OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: WS-SX TC Minutes, Feb 1 2006

WS-SX TC Minutes, Feb 1 2006

Summary of new Action items:


1. Call to order/roll call

Duane Nickull, Adobe Systems*
Jong Lee, BEA Systems, Inc.*
Hal Lockhart, BEA Systems, Inc.*
Denis Pilipchuk, BEA Systems, Inc.*
Symon Chang, Blue Titan Software*
Steve Anderson, BMC Software*
Rich Levinson, Computer Associates*
Yakov Sverdlov, Computer Associates*
Nick Ragouzis*, Enosis Group LLC*
Dana Kaufman, Forum Systems, Inc.*
Toshihiro Nishimura, Fujitsu Limited*
Irving Reid, Hewlett-Packard*
Ching-Yun (C.Y.) Chao, IBM*
Henry (Hyenvui) Chung, IBM*
Heather Hinton, IBM*
Kelvin Lawrence, IBM*
Michael McIntosh, IBM*
Anthony Nadalin, IBM*
Michael Perks, IBM*
Blake Dournaee, Intel
Scott Cantor, Internet2*
Bob Morgan, Internet2*
Mike Lyons, Layer 7 Technologies Inc.*
Jan Alexander, Microsoft Corporation*
Paul Cotton, Microsoft Corporation*
Colleen Evans, Microsoft Corporation*
Mark Fussell, Microsoft Corporation*
Vijay Gajjala, Microsoft Corporation*
Marc Goodner, Microsoft Corporation*
Martin Gudgin, Microsoft Corporation*
Ram Jeyaraman, Microsoft Corporation*
Chris Kaler, Microsoft Corporation*
Norman Brickman, Mitre Corporation*
Jeff Hodges, Neustar, Inc.*
Frederick Hirsch, Nokia Corporation*
Abbie Barbir, Nortel Networks Limited*
Paul Knight, Nortel Networks Limited*
Lloyd Burch, Novell*
Steve Carter, Novell*
Howard Bae, Oracle Corporation*
Ashok Malhotra, Oracle Corporation*
Vamsi Motukuru, Oracle Corporation*
Alex Hristov, Otecia Incorporated*
David Waite, Ping Identity Corporation*
Martijn de Boer, SAP AG*
Martin Raepple, SAP AG*
Tony Gullotta, SOA Software Inc.*
Jiandong Guo, Sun Microsystems*
Hubert Le Van Gong, Sun Microsystems*
Don Adams, Tibco Software Inc.*
Hans Granqvist, VeriSign *

2. Reading/Approving minutes of last meeting (January 25)
[VER 2] includes roll call:

Adopted unanimously.

3. Charter clarification ballot(s) status 

The second charter ballot has been started and ends on Feb 7:

The OASIS staff will be making the changes to the charter as a result of
the ballots.  

4. Issues list 

a) Review of action items

ai-06 - Chairs to hold a F2F attendance ballot starting Mar 1 and
closing at least two weeks before the F2F.
ai-09 - Editors to check that XPath examples in WS-SecurityPolicy are
fully namespace qualified.
In progress. 

ai-2006-01-25-01 - Chris Kaler will reply by email to Issue 014's
DONE. See:

ai-2006-01-25-02 - Marc Goodner to work on an initial interop scenarios
document. Prateek Mishra also offered to help.
In progress.

ai-2006-01-25-03 - Heather Hinton and Tony Nadalin to work on an initial
use cases document. Prateek Mishara also offered to help.
In progress.

ai-2006-01-25-04 - Tony Nadalin will look into the possibility of
hosting an interop event at the April F2F location
Tony can get one extra day on Thu Apr 6.  We would probably do interop
on Tue Apr 4 and then have a TC meeting on Apr 5-6.  

Chris Kaler pointed out we will need to decide if we can do an interop
event by getting the interop scenarios before the TC for discussion.
Marc Goodner offered to get the interop scenarios out for the next
meeting.  Tony confirmed that he can hold the reservation for two weeks.
Kelvin Lawrence said the TC will try to decide on the interop event on
one of the next two meetings.

b) Issues in Review status


c) New issues


d) Active issues

i003  Prateek Mishra  Use of term "binding" in specs  
Gudge's response:
Prateek was not on the call and the Chairs recommended we wait for
Prateek to respond on the list or at a future meeting.

i004  Paul Cotton  Transitive closure spec dependencies 
In progress.

i008  Editors  Need well formed XML examples
In progress.   
Kelvin pointed out that the issue also implies getting the examples in
separate files.

i009  Hal Lockhart  Support for different key pairs for sign and encrypt
in SP
Hal will make a proposal for next week.  

i010  Prateek Mishra  Proof of possesion for security intermediaries
ws-trust  design 
Prateek's email:
Prateek was not on the call.  Chris Kaler would like Prateek to explain
the scenario he is trying to enable with this change.  The Chairs
recommended we wait for Prateek to respond on the list or at a future
i014  Prateek Mishra  Is the key agreement algorithm proposed in
WS-Trust sound?   
Chris Kaler's reply:
Chris's email suggests that supporting an additional algorithm beyond
P_SHA1 is a possibility.  Chris is NOT suggesting replacing P_SHA1.

Hal agreed that using P_SHA1 is fine.

Given this input, Prateek Mishra should decide if he wants to make a
proposal to support additional algorithm(s) in the SecureConversation
Derived Key section and in SecurityPolicy to describe this new feature.
i015  C.Y. Chao  Support error handling in RequestSecurityToken
extension mechanism  
Chris Kaler asked if disclosing the confidential information may give
someone data that can be used as the basis of an attack.  

Hal Lockhart believes that we need to use the "generate a fault" text
like was done in WSS and that permits an implementation to not actually
send back the information.

Hal Lockhart does not believe the spec needs to spell out the
information that needs to be returned in error cases as long as we do
not prohibit an implementation returning additional information.

C.Y. Chao agreed there are pros and cons to adding this information.
C.Y. Chao feels that the additional information would be useful to
figure out what was wrong with a message but he agreed that providing
the information might be sensitive.

Paul Cotton asked the TC to make a decision.  Hal asked for more pro and
con for the additional information.  C.Y. Chao said his proposal does
Gudge asked for an even more detailed example with a concrete message
and suggestion of what additional error information could be returned.

No decision was made.

i016  Michael McIntosh  sp:SignedParts mechanism   
Mike will send in a proposal by the end of this week.

i017  Michael McIntosh  sp:RequiredElements mechanism   
Mike will send in a proposal by the end of this week.

i018  Michael McIntosh  absolute XPath expressions    
Mike will send in a proposal by the end of this week.

i019  Frederick Hirsch  supported XPath expressions  
Frederick does not have a resolution and would like have someone else
assigned to the issue.  Martijn de Boer thinks that enforcing full XPath
support might enforce a parser model.  Duane Nickull disagreed with this
statement and felt that it was possible to use XPath with a non-DOM tree
approach.  Duane Nickull wants a concrete reason that XPath does not
work before profiling its usage.

Frederick Hirsch will try to find concrete evidence of where XPath might
offer problems.  Frederick asked others to post to the list any problems
that they know about.

Michael McIntosh pointed out that XPath has an extensibility point to
support arbitrary functions and we might want to profile out this

5. Other business 


6. Adjournment 

The meeting adjourned at about 8:05am PST.


Paul Cotton, Microsoft Canada
17 Eleanor Drive, Nepean, Ontario K2E 6A3
Tel: (613) 225-5445 Fax: (425) 936-7329


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]