OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes of Dec 9, 2009 Meeting

1. Call to order/roll call 
    9 of 14 present => have quorum

Meeting Attendees (more detail below)
Name 	Company 	Status
Kelvin Lawrence 	IBM 	Group Member
Bruce Rich 		IBM 	Group Member
Marc Goodner 		Microsoft Corporation 	Group Member
Chris Kaler 		Microsoft Corporation 	Group Member
Anthony Nadalin 	Microsoft Corporation 	Group Member
Symon Chang 		Oracle Corporation 	Group Member
Rich Levinson 		Oracle Corporation 	Group Member
Hal Lockhart 		Oracle Corporation 	Group Member
Carlo Milono 		TIBCO Software Inc. 	Group Member

2. Reading/Approving minutes from September 30th 2009 [1] 
    minutes approved no objection

3. TC Logistics (10 minutes or less) 
  kelvin:  this is last meeting of 2009
  chris: setting up JIRA - in progress
    2010 schedule

4. Issues list [2] 
  marc: carlos issue is ER23
  carlos: public sector sales,customers
    looking to drive efficiency thru std, interop
    NIST decl sha-1 insufficient, will be labeled not usable
    they see explicit phrases around sha-1, ex base64 pwd,
    actually retired; want to point to explicit schemas,
    namespaces, uri not matching fips; uri for sha-112 vs
    sha-256 under dsig; elliptical curve algs: w3c 1.1 editorial
    on elliptical, suite b, for secret-labeled use sha384, top
    secret use sha512; no uri tag for sha384;
   propose: put in flexible term around use of particular
    algorithm; customers willing to create own std if not
  chris: new uris being specified?
  carlos: yes, but no approved ns uri
  chris: are dsig defining uri
  carlos: yes, there is one we can add to specs
  chris: is issue fixed uris
  hal: not entirely; spec either don't specify algs or spec
   variable scheme, then interop issue, but if spec exact
   then need to rev specs regularly
  carlos: dev at customers not considering stds adequately
  hal: there is mechanism
  carlos: we need to say what is procedure
  chris: 1st figure out non-wss first, then wss
   ws-sp has list of algs
   ws-sc has specs that should be ref'd once
   it is only above 2 where we restrict
   only in derived keys we make mandatory
   one place in ws-trust might need attention
   could do a cleanup pass, to make more open if we wanted
   to address this
   wss is more difficult b/c tc is closed; limited places
   that need attention; possibly could have new profile for
   hashing pwds, etc.
  hal: that alg was weak, b/c input was assumed weak
  hal: can't argue these would be errata, would need point ver
  chris: agrees that is probably correct
  chris: main problem is ws-sc where something locked down
  hal: need to support both for some duration
  kelvin: how do we address?
  hal: let's target next mtg to look over and propose
  hal: keep algs separate from elliptical curve which is 
   less well defined
  carlos: looking to "future-proof" doc, subject to constraints
  hal: issue is that a long-running group needed to maintain
   even if specs just have ptrs, someone needs to manage what's
   pointed to

  kelvin: open the issue for action
   1st call in 2010
  chris: next call in 2010 we will discuss proposals

    additional comments on above:

  chris: looked at specs; could be create new doc that is
   series of uri updates
  bruce: is key gen using sha-1 being discouraged; usage in
   deriving key, not used for dsa,rsa, recomputing symm
   key typically aes;
  hal: not sure of key deriv, but there is key recovery
   hash fcns should be usable for all purposes, if any
   NIST wants to change across board rather than several
   specific cases
  kelvin: discuss at next call
  chris: normative uris cannot be considered "errata"
   probably can do separate doc w uris
  kelvin: if no mechanism then tc must live forever
  chris: need to keep open; wss has shown we can't rev
   spec for IP reasons; need to keep tc around;
   a general maint tc cannot rev the spec
  hal: who are groups that can impose reqts on tc to make chgs
  chris: when something not modular, what to do, ex dsig
   was core to wss, but dsig is now chging which is creating
   issue around wss

  marc: other issues will have errata for next call

  kelvin: examples doc

   - Actions 
   - Issues 

5. Status of documents 
 errata - ready for next mtg
 examples - doc is complete; probably should edit page;
  hal: need a final edit to say Committee Spec
  Kelvin: go thru kavi, make sure all up to date

  kelvin: need cs on front page, w updated date
   names: there is opt-in; send email and let us know
  if name left out 

 -> rich send email about names, update front page of doc
    post doc to kavi, but cd's, cs puts it in place for
    cs, use tc-admin; assume they will review, let us
    know, and if ok, they will do next step

 -> kelvin to check if tc page needs updated versions

6. Plans for 2010

   next mtg, jan 6, 2010
   kelvin will gen calls for 2010 on sched

7. Other business 
8. Adjournment 

[1] http://lists.oasis-open.org/archives/ws-sx/200910/msg00001.html          
[2] http://docs.oasis-open.org/ws-sx/issues/Issues.xml 

Status changes

Gained voting


Lost voting

Don Adams
Frederick Hirsch
Michael McIntosh


Attendance has been recorded; statistics are shown below. 
If you wish you may set whether or not this meeting achieved 
quorum. If you do nothing, the quorum status will be set to because .

View Event | Modify Event | Modify Attendance

Meeting Statistics
Quorum rule 	51% of voting members
Achieved quorum 	true
Counts toward voter eligibility 	true
Individual Attendance 	Members: 9 of 120 (7%) 
Voting Members: 9 of 14 (64%) (used for quorum calculation) 
Company Attendance 	Companies: 4 of 45 (8%) 
Voting Companies: 4 of 5 (80%) 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]