RE: [wss] Draft Minutes for Sept 24th meeting

Members Present
Don Adams TIBCO
Zahid Ahmed Commerce One
Steve Anderson OpenNetwork
Conor Cahill AOL
Greg Carpenter Nokia
Paul Cotton Microsoft
Martijn de Boer SAP
Thomas DeMartini ContentGuard
Yassir Elley Sun Microsystems
Andrew Fetterer CrossLogix
Don Flinn Quadrasis
Eric Gravengaard Reactivity
Phillip Hallam-Baker Verisign
Erick Herring Digital Evolution
Jeff Hodges Sun Microsystems
Merlin Hughes Baltimore Technologies
Chris Kaler Microsoft
Yutaka Kudo Hitachi
Kelvin Lawrence IBM
Hal Lockhart Entegrity Solutions
Monica Martin Drake Certivo, Inc.
Ronald Monzillo Sun Microsystems
Bob Morgan (individual)
Tim Moses Entrust
Anthony Nadalin IBM
Andrew Nash RSA Security
Toshihiro Nishimura Fujitsu
Rob Philpott RSA Security
William Pope Choreology
Ed Reed Novell
Vipin Samar Oracle
Jerry Schwarz Oracle
Senthil Sengodan Nokia
Shawn Sharp Cyclone Commerce
John Shewchuk Microsoft
Frank Siebenlist Argonne National Lab
Andre Srinivasan E2open
Andrew Sweet Perficient
Gene Thurston AmberPoint
Steve Trythall Sonic Software
Pete Wenzel SeeBeyond

Summary of Action Items:

1) Correct minutes and resend to the list as final and approved and sent to the list. – Kelvin Lawrence
2) Post updated charter to OASIS website- Co- Chairs
3) It was agreed that the subcommittee will be publishing alternatives for the membership to consider A specific timetable was not mentioned.
4) Comments back to the editors (Tony Nadalin and Philip Hallam-Baker) of the core specification? Comments sent to the list by COB Monday 6-30
5) Issue list action items contained in detailed minutes below.

------------------------------------------------------------------------------------------------------------
Detailed Minutes

Meeting started at 7:04a Pacific

1) Roll Call

1) Roll call taken by Steve Anderson (Secretary of WSS TC)
2) Quorum was present. This meeting is an official voting meeting. 38 voting members attending.
3) Prateek asked about membership requirements. Kelvin responded with the standard TC rules including the requirement to attend the first f2f meeting of the TC and then being eligible after the 3rd f2f meetings. Hal Lockhart mentioned that individuals are members not companies and regrets have no real impact status-wise.
4) It was urged that members that cannot consistently make meetings should volunteer for observer status to alleviate quorum issues.

2) Minutes Read and Approved

Drafts were sent around concerning the f2f. ? Changes accepted by Ron Monzillo and consider the minutes read ? Discussion occurred around the roll call and a discrepancy in members that attended the initial f2f. This was resolved and the question was called on the acceptance of the minutes. No objections were heard. Action to correct the minutes incorporating the latest changes submitted to the list - Kelvin Lawrence.

It was then discussed that on Sept 16th new TC procedures were ratified and sent around to members and it was urged that voting members make themselves aware of the procedures, especially regarding intellectual property rights.

3) Naming subcommittee

Kelvin Lawrence asked the subcommittee to report progress. The subcommittee mentioned the desire for WS-Security to be kept as the name while keeping in mind the scope of this TC. It was agreed that the subcommittee will be publishing alternatives for the membership to consider A specific timetable was not mentioned.

4) Editor Update

Tony Nadalin reported that he has merged WS-Security and the WS-Addendum and separated x.509 and Kerberos components and handed off to the appropriate editors. The WSS Core specification has been sent to the list. Phillip Baker mentioned he sent the x.509 and Kerberos profile documents to the list. Regarding the SAML draft, Ron Monzillo used draft 4. The PDF went out to the list yesterday.

Jerry Schwartz brought up IP issues with RSA that arose in the first f2f. The RSA claims around SAML have do not impact this document. Rob Philpott added that there is no statement required by RSA regarding this document. The effort is to get the document submitted. RSA will go evaluate their own IPR position as soon as possible.

