OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [VER 1] WS-SX TC Minutes, Mar 28 2006

WS-SX TC Minutes, Mar 29 2006

Summary of new Action items:

AI-2006-03-29-01 Gudge owes Prateek a response (to message 82) for issue 33.

AI-2006-03-29-02 Tony Gullota to provide further examples illustrating issue 48 in time for the F2F.

AI-2006-03-29-03 Martin Raepple will provide text for new section from issue 41 before the F2F.

AI-2006-03-29-04 Marc Goodner to update interop doc with resolution of issue 47 before F2F.

1. Call to order/roll call

Present:

2. Reading/Approving minutes of last meeting (Mar 22)
http://lists.oasis-open.org/archives/ws-sx/200603/msg00091.html  

Adopted unanimously.

3. TC Logistics (10 minutes or less)
- Proposal that this meeting be 1 hour to allow WS-I BSP to meet
Agreed unanimously.

- F2F need to confirm one last time attendance/dietary needs
See information provided in for F2F logistics:
http://lists.oasis-open.org/archives/ws-sx/200602/msg00131.html   

Please vote on the whether or not you will attend so there is an accurate count for catering etc.

There were no questions about the F2F arrangements.

4. Issues list 
http://docs.oasis-open.org/ws-sx/issues/Issues.xml  

a) Review of action items

ai-09 - Editors to check that XPath examples in WS-SecurityPolicy are fully namespace qualified.

See: http://lists.oasis-open.org/archives/ws-sx/200603/msg00093.html   
Leave open until can be investigated further.

AI-2006-02-15-04 - Prateek to propose resolution to Issue 20 before F2F 
Ongoing

AI-2006-02-15-07 - TC members to come to the April F2F with data on when they would be ready to carry out SC/Trust interop. 
Ongoing.

AI-2006-03-08-02 - Mike to provide better description(s) and a complete proposal(s) for issue 016 and issue 017 by the F2F meeting. 

Ongoing, will be done by then.

AI-2006-03-08-05 - Frederick to provide alternative proposal for Issue 36 for the Mar 15 meeting. 

DONE. See resolution from March 22nd minutes: 
http://lists.oasis-open.org/archives/ws-sx/200603/msg00091.html 

AI-2006-03-15-01 - Gudge and Prateek to draft a new section "Guidance on creating New Token Assertions and Token Assertion Extensibility" for review by the TC (for issue 30). 

In progress.

AI-2006-03-22-01 - Tony Nadalin to provide information on where the UML generated schema might be more restrictive than the SP schema. 

Ongoing.

AI-2006-03-22-02 - Prateek Mishra to expand his additional scenarios to define the message RSTR's for the Bearer Assertion and HoK Assertions and to show where they are actually different.

Ongoing. Follow up discussion on the list.

b) Issues in Review status

i003  Use of term "binding" in specs 
i009  Support for different key pairs for sign and encrypt in SP 
i010  Proof of possesion for security intermediaries 
i023  Properties for Algorithm Suite missing or wrong   
i025  Chap. 6.5 [Token protection] conflicts with chapter 8.3 and 8.4 
i026  Chapter 6.7 [Security Header Layout] 
i027  When to include a token? 
i029  Which token to use to encrypt/sign in case of multiple tokens defined in a supporting token assertion?
i032  WS-SP should permit Policy to specify the use of keys derived from passwords
i034  Editorial comments on WS-Trust
i036  Clarify term pre-authentication   
i037  Add element extensibility to RequestSecurityTokenResponseCollection/IssuedTokens
i038  Clarify that ComputedKey optional  
i040  What values can be carried in a /wst:RequestSecurityToken/wst:Claims element?   
i045  Duplicate Id attribute values in Security Context example   
i049  Clarify that [Algorithm Suite] applies to message level cryptography and NOT transport-level cryptography 
i050  Clarify scope of Protection assertions  

TC agreed to add review to the F2F agenda.

