Re: Heads up - Agenda item discussion tomorrow: REQ004 - WS-Sec

[Andrew Hately <hately@us.ibm.com>]

Luc,

For #2-4, a couple weeks ago, WS-I published
posted a draft profile on security and I haven't finished comparing it
to the earlier drafts to see if the modeling below still applies.

http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html

I hope to do so this week and will submit
the papers if it still lines up with the draft document.

Regards,

Andrew Hately
IBM Austin
UDDI Development, Emerging Technologies 
Lotus Notes: Andrew Hately/Austin/IBM@IBMUS
Internet: hately@us.ibm.com
(512) 838-2866,  t/l 678-2866

"Luc Clement" <luc.clement@systinet.com>

05/31/2004 04:10 PM

To	"'Rogers, Tony'" <Tony.Rogers@ca.com>, Andrew Hately/Austin/IBM@IBMUS, "Mirek Novotny" <mirek.novotny@systinet.com>
cc	Tom Bellwood/Austin/IBM@IBMUS
Subject	Heads up - Agenda item discussion tomorrow: REQ004 - WS-Sec

Heads up. Please be ready to discuss the
following topic during tomorrow's telecon.
 
Regards,
Luc
 
Luc Clément        
               
Secretary, OASIS UDDI Spec
TC
Systinet Corporation
Tel: +1.425.941.0150
 
6.1.1
         REQ004
– WS-Security Compatibility
 
This requirement is being handled largely
through the use of four TN as follows:
 
1.      
"HTTP Basic and Digest Authentication"
TN – This TN has been expanded to include 1) BasicAuth and 2) MD5
Message Digest Auth. The TN is posted at http://www.oasis-open.org/apps/org/workgroup/uddi-spec/download.php/6132/uddi-spec-tc-tn-httpauth-20040316.doc.

 
Action items:
a.      
Andrew to add keyGenerator tModels
b.      Andrew
to list all prerequisite TNs
c.      
Tony and Mirek will do a proofing run
over the TN.
 
2.      
"WS-Security TN for Modeling Issuing
Authorities & Tokens in UDDI" TN. This TN will introduce the
Taxonomy for Issuing Authorities tModel including PKIX, x509, Kerberos
and others (TBD)
 
3.      
"WS-Security TN for Modeling WS-Security
in UDDI" TN. This TN will introduce the following tModels:
a.      
two applicable WS-Security tModels:
               
                     
                     
               i.
     WS-Sec Signature
tModel
               
                     
                     
             ii.
     WS-Sec Encryption
tModel
b.      two
token mapping tModels. They will cover the following example usage: “I
have a cert for this, but here is how I want it expressed”.
               
                     
                     
               i.
     X509 tModel
               
                     
                     
             ii.
     WS-User/Token
tModel
c.      
for interoperability purposes, we will
require a supporting taxonomy to address DSig Profiles, an Encryption Profiles
and Token Profiles. This will be modeled by:
               
                     
                     
               i.
     WS-Security Taxonomy
tModel
 
4.      
"WS-Security TN for modeling Basic
Security Profile for WS-I" TN. This TN (which can now be worked
on due to the availability of the WS-I Basic Security profile) will include
the following tModels:
a.    
  WS-Basic Security tModel

b.      SSL
tModel
c.    
  Token Mapping Trust Domain
tModel
 
Andrew was targeting 11 May to complete a
first draft of the "WS-Security TN for Modeling Issuing Authorities
& Tokens in UDDI and WS-Security TN for Modeling WS-Security
in UDDI TNs. This did not happen.
 
Discussion:
a.      
Discussion that the above breakdown of
TNs and activities is sufficient and correct
b.      Obtain
report on status from Andrew, Tony and Mirek on HTTP Basic and Digest
Authentication TN
c.      
Obtain status from Andrew on items 2,
3 and 4