Core Specification – It was a straight merge of the WS-Security and Addendum. Key info versus references. Clarifications were not made around this and Philip sent language to the list. Philip summarized by saying ACTION: Tony Nadalin and Philip proposed to take a first draft for the list. Jeff mentioned that many may not have had a chance to read. What is the timeline Chris? Chris said comments should be returned within the next 6 days from today. Comments sent to the list by COB Monday 6-30. Kelvin mentioned detailed review for the next call.

Ron SAML – both of the submissions – more in around subject confirmation, but leverages Philips template for bindings. Philip took the tokens document and core and extracted the boilerplate and style and Kerberos and x.509 and they take the same form. XrML will be next. 3 separate documents. PDFs were sent to the list.

What is the process for going forward? Editors job to make the changes requested by the group. The current to-do is to perform the mergers agreed to in the f2f. Most important thing is to review. What is the power of the editor? Chris focus on grammatical errors, but content should be raised to the list. Kelvin working draft revs and track changes. Needs to propose specific changes for the list. Hal.

Review of Actions and Issues

Procedural question on the list? Pros and cons and specific change will be in this as a spreadsheet? Answer put pointers to minutes. Links to specific email messages will be added to the archives. Email will not be sufficient – JeffH. Need an issues document. Separate procedural issues from technical. 2 separate documents.

List of status and actions reviewed that were sent around on email.
John ? reviewed

Issue # - matches list document
1) Zahid Ahmed – get from document sent. Some endpoint in messaging the payload is encrypted with PK7 will need to be able propagate encrypted payloads. Need a pointer in the header not suitable for intermediary but only for endpoints. Reference attachments from the signature? Answer: You can. URI can reference an attachment. Tag type in core or separate spec. MSFT supportive of w3c work around encryption. New good way to do signatures in XML (GO with XML standards.) XML Encryption and DSIG would be preferred. W3C standard is a good one around interop. Craig Carpenter – separate conformance but spec should not be limited in support. Action: Philip said this issue arose around XML Signature with PK7 The resolution should be researched and a note should be written. Zahid volunteered for volunteer that note.
2) Procedural issue – IP submissions – to the mailing list to his email links to the messages by each author. Links to the messages.
3) Hal Lockhart to label for semantics. Sent to the list, one positive comment, but no others. Hal mentioned put together a proposal and looking for XML Schema expertise. Decided need concrete proposal and get it to the list. Read Hal's email and give comments.
4) Technical issue – why is the token in the header and not a child. Philip sent email explaining the issue. Confluence of a number of specs. XML encryption and signatures are aligned along public key architecture. Kerberos conflict you want the token at a higher level but with public key bind. Consistency or not?Addendum made statements here. Tony mentioned that not everything becomes a key. Verbage has made it into the merged document. ACTION: Review the merged documents and compare to the four security profile documents.
5) Philip and Tony will write a paragraph addressing this issue.

6) Action for the Roadmap – Kelvin sent back to folks at IBM and no answer. Same status with MSFT. Next phone call. Roadmap is public, will it be used beyond the public document today? If we reference it, get a snapshot as a submission that is why we are doing this? JeffH said since it is not required since it is not completely guided by the document. Used as a historical footnote not a roadmap or serves officially one. No work on the roadmap by our TC. ACTION: KelvinEmail on the list request clarification. Both footnotes have been dropped and will be added back.

7) Support for all versions of SOAP - closed

8) Determine use case interest; no activity on the list; reexamine in next call

9) AppNote to the TC – Action for the chair – Request to list about how we will use these documents. Stated it is out there and can be used. Copyright permission issues? Was JeffH question. Is that a problem? Chris/Kelvin ACTION talk to respective company lawyers.

10) Investigate interop fest? Need to wait for feedback from the documents; need feedback onus is on the membership.

11) Covered by 10. Need to gauge core documents.

12) Editors remove all references to WS-routing – editors done

* Motion to close 2,7,8,12: Any objection? No objection unanimous.

New Business:

Next concall and timing discussion: Proposed 2 weeks and then decide frequency. Establish bi-weekly and if more meetings are needed we can add more. Next f2f. Action item needed for more planning for f2f. Present logistics proposals next week. Send preferences to the list.

10-8 for the next concall.

Motion to adjournment approved.

wss message