c) New issues  

i051 sp:RequireDerivedKeys is underspecified
http://lists.oasis-open.org/archives/ws-sx/200603/msg00101.html 

There is a proposal, TC members should be prepared to discuss at F2F.

d) Active issues

i004  Paul Cotton  Transitive closure spec dependencies 
Pending. Due before F2F.
  
i008  Editors  Need well formed XML examples   
Pending. Should be done by the F2F.

i016  Michael McIntosh  sp:SignedParts mechanism 

ACTION 2006-03-08-02 Mike to provide better description(s) and a
complete proposal(s) for issue 016 and issue 017 by the F2F meeting.

Pending. 
  
i018  Michael McIntosh  absolute XPath expressions   

ACTION 2006-03-08-02 Mike to provide better description(s) and a
complete proposal(s) for issue 016 and issue 017 by the F2F meeting. 

Pending.
  
i020   Describe minimum acceptable lengths for P_SHA1 inputs   

AI-2006-02-15-04 - Prateek to propose resolution to Issue 20 before F2F 

Pending.  

i028  Werner Dittmann  Multiple supporting tokens of the same type?

See: http://lists.oasis-open.org/archives/ws-sx/200603/msg00079.html

AI-2006-03-22-01 - Tony Nadalin to provide information on where the UML generated schema might be more restrictive than the SP schema. 

i030   Need a mechanism to identify token assertions   

Should be covered by Gudge and Prateek's action item:
AI-2006-03-15-01 - Gudge and Prateek to draft a new section "Guidance on creating New Token Assertions and Token Assertion Extensibility" for review by the TC (for issue 30).

i031   Clarification for UsernameToken assertion 

Pending on Issue 30.  
   
i033  Identify security header components that are encrypted   

No discussion by email has occurred since last week's meeting.

AI-2006-03-29-01 Gudge owes Prateek a response (to message 82) for issue 33. 
Unlikely to be done before F2F.

i044   What is an authorization token? 

See Tony's message (url not available yet)
Authorization Token - Security token indicating a claimaint's entitlement.

i048   Binding Assertions should support Operation subjects  

AI-2006-03-29-02 Tony Gullota to provide further examples illustrating issue 48 in time for the F2F. 
http://lists.oasis-open.org/archives/ws-sx/200603/msg00085.html

Tony Gullota's proposal:
http://lists.oasis-open.org/archives/ws-sx/200603/msg00065.html  

e) Pending Issues
i041  Clarification on token propagation of SCT required  ws-sc  design   

AI-2006-03-29-03 Martin Raepple will provide text for new section from issue 41 before the F2F.

i043  Missing enumeration for validate request type in the RequestTypeEnumdefinition   

i047  Does IssuedTokenOverTransport require client-side digital signature?  

AI-2006-03-29-04 Marc Goodner to update interop doc with resolution of issue 47 before F2F.

5. Other business 

a) F2F agenda discussion.
Need time for interop scenarios discussion.
No other requests for items on the agenda.

b) Discussion of Prateek's interop scenarios.
Mail discussion:
http://lists.oasis-open.org/archives/ws-sx/200603/msg00092.html 
http://lists.oasis-open.org/archives/ws-sx/200603/msg00099.html

Tony would like to see a case of an unsigned bearer token.
Some disagreement as to how common or not this is.
Clarification, Tony sees the message being signed which covers the token.

Chris wants clarification on differences between message flows, not the message payloads.

Greg is concerned that SP needs ability to indicate signing of bearer tokens.

Discussion of difference between modeling uses of the protocol from message flows.

Discussion of need for a single interop doc and agreement of selected scenarios.

Discussion will continue at the F2F.

6. Adjournment 

The meeting adjourned at about 10:00am EST.

Marc Goodner
Technical Diplomat
Microsoft Corporation
Tel: (425) 703-1903
Blog: http://spaces.msn.com/mrgoodner/

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]