WS-SX TC Minutes, Wed January 31 2007
Summary of new Action Items:
None
1. Call to order/roll call
The following People Gained Voting Status
Yakov Sverdlov;CA
Dana Kaufman;Forum Systems, Inc.
Heather Hinton;IBM
Attendance:
Prateek Mishra, Oracle
Symon Chang;BEA Systems, Inc.*
Hal Lockhart;BEA Systems, Inc.*
Corinna Witt;BEA Systems, Inc.*
Yakov Sverdlov;CA*
Dana Kaufman;Forum Systems, Inc.
Toshihiro Nishimura;Fujitsu Limited*
Greg Whitehead;Hewlett-Packard*
Ching-Yun (C.Y.) Chao;IBM
Henry (Hyenvui) Chung;IBM
Heather Hinton;IBM
Kelvin Lawrence;IBM
Michael McIntosh;IBM
Anthony Nadalin;IBM
Mike Lyons;Layer 7 Technologies Inc.*
Jan Alexander;Microsoft Corporation*
Greg Carpenter;Microsoft Corporation*
Paul Cotton;Microsoft Corporation*
Colleen Evans;Microsoft Corporation*
Vijay Gajjala;Microsoft Corporation*
Marc Goodner;Microsoft Corporation*
Norman Brickman;Mitre Corporation*
Frederick Hirsch;Nokia Corporation*
Abbie Barbir;Nortel Networks Limited*
Lloyd Burch;Novell*
Steve Carter;Novell*
Rich Levinson;Oracle Corporation*
Ashok Malhotra;Oracle Corporation*
Martin Raepple;SAP AG*
Tony Gullotta;SOA Software Inc.
Don Adams;Tibco Software Inc.*
2. Reading/Approving minutes of last meeting (Jan 17 2007)
Adopted unanimously.
3. TC Logistics (10 minutes or less)
Happy 50th call!
Corrections to submission of Trust/SX were given to OASIS staff by Feb 15 deadline and announcement should come from OASIS staff tomorrow (Feb 1)
Reminder: next TC call is in two weeks (Feb 14)
4. Issues list
a) Review of action items
None
b) Issues in Review status
i122 - Use cases should include example messages and descriptions on how header content corresponds to policy.
Closed. This represents agreement on the format for how such examples should be represented in the document. New issues may be opened to add additional examples to the document.
c) New issues
PR012 - Need policy example for encrypted username token
Status changed to Active. Depends on resolution to PR013.
Question: spec says username token can be an endorsing token and endorsing tokens can be used to generate signatures. How is that possible?
Keys can be derived from the password and derived keys can be used for signatures and encryption.
PR013 - Need EncryptedSupportingTokens assertion
Status changed to Active. Continue discussion on the list.
PR014 - Signature protection semantics clarification
Status change to Active.
PR015 - Missing issuer and required claims inside token assertions
Status changed to Active.
d) Active issues
PR011 - Missing assertions to indicate supported bindings for the secure conversation STS
Status changed to Pending.
e) Pending issues
PR009 - WS-Trust "1.0" in WS-SecurityPolicy
PR010 - Value of @TrustVersion is not clear
5. AOB
Issue 62 is deferred. What should be the final dispostion?
Tony Nadalin will revisit i062 and propose a resolution.