[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: WS-SX TC Minutes, Feb 8 2006
WS-SX TC Minutes, Feb 8 2006 Summary of new Action items: ACTION 2005-02-08-01 Chairs to ensure the list of voting members on the roster is correct. ACTION 2005-02-08-02 Chairs to re-run the charter clarification ballot #2 a second time (after fixing the roster). ACTION 2006-02-08-03 Marc Goodner to post WS-SX issue template to TC site and Chairs to put it in a prominent location to make it easier to find. ACTION 2006-02-08-04 TC members to review the initial interop scenarios by the Feb 15 TC meeting so that the TC can decide at that meeting whether the TC has "critical mass" for an Apr F2F interop event. 1. Call to order/roll call Present: Frank Siebenlist Argonne National Laboratory* Jong Lee BEA Systems, Inc.* Hal Lockhart BEA Systems, Inc.* Denis Pilipchuk BEA Systems, Inc.* Corinna Witt BEA Systems, Inc.* Symon Chang Blue Titan Software* Steve Anderson BMC Software* Rich Levinson Computer Associates* Yakov Sverdlov Computer Associates* Nick Ragouzis* Enosis Group LLC* Dana Kaufman Forum Systems, Inc.* Toshihiro Nishimura Fujitsu Limited* Irving Reid Hewlett-Packard* Greg Whitehead Hewlett-Packard* Ching-Yun (C.Y.) Chao IBM* Henry (Hyenvui) Chung IBM* Heather Hinton IBM* Kelvin Lawrence IBM* Michael McIntosh IBM* Anthony Nadalin IBM* Michael Perks IBM* Blake Dournaee Intel Mike Lyons Layer 7 Technologies Inc.* Jan Alexander Microsoft Corporation* Paul Cotton Microsoft Corporation* Colleen Evans Microsoft Corporation* Mark Fussell Microsoft Corporation* Vijay Gajjala Microsoft Corporation* Marc Goodner Microsoft Corporation* Martin Gudgin Microsoft Corporation* Chris Kaler Microsoft Corporation* Asir Vedamuthu Microsoft Corporation* Norman Brickman Mitre Corporation* Frederick Hirsch Nokia Corporation* Paul Knight Nortel Networks Limited* Lloyd Burch Novell* Steve Carter Novell* Howard Bae Oracle Corporation* Ashok Malhotra Oracle Corporation* Prateek Mishra Oracle Corporation* Alex Hristov Otecia Incorporated* Darren Platt Ping Identity Corporation* Werner Dittmann Siemens AG* Tony Gullotta SOA Software Inc.* Jiandong Guo Sun Microsystems* Hubert Le Van Gong Sun Microsystems* Eve Maler Sun Microsystems* Don Adams Tibco Software Inc.* Hans Granqvist VeriSign * Ruchith Fernando WSO2* 2. Reading/Approving minutes of last meeting (Feb 1) http://lists.oasis-open.org/archives/ws-sx/200602/msg00003.html Adopted unanimously. 3. Charter clarification ballot(s) status The first ballot changes have not yet been made by the OASIS staff. The Chairs will ensure these changes are made even if they have to do the changes themselves. The second charter ballot has been started and ends on Feb 7: http://www.oasis-open.org/apps/org/workgroup/ws-sx/ballot.php?id=950 This ballot failed to obtain the necessary 2/3 majority. Tony asked if the status of voting members was correct on the roster. Tony asked if the roster was wrong if we have to re-run the ballot. Paul suggested we first fix the roster and then do the ballot again. ACTION 2005-02-08-01 Chairs to ensure the list of voting members on the roster is correct. ACTION 2005-02-08-02 Chairs to re-run the charter clarification ballot #2 a second time (after fixing the roster). 4. Issues list http://docs.oasis-open.org/ws-sx/issues/Issues.xml a) Review of action items ai-06 - Chairs to hold a F2F attendance ballot starting Mar 1 and closing at least two weeks before the F2F. ai-09 - Editors to check that XPath examples in WS-SecurityPolicy are fully namespace qualified. Pending. Tony has the pen on this one and we will be getting a revised document. ai-2006-01-25-02 - Marc Goodner to work on an initial interop scenarios document. Prateek Mishra also offered to help. DONE. See: http://lists.oasis-open.org/archives/ws-sx/200602/msg00010.html ai-2006-01-25-03 - Heather Hinton and Tony Nadalin to work on an initial use cases document. Prateek Mishara also offered to help. DONE. See: http://lists.oasis-open.org/archives/ws-sx/200602/msg00022.html ai-2006-01-25-04 - Tony Nadalin will look into the possibility of hosting an interop event at the April F2F location Pending discussion of interop documents. See below. b) Issues in Review status None. c) New issues Questions and comments, Werner Dittman http://lists.oasis-open.org/archives/ws-sx/200602/msg00002.html Werner Dittman will issue separate emails for each issue. He expects to have this done within 24 hours. ACTION 2006-02-08-03 Marc Goodner to post WS-SX issue template to TC site and Chairs to put it in a prominent location to make it easier to find. i020 Describe minimum acceptable lengths for P_SHA1 inputs http://lists.oasis-open.org/archives/ws-sx/200602/msg00012.html Accepted. Change status to Active. Chris Kaler suggested we might suggest a minimum of 128 bits for the Nonce. Prateek Mishra will propose text to capture this suggestion for WS-Trust. Hal Lockhart asked if there was similar problem with SecureConversation for Nonce parameters. Prateek will also check into this aspect of the problem and if need will make a wider proposal or open a new issue. d) Active issues i003 Prateek Mishra Use of term "binding" in specs Prateek: http://lists.oasis-open.org/archives/ws-sx/200602/msg00011.html Gudge's response: http://lists.oasis-open.org/archives/ws-sx/200602/msg00024.html Gudge and Prateek appear to be agreeing on the changes required. Gudge indicated that there two outstanding items: a) use of the term "Security Binding Property Assertion" There are no references