, specify, and manage implicit parameters.  For
        example, are they all implied by the application profile URI now?
        The intent of the document is to require that they almost all
        be specifiable, with server-determined defaults.  Nick pointed
        out there are many details that will need to be specified in the
        protocol document.  Pieter mentioned need for an extensible format
        for a server to specify the implicit parameters.  Nick suggested
        not adding a new service endpoint for parameter management.
        Further discussion moved to email list.

Core document and schema
        Nick said that it's currently this is an outline for putting
        in all the details. It is on hold until the schema (most
        recent draft by Juan and Trevor) becomes more complete.
        Tim asked for more explanatory text; Juan and Trevor agreed,
        and Juan will add XML comments into the schema document and
        distribute a new version in a couple of days.
        *Now is the time for the whole TC to start review and
        discussion of the schema.*
        Time asked if it was a deliberate decision to use
        elements, as opposed to attributes?  Answer is yes, but perhaps
        there are places that it should be changed.  Tim suggested
        the request ID.  Further discussion on the list.

        Juan intends to work on the validation request and response
        definitions, to have something by the next conf call.

Compound operations
        Explanation by Nick:  a single operation can have multiple
        actions.  An important open issue:  do we have multiple operations
        (timestamp, sign, verify, etc), or are the operations specified
        in the process element?

Tiumestamping:
        Tim sent an initial email proposal to the list; there has
        been some discussion and still are some open issues.  The
        basic concept is that a timestamp is a ds:Signature type,
        and can be verified as such.

        Some discussion about times as min/max or value/accuracy,
        especially about which has easier processing model (e.g.,
        for sorting).  Currently use value/accuracy, which was
        consensus today, but it's not a closed issue -- bring
        discussion to the list.

        Tim plans a new draft this week.

        Juan will add current document to the repository.

Naming conventions for work product
        Tim sent a proposal.  See the list.

DSS profiles:
        Nick said this is a placeholder to capture comments, and
        doesn't expect any real activity until there is more progress
        on the schema.

Patent issues:
        Nick and Juan have an AI to udpate the TC web pages to
        discuss patent issues.  Still open, waiting for OASIS
        web issues to be fixed.

        Nick posted the Sign On (Formpipe) patent, reviewed it,
        and believes it's not relevant and that we should ignore it.
        (See email for his rationale.)  Rich concurs.  We will.

        Frederick said Zolera patent holder understands our interests.
        Nothing else to do for now, since it's only an application
        anyway.

        Hal said that we can now close this issue, since no other
        TC member has brought up IPR issues.

Any other business:
        Nick said that OASIS has asked all TC chairs to submit a
        FAQ by Sept 2.  Hal says the intent is to inform the "casual
        browser" of what the TC is doing, so they can see if they're
        interested in looking further (e.g., reading [draft] specs).
        Nick wrote a draft, sent it to the list, and will submit it
        to OASIS.  Juan asked if the FAQ is updatable; Nick said yes.

        Tim said that our documents are currently in the TC private
        area.  Shouldn't they be public?  Hal said OASIS allows TC's
        to do what they want, but that in the interest of getting as
        much public feedback as possible, unless something is in rapid
        edit mode, better to make public.  No disagreement, and Nick
        will do this.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]