OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: WS-SX TC Minutes, August 30 2006

WS-SX TC Minutes, August 30 2006


Summary of new Action Items:



1. Call to order/roll call





2. Reading/Approving minutes of last meeting (Aug 23rd)


Adopted unanimously.


3. TC Logistics (10 minutes or less)

Closing in on meeting in San Jose the first week of Decmeber. Please inform the chairs if that poses a problem.


4. Issues list



a) Review of action items



b) Issues in Review status




c) New issues

i107 - Apparent typo in WS-SP Schema comments

Issue and proposal accepted unanimously.

Status changed to pending.


i108 - Potential attack when using RST parameters from a target site - WS-Trust part


i109 - Potential attack when using RST parameters from a target site - WS-SecurityPolicy part


Issues 108 and 109 discussed together.

Why is the STS policy not satisfactory?

Because the client is blindly copying things from the SP of the service and passing them on to the STS.


Request for more time to review both issues.

Status changed to active.


i110 - QName support for specifying elements that need to be present in the message

Intention seems to be to avoid XPath.

Request for more time to review issue.


Status changed to active.



i111 - Clarification on IssuedToken and SecureConversationToken assertions

SCT when no issuer specified assumes RST/RSTR

Should BootstrapPolicy be used when there is an issuer specified?

You can in theory have the issuer publish the policy and embed it in the bootstrap.

However, bootstrap is intended for cases where there is no endpoint to get the policy from.

You can also do neither, in which case it is “known” how to get the SCT out of band.

Issuer and bootstrap are about how to get an SCT if you don’t have one.

Closed with no action.


i112 Clarification: BootstrapPolicy to indicate the securitycontext token created by one of the communicating parties.

In the case where you want to provide an SCT out of band, the service would not provide an issuer or a bootstrap. Effectively saying that you have to know how to get the SCT out of band.

Closed with no action.


i113 Section 3 in SC needs to be updated for RSTRC

Section 3 needs update to include RSTRC (line 277 of version 06)

Issue and proposal accepted unanimously.

Status changed to pending.



d) Active issues


i008 - Need well formed XML examples

Latest round of updates covers SC and Trust.

Next update of SP should cover this as well.


i066 - SecurityPolicy use cases

In progress.


i081 - Provide policy statements and associated URIs that can be referenced from wsp:PolicyReference statements

Not discussed.


i086 - No policy support for content encryption?

Not discussed.


i090 - Description of Strict Formatting seems wrong for EncryptedKey

Proposal 3: http://lists.oasis-open.org/archives/ws-sx/200608/msg00055.html

Request for more time to review.


i096 - Ensure Appendix A is complete

Standing item, not discussed.


i100 - Lack of Rationale for choices of Authentication for WS-SC

New proposal from Jan: http://www.oasis-open.org/archives/ws-sx/200608/msg00094.html


i101 - Need additional SamlToken Assertion Elements for Holder-of-Key and Sender-Vouches

Proposal 2: http://lists.oasis-open.org/archives/ws-sx/200608/msg00058.html

Request for more time to review.


i104 - Update interop documents to reflect what was actually tested.

No updates, hope to complete before next week



f) Pending issues

All pending issues are now in review status with the exception of issue 83.


i004 - Transitive closure spec dependencies


i071 - Guidance on Policy Application


i074 - Add <EncryptSupportingToken> element to Sections 7.4 and7.5


i078 - Specify Reference Types for References to SCT


i079 - Is Bootstrap policy a PolicyAssertion


i080 - Handling EncryptParts specified under SupportingTokens


i082 - Remove duplicate RFC2119 reference


i083 - Remove shading from figures, possibly enlarge


i084 - Assertions with nested policy do not indicate it


i085 - Replace ID with Id for Id attribute


i088 - No XPath default


i089 - Minor editorial comments on security policy


i091 - security policy help for example C.3.2


i092 - Proposed SP change related to issue 52


i094 - We need a definition for "domain" in WS-SecurityPolicy


i095 - Amend text for nested assertions in WS-SP


i097 - No support for message level encryption of headers for WSS 1.0?


i098 - Inconsistencies related to SignedParts/* assertion


i103 - Interop document - Clarify that RSTR is returned in RSTRC


i105 - SC label concatenation rules unclear



5. Next steps - reminder of CD/PR votes

We still want to try to get a CD vote on the 6th, and a PR vote if it passes.

We have three remaining issues open on SC/Trust that we should try to close in advance of that.


6. AOB




7. Adjournment


The meeting adjourned at 7:36am PST.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]