OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: WS-SX TC Minutes, Feb 20 2008

WS-SX TC Minutes, Feb 20 2008

 

Thanks to Nortel for sponsoring the call.

 

Summary of new Action Items:

Action: Marc to write description of why bootstrap policy is different than policies for other actions

 

1. Call to order/roll call

   

Gained Voting Status

Geoff Bullen, M/S

Prateek Mishra, Oracle

David Stagge, VHA

 

 Lost Voting Status:

 Michael McIntosh , IBM

 

Attendance:

Anthony Nadalin, IBM

Vijay Gajjala, M/S

Colleen Evans, M/S

Symon Chang; BEA Systems, Inc.

Hal Lockhart; BEA Systems, Inc.

Denis Pilipchuk; BEA Systems, Inc.

Corinna Witt; BEA Systems, Inc.

Toshihiro Nishimura; Fujitsu Limited*

Kelvin Lawrence; IBM

Bruce Rich; IBM

Mike Lyons; Layer 7 Technologies Inc.*

Jan Alexander; Microsoft Corporation

Geoff Bullen; Microsoft Corporation

Marc Goodner; Microsoft Corporation

Chris Kaler; Microsoft Corporation

Frederick Hirsch; Nokia Corporation*

Abbie Barbir; Nortel

Lloyd Burch; Novell*

Steve Carter; Novell*

Rich Levinson; Oracle Corporation

Ashok Malhotra; Oracle Corporation

Prateek Mishra; Oracle Corporation

Martin Raepple; SAP AG*

David Staggs; Veterans Health Administration

 

2. Reading/Approving minutes of last meeting (Feb 6)

http://www.oasis-open.org/archives/ws-sx/200802/msg00010.html

Adopted unanimously.

 

3. TC Logistics (10 minutes or less)

2 week cycle continues

 

4. Issues list

http://docs.oasis-open.org/ws-sx/issues/Issues.xml

   

a) Review of action items

Editors to ask the OASIS TC Administrator to publish the editors drafts there.

Done.

 

Chairs to respond to RX/TX chairs with the information regarding referencing the specs using the new namespaces.

http://www.oasis-open.org/archives/ws-sx/200802/msg00012.html

Done.

 

b) Issues in Review status

i141 - Support for nonce and created nested assertion in usernametoken

 

i148 - Syntax of XPath for Signed, Encrypted and Required Elements

 

i150 - Add conformance statements to new versions of Trust/SC/SP

 

i151 - Update SP per Policy 1.5 guidelines

 

i152 - Update policy references to 1.5 for SC, Trust and SP

 

i153 - Generalized Interactive Challenge for WS-Trust

 

ER012 - Review normative RFC 2119 language in WS-Trust

 

ER013 - Review normative RFC 2119 language in WS-SecureConversation

 

ER014 - Review normative RFC 2119 language in WS-SecurityPolicy

 

ER017 - Conflict Nonce reuse description in the current WS-SC 1.3

 

Approved, marked as closed.

 

   

c) New issues

 

  None.

 

 

d) Active issues

 

i154 - Examples doc issues

Response from Tony, http://www.oasis-open.org/archives/ws-sx/200802/msg00017.html

Rich working through those

Geoff expects to have an answer regarding copyright statements by next call

 

i156 - Generalized Interactive Challenge for WS-Trust - Concern 2

New proposal: http://www.oasis-open.org/archives/ws-sx/200802/msg00020.html

 

i157 - Generalized Interactive Challenge for WS-Trust - Concern 3

Why are we calling out difference in user experience here? It’s still just different authN mechanisms each distinguished by a URI.

From protocol point of view they are the same, from user perspective it can be different

Could also be different from perspective of algorithm used

Hal suggests adding note that it can’t be known this is additional authN is needed in advance

Marc to get proposal onto list well in advance of next call

 

i158 - Generalized Interactive Challenge for WS-Trust - Concern 4

New proposal: http://www.oasis-open.org/archives/ws-sx/200802/msg00020.html

 

i159 - Generalized Interactive Challenge for WS-Trust - Concern 5

New proposal: http://www.oasis-open.org/archives/ws-sx/200802/msg00020.html

 

i160 - Unclear behavior for RequireSignatureConfirmation Assertion where there is no Signature

No progress, expect proposal by next call.

 

i161 - Add sp:RequireAsync into sp:Trust13 assertion

http://www.oasis-open.org/archives/ws-sx/200802/msg00019.html

Closed with no action.

 

i162 - No way to specify the policies for renew and cancel

Why not put policy in the WSDL specific to the cancel, renew action?

Why not do that for bootstrap as well then?

It’s different because request comes in on a different action with credentials that need to be swapped

But the renew, cancel have different policies than bootstrap policy

For bootstrap there is a change of credentials from the request, two policies one before token is issued, one after

Further discussion…

Difference with bootstrap is temporalness, the policies for the other actions are fixed in time

Disagreement that this makes sense, consensus it’s difficult to talk through on the call

This needs list discussion

 

Action: Marc to write description of why bootstrap policy is different than policies for other actions

 

i163 - Document how to support out of band encryption key known to both parties

Updated description: http://www.oasis-open.org/archives/ws-sx/200802/msg00014.html

 

i164 - Provide means to specify which signing transform to use for attachments

Proposal 1 accepted, status changed to pending.

 

f) Pending issues

 

None.

 

5. AOB

 

Drafts, suggest changing SP 1.3 reference in SC back to SP 1.2 then producing a v.Next of SC with the SP 1.3 reference. It may not be explicitly needed, but it reduce complexity in understanding relationship of the specs.

Agreement on that plan going forward, next update of specs will include a v.Next of SC.

 

Note that the issue count is going down, should plan on starting publication cycle soon.

 

6. Adjournment

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]