OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: DSS-TC 8 March 2004 meeting minutes

MEETING MINUTES FOR DSS Telephone conference
Date:   Monday, 08 March 2004 
Time:   12:00 pm - 01:00pm Eastern Time

Attendees:

Voting Members:

Hal Lockhart, BEA Systems
Pieter Kasselman, Betrusted
Mike McIntosh, IBM
Anthony Nadalin, IBM
Krishna Yellepeddy, IBM
Juan Carlos Cruellas, Individual
Andreas Kuehne, Individual
Trevor Perrin, Individual
Nick Pope, Individual
John Ross, Individual
Frederick Hirsch, Nokia Mobile Phones
David Finkelstein, RSA Security
Dimitri Andivahis, Surety
Ed Shallow, Universal Postal Union

Observers:

Burt Kaliski, RSA Security


Agenda:
1 Welcome by chair (Juan Carlos Cruellas) 

2. Confirm Minutes Secretary (Burt Kaliski) 
Confirmed. 

3. Roll Call. 
Quorum achieved (14 voting members, 9 needed) 

4. Approval of agenda
No discussion

5. Approval of minutes
- 23 February 2004 - Approved

6. Review of outstanding actions (see below)

* 04-02-23-1 - Trevor to take description of SOAP binding from another
protocol defined by OASIS ( e.g. SAML), and add this to DSS core document
with the editorial note that additional/special attention needed for this. 

Done, for XKMS and SAML. New action:

AP 04-03-08-1: Trevor to add text for WSS.

* 04-02-23-2 - Trevor to put in wording for handling this in Time Stamp
profile 

Done. New action:

AP 04-03-08-2: Trevor to add identifiers for alternative time-stamping
profiles.

* 04-02-23-3 - XAdES. Juan Carlos, Nick, Ed to discuss feasibility of
protocol that supports both ASN.1 and XML and report at next meeting. 

Juan-Carlos will start discussion by e-mail tomorrow.

* 04-02-23-3 (bis) - German Signature Law profile. Nick to get an idea of
timetable from Andreas Kuehne 

Done. To be discussed at a later time.

* 04-02-23-4 - on all. See how Policy wise server profile fits in with other
profiles.

Open.


7. Discussion on profiles

7.1 Report on the status of the work for each of the profiles.

Expected time for first draft.

- Time-stamp 

* First draft done. Trevor will add request identifiers for specific
profiles. The verification protocol will reuse the SigningTime attribute
from the core to indicate when the timestamp was produced. Some editorial
comments have been given. Goal is to be ready for a committee draft by the
next meeting.

- Code-signing 

Pieter expects to have a first draft of the abstract profile by March 15.
The next step is to have at least one concrete profile; schedule TBD.

- EPM 

Ed expects to have a first draft in 2 to 3 weeks, and a final draft,
optimistically, in 5 weeks.

- Wsecurity 

Still in development.

- XAdES 

Juan-Carlos indicated that the team working on this document has agreed to
prepare an abstract profile from which others can be derived, and has
decided to start with most general concrete profile. In the concrete
profile, one may request an XadES signature by giving the identifier of one
specific form, and may obtain signatures with different properties by
enumerating the properties. He sent a fragment of the first draft today. He
expects to finish the first draft in 2 weeks, for discussion at the next
conference call. He requests that Ed check if he agrees with approach.

- German Signature Law

First draft is done. Andreas will simplify it to refer to external documents
from German Signature Law rather than summarizing them. Question about how
to request that attribute certificates be included in signatures.
Juan-Carlos noted that "certified roles" in XadES may address this.

- Policy wise server

First draft has been posted.

- Entity seal

First draft has been posted. The signature specifies the identity of
requester and signing time. Nick indicated that most aspects are
straightforward. Question about how to indicate a "statement of intent".
Free-form text, or something more specific? In this profile, or more
generic? Group recommends the XadES "commitment type", which is an
identifier, in "commitment rules" in the signature policy. Discussion to be
continued.

AP 04-03-08-3: Nick to start email discussion on Statement of Intent vs
CommitmentType.

- Judicial signing

- Notarial

No updates on these; expected later as legal framework develops.

AP 04-03-08-4: Chairs to contact John Messing for update at next meeting.

7.2 Coordination document.

- Brief report.

http://www.oasis-open.org/apps/org/workgroup/dss/download.php/5446/oasis-dss
-1.0-profiles-discussion-wd-02.doc

Will wait until profiles done for further work.

- Discussion on the template for the profiles.

http://www.oasis-open.org/apps/org/workgroup/dss/download.php/5712/oasis-dss
-1.0-profiles-XYZ-spec-wd-03.doc

http://www.oasis-open.org/apps/org/workgroup/dss/download.php/5714/oasis-dss
-1.0-profiles-XYZ-spec-wd-03.pdf

Nick had sent comments to Trevor about the terms "protocol profile,"
"process profile," "signature profile"; profiles should be just of "DSS
protocol". A non-normative summary should be given early in a profile
document, e.g., Section 1.3. Document should indicate whether it is abstract
or concrete (e.g., put "abstract" in title).

8. Report on status of Core document. 

References:

http://www.oasis-open.org/apps/org/workgroup/dss/download.php/5706/oasis-dss
-1.0-core-spec-wd-13.doc

http://www.oasis-open.org/apps/org/workgroup/dss/download.php/5707/oasis-dss
-1.0-core-spec-wd-13.pdf

http://www.oasis-open.org/apps/org/workgroup/dss/download.php/5715/oasis-dss
-1.0-core-schema-wd-13.xsd 

Trevor is adding some text on SOAP. Some comments to be resolved:

- What type of URI for schema name space, currently URN, could switch to
URL.
- Paul Madsen's issue about supporting the case where an external policy
authority signs some inputs that client includes with its request; use case
currently being discussed.

Also, "qualified name" should be changed to URI. Trevor will change this.

9 Work plan. 

-Plans for Committee Drafts of Core and TIme-stamp profile.

Ready for committee draft by next meeting? Depends on progress in next two
weeks. Goal to stabilize at next meeting, then finalize.

-Approval and implementation plans.

Hal reviewed the OASIS document approval cycle. Three members must attest to
successfully using a proposed standard --- this could be three different
profiles. The group will discuss in more detail at the next conference call.

-Plans for the rest of the profiles.

10. Any other business 

No further discussion.

11. Confirm next conference call: 22th March 04 

Confirmed.

Close 

Respectfully submitted,

Burt Kaliski, RSA Laboratories
bkaliski@rsasecurity.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]