[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: WS-SX TC Minutes, Dec 12 2007
WS-SX TC Minutes, Dec 12 2007 Summary of new Action Items: Kelvin to setup calendar for next year Marc to create new issues from Hal’s note on
interactive challenges 1. Call to order/roll call Status changes Moved
Henry Chung to LOA per his request to the chairs Present: Symon Chang BEA Systems, Inc. Hal Lockhart BEA Systems,
Inc. Denis Pilipchuk BEA Systems, Inc. Corinna Witt BEA Systems,
Inc. Toshihiro Nishimura Fujitsu
Limited* Kelvin Lawrence IBM
Michael McIntosh IBM
Anthony Nadalin IBM
Bruce Rich IBM
Mike Lyons Layer
7 Technologies Inc.* Jan Alexander Microsoft Corporation Greg Carpenter Microsoft
Corporation Marc Goodner Microsoft Corporation Chris Kaler Microsoft
Corporation Frederick Hirsch Nokia
Corporation* Abbie Barbir Nortel Lloyd Burch Novell*
Steve Carter Novell* Rich Levinson Oracle Corporation Ashok Malhotra Oracle
Corporation Martin Raepple SAP
AG* Tony Gullotta SOA Software Inc. Jiandong Guo Sun Microsystems 2. Reading/Approving minutes of last meeting (Nov 28) http://lists.oasis-open.org/archives/ws-sx/200712/msg00002.html Adopted unanimously. 3. TC Logistics (10 minutes or less) Last call of this year, happy holidays. Action for Kelvin to setup calendar for next year Next meeting Jan 9th, every two weeks forward
from there 4. Issues list http://docs.oasis-open.org/ws-sx/issues/Issues.xml
a) Review of action items None. b) Issues in Review status None. c) New issues Issue 154 – Examples doc issues http://lists.oasis-open.org/archives/ws-sx/200712/msg00014.html Concerns with actors in diagrams Mismatch in policy versions document is based on Some validity check issues with the schema in document d) Active issues i141 - Support for nonce and created nested assertion in
usernametoken Latest proposal from Rich and Hal http://lists.oasis-open.org/archives/ws-sx/200712/msg00015.html
Some discussion of details, nonce/created have no purpose
when no password or derived keys present Editors clear on how to apply Status changed to pending i153 - Generalized Interactive Challenge for WS-Trust Hal’s comments on proposal http://lists.oasis-open.org/archives/ws-sx/200712/msg00012.html Tony points out that this is consistent with model in
existing Trust Hal thought current model was just about exchanging keys,
didn’t think it covered other tokens Marc pointed out there is a binary exchange challenge, this
model is consistent with that Hal thinks it would be possible to lift out this exchange
out of the RST exchanges to generalize it Chris doesn’t think there is any coupling beyond the
schema definition within the RST Discussion about Hal’s point on PIN from the message
above Tony says it is meant to tailor a custom UI for the user Fundamentally it is just a password, yes, not limited to
numbers Discussion of text concerns from message above, e.g. script
injection Can we restrict certain characters, e.g. printable
characters? Is this just CAPTCHAs or other image challenges? Could be either, up to the application Noted concern about the error handling as well Can this be further generalized? Have the security implications been thought through,
interactions etc. Discussion about adopting proposal now and opening issues or
solving everything first Decision to adopt current proposal and open issues for each
of Hal’s concerns in above email will be easier to track Status changed to pending, each point from Hal’s mail
will be a new issue. ER012 - Review normative RFC 2119 language in WS-Trust Proposal similar to ER013 proposal should be in by end of
this week. ER013 - Review normative RFC 2119 language in
WS-SecureConversation Proposal http://lists.oasis-open.org/archives/ws-sx/200712/msg00007.html ER014 - Review normative RFC 2119 language in
WS-SecurityPolicy Proposal similar to ER013 proposal should be in by end of
this week. ER017 - Conflict Nonce reuse description in the current
WS-SC 1.3 Proposal change SHOULD to SHOULD NOT http://lists.oasis-open.org/archives/ws-sx/200712/msg00003.html Status changed to pending. f) Pending issues i148 - Syntax of XPath for Signed, Encrypted and Required
Elements i150 - Add conformance statements to new versions of
Trust/SC/SP i151 - Update SP per Policy 1.5 guidelines i152 - Update policy references to 1.5 for SC, Trust and SP Pending issues above for next versions of specs are behind
completing the errata. The next versions of the specs need to incorporate all
errata so the editors want to get the 2119 errata issues closed and applied to
errata before creating the new documents. ER006 - The specification states that if [Timestamp] is
false, then wsu:Timestamp should not be present inside <wsse:Security>
header. ER015 - Change key to crucial in SC text ER016 - SecondaryParameters element missing from WS-Trust
schema xsd http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/26416/ws-trust-1.3-errata-ed-01.xsd ER018 - ContentEncryptedElement assertion is not defined in
the ws-securitypolicy-1.2.xsd Pending errata status changed to review. 5. AOB Discussion of progression of examples document, to be taken
to email. 6. Adjournment |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]