OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: WS-SX TC Minutes, Dec 12 2007

WS-SX TC Minutes, Dec 12 2007


Summary of new Action Items:

Kelvin to setup calendar for next year

Marc to create new issues from Hal’s note on interactive challenges


1. Call to order/roll call

Status changes

Moved Henry Chung to LOA per his request to the chairs
Norman Brickman lost voting status
Wil Hopkins lost voting status
Martin Raepple gained voting status
Ashok Malhotra gained voting status



Symon Chang    BEA Systems, Inc.

Hal Lockhart       BEA Systems, Inc.

Denis Pilipchuk BEA Systems, Inc.

Corinna Witt       BEA Systems, Inc.

Toshihiro Nishimura        Fujitsu Limited*

Kelvin Lawrence               IBM

Michael McIntosh            IBM

Anthony Nadalin              IBM

Bruce Rich           IBM

Mike Lyons         Layer 7 Technologies Inc.*

Jan Alexander   Microsoft Corporation

Greg Carpenter                Microsoft Corporation

Marc Goodner Microsoft Corporation

Chris Kaler           Microsoft Corporation

Frederick Hirsch                Nokia Corporation*

Abbie Barbir       Nortel

Lloyd Burch         Novell*

Steve Carter       Novell*

Rich Levinson     Oracle Corporation

Ashok Malhotra                Oracle Corporation

Martin Raepple                 SAP AG*

Tony Gullotta     SOA Software Inc.

Jiandong Guo    Sun Microsystems


2. Reading/Approving minutes of last meeting (Nov 28)


Adopted unanimously.


3. TC Logistics (10 minutes or less)

Last call of this year, happy holidays.

Action for Kelvin to setup calendar for next year

Next meeting Jan 9th, every two weeks forward from there


4. Issues list



a) Review of action items



b) Issues in Review status





c) New issues


Issue 154 – Examples doc issues


Concerns with actors in diagrams

Mismatch in policy versions document is based on

Some validity check issues with the schema in document


d) Active issues


i141 - Support for nonce and created nested assertion in usernametoken

Latest proposal from Rich and Hal


Some discussion of details, nonce/created have no purpose when no password or derived keys present

Editors clear on how to apply

Status changed to pending


i153 - Generalized Interactive Challenge for WS-Trust

Hal’s comments on proposal


Tony points out that this is consistent with model in existing Trust

Hal thought current model was just about exchanging keys, didn’t think it covered other tokens

Marc pointed out there is a binary exchange challenge, this model is consistent with that

Hal thinks it would be possible to lift out this exchange out of the RST exchanges to generalize it

Chris doesn’t think there is any coupling beyond the schema definition within the RST

Discussion about Hal’s point on PIN from the message above

Tony says it is meant to tailor a custom UI for the user

Fundamentally it is just a password, yes, not limited to numbers

Discussion of text concerns from message above, e.g. script injection

Can we restrict certain characters, e.g. printable characters?

Is this just CAPTCHAs or other image challenges?

Could be either, up to the application

Noted concern about the error handling as well

Can this be further generalized?

Have the security implications been thought through, interactions etc.

Discussion about adopting proposal now and opening issues or solving everything first

Decision to adopt current proposal and open issues for each of Hal’s concerns in above email will be easier to track


Status changed to pending, each point from Hal’s mail will be a new issue.



ER012 - Review normative RFC 2119 language in WS-Trust

Proposal similar to ER013 proposal should be in by end of this week.


ER013 - Review normative RFC 2119 language in WS-SecureConversation




ER014 - Review normative RFC 2119 language in WS-SecurityPolicy

Proposal similar to ER013 proposal should be in by end of this week.


ER017 - Conflict Nonce reuse description in the current WS-SC 1.3

Proposal change SHOULD to SHOULD NOT



Status changed to pending.


f) Pending issues

i148 - Syntax of XPath for Signed, Encrypted and Required Elements


i150 - Add conformance statements to new versions of Trust/SC/SP


i151 - Update SP per Policy 1.5 guidelines


i152 - Update policy references to 1.5 for SC, Trust and SP


Pending issues above for next versions of specs are behind completing the errata.

The next versions of the specs need to incorporate all errata so the editors want to get the 2119 errata issues closed and applied to errata before creating the new documents.


ER006 - The specification states that if [Timestamp] is false, then wsu:Timestamp should not be present inside <wsse:Security> header.




ER015 - Change key to crucial in SC text




ER016 - SecondaryParameters element missing from WS-Trust schema xsd



ER018 - ContentEncryptedElement assertion is not defined in the ws-securitypolicy-1.2.xsd



Pending errata status changed to review.


5. AOB


Discussion of progression of examples document, to be taken to email.


6. Adjournment


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]