OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [VER 2] WS-SX TC Minutes, August 30 2006

[VER 2] Added roll. Made clear which issues are really moving to review status.


WS-SX TC Minutes, August 30 2006


Summary of new Action Items:



1. Call to order/roll call



Jong Lee, BEA Systems, Inc.*
Hal Lockhart, BEA Systems, Inc.*
Denis Pilipchuk, BEA Systems, Inc.*
Corinna Witt, BEA Systems, Inc.*
Yakov Sverdlov, CA*
Toshihiro Nishimura, Fujitsu Limited*
Ching-Yun (C.Y.) Chao, IBM*
Henry (Hyenvui) Chung, IBM*
Heather Hinton, IBM*
Kelvin Lawrence, IBM*
Michael McIntosh, IBM*
Anthony Nadalin, IBM*
Bruce Rich, IBM*
Ron Williams, IBM*
Jan Alexander, Microsoft Corporation*
Greg Carpenter, Microsoft Corporation*
Paul Cotton, Microsoft Corporation*
Colleen Evans, Microsoft Corporation*
Mark Fussell, Microsoft Corporation*
Vijay Gajjala, Microsoft Corporation*
Martin Gudgin, Microsoft Corporation*
Chris Kaler, Microsoft Corporation*
Jonathan Marsh, Microsoft Corporation*
Asir Vedamuthu, Microsoft Corporation*
Abbie Barbir, Nortel Networks Limited*
Lloyd Burch, Novell*
Rich Levinson, Oracle Corporation*
Ashok Malhotra, Oracle Corporation*
Prateek Mishra, Oracle Corporation*
Alex Hristov, Otecia Incorporated*
Martin Raepple, SAP AG*
Don Adams, Tibco Software Inc.*
Ruchith Fernando, WSO2*

Michael McIntosh from LOA to voting Member
Greg Whitehead lost voting status


2. Reading/Approving minutes of last meeting (Aug 23rd)


Adopted unanimously.


3. TC Logistics (10 minutes or less)

Closing in on meeting in San Jose the first week of Decmeber. Please inform the chairs if that poses a problem.


4. Issues list



a) Review of action items



b) Issues in Review status




c) New issues

i107 - Apparent typo in WS-SP Schema comments

Issue and proposal accepted unanimously.

Status changed to pending.


i108 - Potential attack when using RST parameters from a target site - WS-Trust part


i109 - Potential attack when using RST parameters from a target site - WS-SecurityPolicy part


Issues 108 and 109 discussed together.

Why is the STS policy not satisfactory?

Because the client is blindly copying things from the SP of the service and passing them on to the STS.


Request for more time to review both issues.

Status changed to active.


i110 - QName support for specifying elements that need to be present in the message

Intention seems to be to avoid XPath.

Request for more time to review issue.


Status changed to active.



i111 - Clarification on IssuedToken and SecureConversationToken assertions

SCT when no issuer specified assumes RST/RSTR

Should BootstrapPolicy be used when there is an issuer specified?

You can in theory have the issuer publish the policy and embed it in the bootstrap.

However, bootstrap is intended for cases where there is no endpoint to get the policy from.

You can also do neither, in which case it is “known” how to get the SCT out of band.

Issuer and bootstrap are about how to get an SCT if you don’t have one.

Closed with no action.


i112 Clarification: BootstrapPolicy to indicate the securitycontext token created by one of the communicating parties.

In the case where you want to provide an SCT out of band, the service would not provide an issuer or a bootstrap. Effectively saying that you have to know how to get the SCT out of band.

Closed with no action.


i113 Section 3 in SC needs to be updated for RSTRC

Section 3 needs update to include RSTRC (line 277 of version 06)

Issue and proposal accepted unanimously.

Status changed to pending.



d) Active issues


i008 - Need well formed XML examples

Latest round of updates covers SC and Trust.

Next update of SP should cover this as well.


i066 - SecurityPolicy use cases

In progress.


i081 - Provide policy statements and associated URIs that can be referenced from wsp:PolicyReference statements

Not discussed.


i086 - No policy support for content encryption?

Not discussed.


i090 - Description of Strict Formatting seems wrong for EncryptedKey

Proposal 3: http://lists.oasis-open.org/archives/ws-sx/200608/msg00055.html

Request for more time to review.


i096 - Ensure Appendix A is complete

Standing item, not discussed.


i100 - Lack of Rationale for choices of Authentication for WS-SC

New proposal from Jan: http://www.oasis-open.org/archives/ws-sx/200608/msg00094.html


i101 - Need additional SamlToken Assertion Elements for Holder-of-Key and Sender-Vouches

Proposal 2: http://lists.oasis-open.org/archives/ws-sx/200608/msg00058.html

Request for more time to review.


i104 - Update interop documents to reflect what was actually tested.

No updates, hope to complete before next week



f) Pending issues

i083 - Remove shading from figures, possibly enlarge


i103 - Interop document - Clarify that RSTR is returned in RSTRC


All pending issues below are now in review status with the exception of issue 83.


i004 - Transitive closure spec dependencies


i071 - Guidance on Policy Application


i074 - Add <EncryptSupportingToken> element to Sections 7.4 and7.5


i078 - Specify Reference Types for References to SCT


i079 - Is Bootstrap policy a PolicyAssertion


i080 - Handling EncryptParts specified under SupportingTokens


i082 - Remove duplicate RFC2119 reference



i084 - Assertions with nested policy do not indicate it


i085 - Replace ID with Id for Id attribute


i088 - No XPath default


i089 - Minor editorial comments on security policy


i091 - security policy help for example C.3.2


i092 - Proposed SP change related to issue 52


i094 - We need a definition for "domain" in WS-SecurityPolicy


i095 - Amend text for nested assertions in WS-SP


i097 - No support for message level encryption of headers for WSS 1.0?


i098 - Inconsistencies related to SignedParts/* assertion



i105 - SC label concatenation rules unclear



5. Next steps - reminder of CD/PR votes

We still want to try to get a CD vote on the 6th, and a PR vote if it passes.

We have three remaining issues open on SC/Trust that we should try to close in advance of that.


6. AOB




7. Adjournment


The meeting adjourned at 7:36am PST.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]