WS-SX TC Minutes, May 31 2006

["Marc Goodner" <mgoodner@microsoft.com>]

WS-SX TC Minutes, May 31 2006

Summary of new Action Items:
tbd

1. Call to order/roll call
    
Present:
tbd

2. Reading/Approving minutes of last meeting (May 3rd)
http://lists.oasis-open.org/archives/ws-sx/200605/msg00042.html

Adopted unanimously.

3. TC Logistics (10 minutes or less)
Chairs close to closing on F2F location.

4. Issues list
http://docs.oasis-open.org/ws-sx/issues/Issues.xml
    
a) Review of action items
AI-2006-04-04-03 - Tony Nadalin to identify possible issues for
SecurityPolicy based on the changes proposed for Issue 52.
In progress.

AI-2006-04-04-08 - Marc Goodner with help from Prateek Mishra to
document interop message flows based on the current version of SC/Trust.
In progress.

AI-2006-04-05-04 - Chairs to do further work on a F2F meeting time and
location.
In progress.

AI-2006-05-03-03 - Tony will investigate and start thread on issue 67.
In progress.


b) Issues in Review status

  None.

    
c) New issues
i071 - Guidance on Policy Application
Issue is about wanting to add additional text about how SP is to be
used.
Issue accepted, Hal assigned as owner.

d) Active issues

i004 - Transitive closure spec dependencies
In progress. ETA next week.

i008 - Need well formed XML examples
In progress.

i031 - Clarification for UsernameToken assertion
Hal's revised proposal tagged as proposal 1. It is derived from Gudge's
proposal 2.
Discussion around not doing anything vs. doing this for this assertion.
There seem to be two camps around these options.
Desire for another week of list discussion expressed.
Come prepared to vote on this issue next week.

Concerns expressed by some that doing this for this token leads to doing
it for all.
Hal believes this should be done for this token, unsure about others.
Do we want to describe any token in greater detail in general, or which
of the five?
Seem to be three options.
Fisrt case is not to describe this.
Second is describe how to do this but not actually do it. 
Third is to define exactly how to do this.
Question is if third choice is taken which tokens do you define?
Hal thinks UsernameToken.

i033 - Identify security header components that are signed and/or
encrypted
Discussion of proposal 2
http://lists.oasis-open.org/archives/ws-sx/200605/msg00035.html
Prateek has discussed the proposal with Gudge
OK with this proposal but sees a broader issue as a result of adopting
this one related to <EncryptSupportingToken>.
Adopted unanimously, issue moved to pending.

i048 - Binding Assertions should support Operation subjects
Proposal 5
http://lists.oasis-open.org/archives/ws-sx/200605/msg00019.html
Adopted unanimously, issue moved to pending.

i055 - Clarification on RequireDerivedKeys and X509Token under
AsymmetricBinding
Leave open for another week for further discussion.

i066 - SecurityPolicy use cases
In progress.

i067 - Resolving Policies if more than one SecureConversationToken is
present
AI-2006-05-03-03

i070 - Clarify relationship between extensibility model and policy
intersection
Prateek to send in another proposal this week based on discussion in
last week.


f) Pending issues
No update from editors this week.

i065 - Permitting requestors to avoid recieving cancel messages

i069 - Default assertions and policy intersections


5. AOB
Question on interop dates, when?
Mid-July as a virtual interop event.
Will check in with TC members next week to see who can participate.

6. Adjournment

The meeting adjourned at 7:45 AM PST.



Marc Goodner
Technical Diplomat
Microsoft Corporation
Tel: (425) 703-1903
Blog: http://spaces.msn.com/mrgoodner/