dss message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Minutes of 8 September meeting
- From: Krishna Yellepeddy <kyellepe@us.ibm.com>
- To: dss@lists.oasis-open.org
- Date: Tue, 16 Sep 2003 14:11:01 -0500
Following are the minutes for the 9/8/2003 meeting. Please send corrections and comments to me.
My apologies in advance for any transcription errors.
DRAFT MINUTES; please send corrections to kyellepe@us.ibm.com
DSS TC meeting, 8 September 2003.
Attendance
Voting Members
Juan Carlos Cruellas, self
David Finkelstein, RSA Security
Steve Gray, Universal Postal Union
Frederick Hirsch, Nokia Mobile Phones
Burt Kaliski, RSA Security
Pieter Kasselman, Baltimore
Andreas Kuehne, self
John Messing, ABA
Tim Moses, Entrust
Trevor Perrin, self
Nick Pope, self
Rich Salz, DataPower Technology
Ed Shallow, Universal Postal Union
Krishna Yellepeddy, IBM
We had quorum.
Minutes of DSS TC phone conferences 11 & 25 Aug approved
Existing Action items:
Action 17: Nick to send text to list acknowledging that the XKMS response meets our needs; then will forward to XKMS group.
Since no one had any problems with the response Nick drafted, he
will forward his response to the XKMS group.
Requirements Document
Trevor observed that the draft is vague with respect to compound protocols.
Nick suggested putting the compound protocol details in the core document.
Krishna observed that the section on requester identity should describe
that names in X.500 certificates could be expressed in the subject name
field, or the subject alternative extension field, and that this needs to get
factored into the kind of names that a DSS provider could handle (see action 20 below).
Nick suggested that these different naming options be accounted for in the
schema document.
Requirements draft V12 was approved.
Core Document
There were a number of submissions to the list on this subject and several
issues.
Nick said that compound operations & processing options came from Ed Shallow
during the face to face meeting. This was based on Ed's earlier work at UPU.
Ed submitted concept of processing options, Tim then provided details about
this. Tim, during the call, said that we may be talking about a small number
of compound operations, e.g., two requests - doStuff and checkStuff. Actual
stuff would be elaborated in processing options document. We can think of processing
options with relatively simple policy expressions. This was followed by detailed
discussion by several members ( including Tim, Juan Carlos, Frederick, Nick, Ed).
Frederick asked hadn't we talked about atomic operations that we could define
upfront ? Tim's suggestions for an open container in which we can put any policy
expression came up for discussion. Juan Carlos expressed concern about putting
operations and policy statements together, and that trying to establish an
equivalence between them would be strange. Members agreed that this discussion
would be continued later on the list.
Everyone agreed that the concept of processing options was the starting point.
Next discussion was on verify counter-sign and whether to have a separate operation
called VerifySign. Nick said that it was worth having VerifySign as a separate operation.
Trevor supported this. John asked for a clarification - is the server signing after
verifying ? The answer was,yes think of it as the server augmenting the previous
signature. Another example was that verifying and signing would be like notarizing.
John Messing then talked about how Federal and state courts are moving fast towards
adopting an approach for electronic filing and signing and verification of
documents. The approach is based on taking the hash of the document checked in and associated
database operation details that John described. John will write this up and send to the
DSS-mailing list (listed as Action 21 below) . He expressed concern that the DSS architecture could not
handle this electronic filing scenario. This observation was made:What John is describing
in the context of electronic filing for courts is strictly not a digital signature.
Sign
Juan Carlos suggested we stick to the outcome of f2f meeting regarding schema. General
structure agreed was - document to be signed, the claimed id of requestor, key
that requestor wanted service to use, different option types that should
be included in the reply. Juan Carlos said he has reviewed Trevor's schema and that
we can accommodate mechanisms Trevor has described in the schema.
Trevor said he'd be comfortable having individuals work on this schema
separately, without adopting one or other version as a working
draft for now. Nick stated that it was important to get the signed
structure sorted soon since operations depended on this.
Juan Carlos and Trevor both volunteered to add more text to the
XML schemas they have proposed so far. Ed Shallow said that Juan Carlos
had already done a good job with the descriptive text for the XML schema,
but more description would not hurt. After lengthy discussion among the members in
which options such as holding a meeting next Monday to resolve this issue
were proposed, it was agreed that Juan Carlos and Trevor would work on the
schema issues together and reach an agreement. Any unresolved issues will be discussed
by the entire TC. Juan Carlos and Trevor agreed that they would post their discussion to the list.
Validate
Juan Carlos said we have the initial proposal for validating request. Usage
of different elements has been elaborated. Need to work on processing options elements.
Timestamping:
Tim said he was not aware of issues on this and that the approach was sound.
Implicit parameters:
As we were out of time, this issue to be discussed at our next meeting.
Object naming
Nick asked if everyone was OK with the object naming guidelines.
Since no one had any problems, Nick asked when do we send this to the
other chairs ? Tim responded that we don't and that TAB ( technical
advisory board) will handle sending to the other chairs.
Trevor asked whether to update our documents based on this convention.
Nick's response was to do the renaming for the next version of each
document.
Actions
Action 20. Krishna Yellepeddy to send a note to list regarding Requestor Identity
(section 3.3.2) in DSS Use Case Requirements Analysis document. He will
elaborate on the different kinds of names from X.509 certificate that a
DSS would need to handle.
Action 21: John Messing to send a note to list describing the approach for electronic
filing and signing and verification of documents to be adopted by Federal and state courts.
Regards,
Krishna
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]