OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: WS-SX TC Minutes, Dec 12 2007


WS-SX TC Minutes, Dec 12 2007

 

Summary of new Action Items:

Kelvin to setup calendar for next year

Marc to create new issues from Hal’s note on interactive challenges

 

1. Call to order/roll call

Status changes

Moved Henry Chung to LOA per his request to the chairs
Norman Brickman lost voting status
Wil Hopkins lost voting status
Martin Raepple gained voting status
Ashok Malhotra gained voting status

   

Present:

Symon Chang    BEA Systems, Inc.

Hal Lockhart       BEA Systems, Inc.

Denis Pilipchuk BEA Systems, Inc.

Corinna Witt       BEA Systems, Inc.

Toshihiro Nishimura        Fujitsu Limited*

Kelvin Lawrence               IBM

Michael McIntosh            IBM

Anthony Nadalin              IBM

Bruce Rich           IBM

Mike Lyons         Layer 7 Technologies Inc.*

Jan Alexander   Microsoft Corporation

Greg Carpenter                Microsoft Corporation

Marc Goodner Microsoft Corporation

Chris Kaler           Microsoft Corporation

Frederick Hirsch                Nokia Corporation*

Abbie Barbir       Nortel

Lloyd Burch         Novell*

Steve Carter       Novell*

Rich Levinson     Oracle Corporation

Ashok Malhotra                Oracle Corporation

Martin Raepple                 SAP AG*

Tony Gullotta     SOA Software Inc.

Jiandong Guo    Sun Microsystems

 

2. Reading/Approving minutes of last meeting (Nov 28)

http://lists.oasis-open.org/archives/ws-sx/200712/msg00002.html

Adopted unanimously.

 

3. TC Logistics (10 minutes or less)

Last call of this year, happy holidays.

Action for Kelvin to setup calendar for next year

Next meeting Jan 9th, every two weeks forward from there

 

4. Issues list

http://docs.oasis-open.org/ws-sx/issues/Issues.xml

   

a) Review of action items

  None.

 

b) Issues in Review status

 

  None.

 

   

c) New issues

 

Issue 154 – Examples doc issues

http://lists.oasis-open.org/archives/ws-sx/200712/msg00014.html

Concerns with actors in diagrams

Mismatch in policy versions document is based on

Some validity check issues with the schema in document

 

d) Active issues

 

i141 - Support for nonce and created nested assertion in usernametoken

Latest proposal from Rich and Hal

http://lists.oasis-open.org/archives/ws-sx/200712/msg00015.html

Some discussion of details, nonce/created have no purpose when no password or derived keys present

Editors clear on how to apply

Status changed to pending

 

i153 - Generalized Interactive Challenge for WS-Trust

Hal’s comments on proposal

http://lists.oasis-open.org/archives/ws-sx/200712/msg00012.html

Tony points out that this is consistent with model in existing Trust

Hal thought current model was just about exchanging keys, didn’t think it covered other tokens

Marc pointed out there is a binary exchange challenge, this model is consistent with that

Hal thinks it would be possible to lift out this exchange out of the RST exchanges to generalize it

Chris doesn’t think there is any coupling beyond the schema definition within the RST

Discussion about Hal’s point on PIN from the message above

Tony says it is meant to tailor a custom UI for the user

Fundamentally it is just a password, yes, not limited to numbers

Discussion of text concerns from message above, e.g. script injection

Can we restrict certain characters, e.g. printable characters?

Is this just CAPTCHAs or other image challenges?

Could be either, up to the application

Noted concern about the error handling as well

Can this be further generalized?

Have the security implications been thought through, interactions etc.

Discussion about adopting proposal now and opening issues or solving everything first

Decision to adopt current proposal and open issues for each of Hal’s concerns in above email will be easier to track

 

Status changed to pending, each point from Hal’s mail will be a new issue.

 

 

ER012 - Review normative RFC 2119 language in WS-Trust

Proposal similar to ER013 proposal should be in by end of this week.

 

ER013 - Review normative RFC 2119 language in WS-SecureConversation

Proposal

http://lists.oasis-open.org/archives/ws-sx/200712/msg00007.html

 

ER014 - Review normative RFC 2119 language in WS-SecurityPolicy

Proposal similar to ER013 proposal should be in by end of this week.

 

ER017 - Conflict Nonce reuse description in the current WS-SC 1.3

Proposal change SHOULD to SHOULD NOT

http://lists.oasis-open.org/archives/ws-sx/200712/msg00003.html

 

Status changed to pending.

 

f) Pending issues

i148 - Syntax of XPath for Signed, Encrypted and Required Elements

 

i150 - Add conformance statements to new versions of Trust/SC/SP

 

i151 - Update SP per Policy 1.5 guidelines

 

i152 - Update policy references to 1.5 for SC, Trust and SP

 

Pending issues above for next versions of specs are behind completing the errata.

The next versions of the specs need to incorporate all errata so the editors want to get the 2119 errata issues closed and applied to errata before creating the new documents.

 

ER006 - The specification states that if [Timestamp] is false, then wsu:Timestamp should not be present inside <wsse:Security> header.

http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/26419/ws-securitypolicy-1.2-errata-ed-02.doc

http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/26420/ws-securitypolicy-1.2-spec-errata-ed-02.doc

 

ER015 - Change key to crucial in SC text

http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/26417/ws-secureconversation-1.3-errata-ed-02.doc

http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/26418/ws-secureconversation-1.3-spec-errata-ed-02.doc

 

ER016 - SecondaryParameters element missing from WS-Trust schema xsd

http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/26416/ws-trust-1.3-errata-ed-01.xsd

 

ER018 - ContentEncryptedElement assertion is not defined in the ws-securitypolicy-1.2.xsd

http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/26415/ws-securitypolicy-1.2-errata-ed-02.xsd

 

Pending errata status changed to review.

 

5. AOB

 

Discussion of progression of examples document, to be taken to email.

 

6. Adjournment

 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]