[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes of Dec 9, 2009 Meeting
Agenda:
1. Call to order/roll call
9 of 14 present => have quorum
Meeting Attendees (more detail below)
Name Company Status
Kelvin Lawrence IBM Group Member
Bruce Rich IBM Group Member
Marc Goodner Microsoft Corporation Group Member
Chris Kaler Microsoft Corporation Group Member
Anthony Nadalin Microsoft Corporation Group Member
Symon Chang Oracle Corporation Group Member
Rich Levinson Oracle Corporation Group Member
Hal Lockhart Oracle Corporation Group Member
Carlo Milono TIBCO Software Inc. Group Member
2. Reading/Approving minutes from September 30th 2009 [1]
minutes approved no objection
3. TC Logistics (10 minutes or less)
kelvin: this is last meeting of 2009
chris: setting up JIRA - in progress
2010 schedule
4. Issues list [2]
marc: carlos issue is ER23
carlos: public sector sales,customers
looking to drive efficiency thru std, interop
NIST decl sha-1 insufficient, will be labeled not usable
they see explicit phrases around sha-1, ex base64 pwd,
actually retired; want to point to explicit schemas,
namespaces, uri not matching fips; uri for sha-112 vs
sha-256 under dsig; elliptical curve algs: w3c 1.1 editorial
on elliptical, suite b, for secret-labeled use sha384, top
secret use sha512; no uri tag for sha384;
propose: put in flexible term around use of particular
algorithm; customers willing to create own std if not
chris: new uris being specified?
carlos: yes, but no approved ns uri
chris: are dsig defining uri
carlos: yes, there is one we can add to specs
chris: is issue fixed uris
hal: not entirely; spec either don't specify algs or spec
variable scheme, then interop issue, but if spec exact
then need to rev specs regularly
carlos: dev at customers not considering stds adequately
maintained
hal: there is mechanism
carlos: we need to say what is procedure
chris: 1st figure out non-wss first, then wss
ws-sp has list of algs
ws-sc has specs that should be ref'd once
it is only above 2 where we restrict
only in derived keys we make mandatory
one place in ws-trust might need attention
could do a cleanup pass, to make more open if we wanted
to address this
wss is more difficult b/c tc is closed; limited places
that need attention; possibly could have new profile for
hashing pwds, etc.
hal: that alg was weak, b/c input was assumed weak
hal: can't argue these would be errata, would need point ver
chris: agrees that is probably correct
chris: main problem is ws-sc where something locked down
hal: need to support both for some duration
kelvin: how do we address?
hal: let's target next mtg to look over and propose
hal: keep algs separate from elliptical curve which is
less well defined
carlos: looking to "future-proof" doc, subject to constraints
hal: issue is that a long-running group needed to maintain
even if specs just have ptrs, someone needs to manage what's
pointed to
kelvin: open the issue for action
1st call in 2010
chris: next call in 2010 we will discuss proposals
additional comments on above:
chris: looked at specs; could be create new doc that is
series of uri updates
bruce: is key gen using sha-1 being discouraged; usage in
deriving key, not used for dsa,rsa, recomputing symm
key typically aes;
hal: not sure of key deriv, but there is key recovery
hash fcns should be usable for all purposes, if any
NIST wants to change across board rather than several
specific cases
kelvin: discuss at next call
chris: normative uris cannot be considered "errata"
probably can do separate doc w uris
kelvin: if no mechanism then tc must live forever
chris: need to keep open; wss has shown we can't rev
spec for IP reasons; need to keep tc around;
a general maint tc cannot rev the spec
hal: who are groups that can impose reqts on tc to make chgs
chris: when something not modular, what to do, ex dsig
was core to wss, but dsig is now chging which is creating
issue around wss
marc: other issues will have errata for next call
kelvin: examples doc
- Actions
- Issues
5. Status of documents
errata - ready for next mtg
examples - doc is complete; probably should edit page;
hal: need a final edit to say Committee Spec
Kelvin: go thru kavi, make sure all up to date
kelvin: need cs on front page, w updated date
names: there is opt-in; send email and let us know
if name left out
-> rich send email about names, update front page of doc
post doc to kavi, but cd's, cs puts it in place for
cs, use tc-admin; assume they will review, let us
know, and if ok, they will do next step
-> kelvin to check if tc page needs updated versions
6. Plans for 2010
next mtg, jan 6, 2010
kelvin will gen calls for 2010 on sched
7. Other business
8. Adjournment
[1] http://lists.oasis-open.org/archives/ws-sx/200910/msg00001.html
[2] http://docs.oasis-open.org/ws-sx/issues/Issues.xml
Status changes
Gained voting
none
Lost voting
Don Adams
Frederick Hirsch
Michael McIntosh
Attendance
Attendance has been recorded; statistics are shown below.
If you wish you may set whether or not this meeting achieved
quorum. If you do nothing, the quorum status will be set to because .
View Event | Modify Event | Modify Attendance
Meeting Statistics
Quorum rule 51% of voting members
Achieved quorum true
Counts toward voter eligibility true
Individual Attendance Members: 9 of 120 (7%)
Voting Members: 9 of 14 (64%) (used for quorum calculation)
Company Attendance Companies: 4 of 45 (8%)
Voting Companies: 4 of 5 (80%)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]