[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: WS-SX TC Minutes, Feb 1 2006
WS-SX TC Minutes, Feb 1 2006 Summary of new Action items: None. 1. Call to order/roll call Present: Duane Nickull, Adobe Systems* Jong Lee, BEA Systems, Inc.* Hal Lockhart, BEA Systems, Inc.* Denis Pilipchuk, BEA Systems, Inc.* Symon Chang, Blue Titan Software* Steve Anderson, BMC Software* Rich Levinson, Computer Associates* Yakov Sverdlov, Computer Associates* Nick Ragouzis*, Enosis Group LLC* Dana Kaufman, Forum Systems, Inc.* Toshihiro Nishimura, Fujitsu Limited* Irving Reid, Hewlett-Packard* Ching-Yun (C.Y.) Chao, IBM* Henry (Hyenvui) Chung, IBM* Heather Hinton, IBM* Kelvin Lawrence, IBM* Michael McIntosh, IBM* Anthony Nadalin, IBM* Michael Perks, IBM* Blake Dournaee, Intel Scott Cantor, Internet2* Bob Morgan, Internet2* Mike Lyons, Layer 7 Technologies Inc.* Jan Alexander, Microsoft Corporation* Paul Cotton, Microsoft Corporation* Colleen Evans, Microsoft Corporation* Mark Fussell, Microsoft Corporation* Vijay Gajjala, Microsoft Corporation* Marc Goodner, Microsoft Corporation* Martin Gudgin, Microsoft Corporation* Ram Jeyaraman, Microsoft Corporation* Chris Kaler, Microsoft Corporation* Norman Brickman, Mitre Corporation* Jeff Hodges, Neustar, Inc.* Frederick Hirsch, Nokia Corporation* Abbie Barbir, Nortel Networks Limited* Paul Knight, Nortel Networks Limited* Lloyd Burch, Novell* Steve Carter, Novell* Howard Bae, Oracle Corporation* Ashok Malhotra, Oracle Corporation* Vamsi Motukuru, Oracle Corporation* Alex Hristov, Otecia Incorporated* David Waite, Ping Identity Corporation* Martijn de Boer, SAP AG* Martin Raepple, SAP AG* Tony Gullotta, SOA Software Inc.* Jiandong Guo, Sun Microsystems* Hubert Le Van Gong, Sun Microsystems* Don Adams, Tibco Software Inc.* Hans Granqvist, VeriSign * 2. Reading/Approving minutes of last meeting (January 25) [VER 2] includes roll call: http://lists.oasis-open.org/archives/ws-sx/200602/msg00001.html Adopted unanimously. 3. Charter clarification ballot(s) status The second charter ballot has been started and ends on Feb 7: http://www.oasis-open.org/apps/org/workgroup/ws-sx/ballot.php?id=950 The OASIS staff will be making the changes to the charter as a result of the ballots. 4. Issues list http://docs.oasis-open.org/ws-sx/issues/Issues.xml a) Review of action items ai-06 - Chairs to hold a F2F attendance ballot starting Mar 1 and closing at least two weeks before the F2F. Pending. ai-09 - Editors to check that XPath examples in WS-SecurityPolicy are fully namespace qualified. In progress. ai-2006-01-25-01 - Chris Kaler will reply by email to Issue 014's questions. DONE. See: http://lists.oasis-open.org/archives/ws-sx/200602/msg00000.html ai-2006-01-25-02 - Marc Goodner to work on an initial interop scenarios document. Prateek Mishra also offered to help. In progress. ai-2006-01-25-03 - Heather Hinton and Tony Nadalin to work on an initial use cases document. Prateek Mishara also offered to help. In progress. ai-2006-01-25-04 - Tony Nadalin will look into the possibility of hosting an interop event at the April F2F location Tony can get one extra day on Thu Apr 6. We would probably do interop on Tue Apr 4 and then have a TC meeting on Apr 5-6. Chris Kaler pointed out we will need to decide if we can do an interop event by getting the interop scenarios before the TC for discussion. Marc Goodner offered to get the interop scenarios out for the next meeting. Tony confirmed that he can hold the reservation for two weeks. Kelvin Lawrence said the TC will try to decide on the interop event on one of the next two meetings. b) Issues in Review status None. c) New issues None. d) Active issues i003 Prateek Mishra Use of term "binding" in specs Gudge's response: http://lists.oasis-open.org/archives/ws-sx/200601/msg00086.html Prateek was not on the call and the Chairs recommended