to the term "Security Binding Property Assertion". Paul Cotton was okay with leaving in the unreferenced definition. Hal Lockhart agreed with leaving the definition in for now and he retained the right to drop the definition later. b) whether the phrase "minimum set of tokens that will be used" is clear. Chris Kaler suggested adding a note for b) that the service might accept more tokens. There was no objection to this suggestion. Gudge will provide a summary of the suggested changes for Issue 3. i004 Paul Cotton Transitive closure spec dependencies In progress. Paul needed access to the specification Word docs which has now been provided. i008 Editors Need well-formed XML examples In progress. i009 Hal Lockhart Support for different key pairs for sign and encrypt in SP In progress. There has been some offline discussion. Hal will try again to get something done this week. i010 Prateek Mishra Proof of possesion for security intermediaries ws-trust design Prateek's email: http://lists.oasis-open.org/archives/ws-sx/200601/msg00082.html Prateek's email sent early today states: http://lists.oasis-open.org/archives/ws-sx/200602/msg00025.html "Consider a case where we have a <wsse:security> header with multiple tokens involved; a username token which names a user ("joe"), X.509 token (i guess this is called a supporting token) and a signature over the user-name-token and body (based on the X.509 token). Now, an application can present this entire security header to STS. The STS can make judgements based on both the X.509 token and the user-name token ("aha, this is a message from Joe signed by the finance server") placing whatever interpretation it chooses to w.r.t this header. But the intermediary cannot provide equivalent information; if we imagine an intermediary acting on behalf of the application. As currently stated in section 11.1, the intermediary can only provide a security token, a STR or an end-point-reference. My suggestion is to expand this list to include <wsse:security> headers as well." Chris and Prateek (and other TC members) discussed this scenario. Prateek will send an example to the list based on this discussion and will outline what cannot be captured by the intermediary. i014 Prateek Mishra Is the key agreement algorithm proposed in WS-Trust sound? Chris Kaler's reply: http://lists.oasis-open.org/archives/ws-sx/200602/msg00000.html Prateek accepts this explanation and is willing to close the issue. There was no objection to closing this issue with no action. Chris suggested the only change would be to add a new derived key algorithm based on P-SHA256. Prateek agreed this was orthogonal. Change status of issue i014 to Closed with no action. i015 C.Y. Chao Support error handling in RequestSecurityToken extension mechanism No discussion. Skipped. i016 Michael McIntosh sp:SignedParts mechanism Mike's proposal: http://lists.oasis-open.org/archives/ws-sx/200602/msg00014.html Skipped until next meeting. i017 Michael McIntosh sp:RequiredElements mechanism Mike's proposal: http://lists.oasis-open.org/archives/ws-sx/200602/msg00018.html Followup: http://lists.oasis-open.org/archives/ws-sx/200602/msg00019.html Skipped until next meeting. i018 Michael McIntosh absolute XPath expressions Mike's proposal: http://lists.oasis-open.org/archives/ws-sx/200602/msg00020.html Skipped until next meeting. i019 Frederick Hirsch supported XPath expressions Frederick reported that he was not able to get any concrete examples. His developers did agree that doing less is always better. Since there are no concrete examples the TC agreed to close this issue with no action. Change status of issue i019 to Closed with no action. 5. Other business a) ai-2006-01-25-02 - Marc Goodner to work on an initial interop scenarios document. Prateek Mishra also offered to help. DONE. See: http://lists.oasis-open.org/archives/ws-sx/200602/msg00010.html Marc Goodner has uploaded the initial document. Chris Kaler asked if this set of interop scenarios was acceptable. Chris asked who could interop using these SC/Trust scenarios? Paul Cotton said that Microsoft would be ready to interop on these by the Apr F2F. Tony Nadalin said that IBM would be ready to interop by the Apr timeframe. Eve Maler said that Sun needed more time to review the scenarios. ACTION 2006-02-08-04 TC members to review the initial interop scenarios by the Feb 15 TC meeting so that the TC can decide at that meeting whether the TC has "critical mass" for an Apr F2F interop event. Chris Kaler indicated that in the past the WSS TC did interop as a confidential TC effort and members should feel comfortable doing only part of the interop scenarios. b) ai-2006-01-25-03 - Heather Hinton and Tony Nadalin to work on an initial use cases document. Prateek Mishara also offered to help. DONE. See: http://lists.oasis-open.org/archives/ws-sx/200602/msg00022.html Tony Nadalin reviewed the proposal. Heather asked for input before she and Tony proceeded with more detail of these use cases. c) SecurityPolicy section numbers Chris Kaler pointed out that the section cross-references in WS-SecurityPolicy were messed up during the work to achieve the OASIS re-formatting. The meeting agreed to open a new issue to fix this problem and assigned it to the Editors. 6. Adjournment The meeting adjourned at about 8:26am PST. /paulc Paul Cotton, Microsoft Canada 17 Eleanor Drive, Nepean, Ontario K2E 6A3 Tel: (613) 225-5445 Fax: (425) 936-7329 mailto:Paul.Cotton@microsoft.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]