WS-SX TC Minutes, June 28 2006

["Marc Goodner" <mgoodner@microsoft.com>]

WS-SX TC Minutes, June 28 2006

Summary of new Action Items:
AI-2006-06-28-01 Chairs to get thread going on interop participation and
find a coordinator

1. Call to order/roll call
    
Present:
Jong Lee, BEA Systems, Inc.* 
Hal Lockhart, BEA Systems, Inc.* 
Denis Pilipchuk, BEA Systems, Inc.* 
Corinna Witt, BEA Systems, Inc.*
Rich Levinson, CA* 
Yakov Sverdlov, CA* 
Toshihiro Nishimura, Fujitsu Limited* 
Irving Reid, Hewlett-Packard* 
Ching-Yun (C.Y.) Chao, IBM* 
Henry (Hyenvui) Chung, IBM* 
Kelvin Lawrence, IBM* 
Michael McIntosh, IBM* 
Bruce Rich, IBM*
Mike Lyons, Layer 7 Technologies Inc.* 
Kate Cherry, Lockheed Martin* 
Jan Alexander, Microsoft Corporation* 
Paul Cotton, Microsoft Corporation* 
Colleen Evans, Microsoft Corporation* 
Mark Fussell, Microsoft Corporation* 
Vijay Gajjala, Microsoft Corporation*
Marc Goodner, Microsoft Corporation* 
Chris Kaler, Microsoft Corporation* 
Asir Vedamuthu, Microsoft Corporation*
Norman Brickman, Mitre Corporation* 
Frederick Hirsch, Nokia Corporation* 
Abbie Barbir, Nortel Networks Limited* 
Lloyd Burch, Novell* 
Steve Carter, Novell* 
Prateek Mishra, Oracle Corporation* 
John Hughes*, PA Consulting* 
Martin Raepple, SAP AG* 
Jiandong Guo, Sun Microsystems* 
Don Adams, Tibco Software Inc.* 

Member status update 
Lost the following voting members:
Heather Hinton, IBM 
Jonathan Marsh, Microsoft Corporation

2. Reading/Approving minutes of last meeting (June 21)
http://lists.oasis-open.org/archives/ws-sx/200606/msg00064.html

Adopted unanimously.

3. TC Logistics (10 minutes or less)
July 5th TC meeting was cancelled.

Plan for TC interop was nominally mid-July.
We will decide if we are ready to start or not on the next TC call, July
12th.
Chris will identify a TC memebr to coordinate the interop participants.

4. Issues list
http://docs.oasis-open.org/ws-sx/issues/Issues.xml
    
a) Review of action items
AI-2006-04-04-03 - Tony Nadalin to identify possible issues for
SecurityPolicy based on the changes proposed for Issue 52.
Leave open, Tony not here.

AI-2006-04-04-08 - Marc Goodner with help from Prateek Mishra to
document interop message flows based on the current version of SC/Trust.
See ED-03 of scenarios:
http://lists.oasis-open.org/archives/ws-sx/200606/msg00069.html


AI-2006-05-03-03 - Tony will investigate and start thread on issue 67.
Leave open, Tony not here.

AI-2006-06-21-01 - Frederick to work on a new proposal for issue 70.
Closed: http://lists.oasis-open.org/archives/ws-sx/200606/msg00068.html


b) Issues in Review status
i031 - Clarification for UsernameToken assertion
Prateek's concern from last week seems addressed in the updated spec.

i033 - Identify security header components that are signed and/or
encrypted

i048 - Binding Assertions should support Operation subjects

i057 - Final protocol message should always be an RSTRC

i065 - Permitting requestors to avoid receiving cancel messages

i069 - Default assertions and policy intersections

i072 - Missing KeyWrapAlgorithm requirement in section 9.2

i073 - Key and Encryption Requirements Clarification

i075 - HTTP Auth Subassertions

Move all Review status issues to closed, adopted unanimously.

    
c) New issues
i077 - Use of Section 8 from WS-SC forces applications to be WSS schema
aware
Discussion of issue, perspectives related to relevance of headers vs.
body 
Questions regarding whether or not application messages would not
contain WS-* primitives, or would only be used in headers. One
perspective is yes, then the headers would need to be correlated back to
any relevant body content.
Another perspective is that this is something that may be tightly
coupled to the application logic, why then would this be recorded in the
header and correlated back? An application may want to point directly to
a token rather than require an indirect reference.
Issue is concerned with applications needing to import WSS schema, that
was the concern. No concern with linkage between application and
security context, concern is over the requirement to understand schema.

i078 - Specify Reference Types for References to SCT
Other infrastructure services may use STRs to point to tokens, use cases
to make sure that reference is independent of particular message.
Natural choice seems to use identifier from the SCT.
Hal will give pointer to WSS for example of where this has been done
before, likely X.509.
Desire is to write down the existing reference mechanisms.

i079 - Is BootstrapPolicy a PolicyAssertion
http://lists.oasis-open.org/archives/ws-sx/200606/msg00070.html

i080 - Handling EncryptParts/Elements specified under SupportingTokens
http://lists.oasis-open.org/archives/ws-sx/200606/msg00071.html 

d) Active issues

i004 - Transitive closure spec dependencies
Will not be done before June 30th.
Expect something before the July 12th meeting.

i008 - Need well formed XML examples
Ongoing.

i066 - SecurityPolicy use cases
New comments:
http://lists.oasis-open.org/archives/ws-sx/200606/msg00059.html
Ongoing, active discussion.

i067 - Resolving Policies if more than one SecureConversationToken is
present
AI-2006-05-03-03

i070 - Clarify relationship between extensibility model and policy
intersection
New proposal (proposal 3):
http://lists.oasis-open.org/archives/ws-sx/200606/msg00068.html
Frederick gave an overview of his proposal.
TC members need to review and discuss on list to be prepared to close on
next call in two weeks.

i076 - How to reference a specific SC when initiating a session?
There is already material in spec to use a freestanding RSTR in the
response.
Remaining part of issue is now documented in issue 77.
Closed with no action, no objections.

f) Pending issues
i071 - Guidance on Policy Application

i074 - Add <EncryptSupportingToken> element to Sections 7.4 and7.5

5. AOB

Do we need to nail down a date for interop now, or can we address this
on the next call?
AI-2006-06-28-01 Chairs to get thread going on interop participation and
find a coordinator

6. Adjournment

The meeting adjourned at 7:51