we wait for Prateek to respond on the list or at a future meeting. i004 Paul Cotton Transitive closure spec dependencies In progress. i008 Editors Need well formed XML examples In progress. Kelvin pointed out that the issue also implies getting the examples in separate files. i009 Hal Lockhart Support for different key pairs for sign and encrypt in SP Hal will make a proposal for next week. i010 Prateek Mishra Proof of possesion for security intermediaries ws-trust design Prateek's email: http://lists.oasis-open.org/archives/ws-sx/200601/msg00082.html Prateek was not on the call. Chris Kaler would like Prateek to explain the scenario he is trying to enable with this change. The Chairs recommended we wait for Prateek to respond on the list or at a future meeting. i014 Prateek Mishra Is the key agreement algorithm proposed in WS-Trust sound? Chris Kaler's reply: http://lists.oasis-open.org/archives/ws-sx/200602/msg00000.html Chris's email suggests that supporting an additional algorithm beyond P_SHA1 is a possibility. Chris is NOT suggesting replacing P_SHA1. Hal agreed that using P_SHA1 is fine. Given this input, Prateek Mishra should decide if he wants to make a proposal to support additional algorithm(s) in the SecureConversation Derived Key section and in SecurityPolicy to describe this new feature. i015 C.Y. Chao Support error handling in RequestSecurityToken extension mechanism Chris Kaler asked if disclosing the confidential information may give someone data that can be used as the basis of an attack. Hal Lockhart believes that we need to use the "generate a fault" text like was done in WSS and that permits an implementation to not actually send back the information. Hal Lockhart does not believe the spec needs to spell out the information that needs to be returned in error cases as long as we do not prohibit an implementation returning additional information. C.Y. Chao agreed there are pros and cons to adding this information. C.Y. Chao feels that the additional information would be useful to figure out what was wrong with a message but he agreed that providing the information might be sensitive. Paul Cotton asked the TC to make a decision. Hal asked for more pro and con for the additional information. C.Y. Chao said his proposal does this: http://lists.oasis-open.org/archives/ws-sx/200601/msg00080.html Gudge asked for an even more detailed example with a concrete message and suggestion of what additional error information could be returned. No decision was made. i016 Michael McIntosh sp:SignedParts mechanism Mike will send in a proposal by the end of this week. i017 Michael McIntosh sp:RequiredElements mechanism Mike will send in a proposal by the end of this week. i018 Michael McIntosh absolute XPath expressions Mike will send in a proposal by the end of this week. i019 Frederick Hirsch supported XPath expressions Frederick does not have a resolution and would like have someone else assigned to the issue. Martijn de Boer thinks that enforcing full XPath support might enforce a parser model. Duane Nickull disagreed with this statement and felt that it was possible to use XPath with a non-DOM tree approach. Duane Nickull wants a concrete reason that XPath does not work before profiling its usage. Frederick Hirsch will try to find concrete evidence of where XPath might offer problems. Frederick asked others to post to the list any problems that they know about. Michael McIntosh pointed out that XPath has an extensibility point to support arbitrary functions and we might want to profile out this possibility. 5. Other business None. 6. Adjournment The meeting adjourned at about 8:05am PST. /paulc Paul Cotton, Microsoft Canada 17 Eleanor Drive, Nepean, Ontario K2E 6A3 Tel: (613) 225-5445 Fax: (425) 936-7329 mailto:Paul.Cotton@microsoft.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]