[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [wss] 03-02-11 minutes, including role
this should be the final 03-02-11 minutes, including role call, unless there are any additional corrections regards, Frederick Frederick Hirsch Nokia Mobile Phones
WSS TC Call, Feb 11th 2003 Minutes Meeting Announcement: We'd like to focus this meeting on closing interoperability issues Agenda 1. Call to order, roll call 2. Reading of minutes of last meeting (Jan 28th) 3. Discuss (and close) interop issues 4. Discuss updated profile documents / report from editors 5. Initial discussion of when/where next F2F will be 6. Discuss remaining issues 7. Other business ------------------------------------------------------------------------- 1) Role Call 41 voting members present, have substantial quorum. Attendance of Voting Members Don Adams TIBCO Zahid Ahmed Commerce One Jan Alexander Systinet Toufic Boubez Layer 7 Lloyd Burch Novell Paul Cotton Microsoft William Cox BEA Venkat Danda IONA Technology Martijn de Boer SAP Don Flinn Quadrasis Eric Gravengaard Reactivity Phil Griffin Griffin Consulting Phillip Hallam-Baker VeriSign Frederick Hirsch Nokia Maryann Hondo IBM Chris Kaler Microsoft Charles Knouse Oblix Yutaka Kudo Hitachi Chris Kurt Microsoft Guillermo Lao ContentGuard Kelvin Lawrence IBM Hal Lockhart BEA Prateek Mishra Netegrity Ronald Monzillo Sun Microsystems Bob Morgan (individual) Tim Moses Entrust Anthony Nadalin IBM Nataraj Nagaratnam IBM Toshihiro Nishimura Fujitsu Rob Philpott RSA Security Hemma Prafullchandra VeriSign Rajesh Raman BEA Systems Ed Reed Novell Irving Reid Baltimore Technologies Peter Rostin RSA Security Jason Rouault HP Rich Salz DataPower Vipin Samar Oracle Jerry Schwarz Oracle Shawn Sharp Cyclone Commerce John Shewchuk Microsoft Frank Siebenlist Argonne National Lab Gene Thurston AmberPoint Ganesh Vaideeswaran Documentum John Weiland Navy Attendance of Prospective Members Peter Dapkus BEA TJ Pannu ContentGuard Membership Status Changes Peter Dapkus BEA - Granted voting status after call Monica Martin Drake Certivo, Inc. - Withdrew 2/6/2003 Peter Furniss Choreology - Lost voting status after 2/11/2003 call William Pope Choreology - Lost voting status after 2/11/2003 call ------------------------------------------------------------------------- 2) Approval of minutes from last meeting http://lists.oasis-open.org/archives/wss/200301/msg00073.html Minutes from last meeting approved ------------------------------------------------------------------------- 3) Discuss and close interop issues. New issues list posted 10 Feb: http://www.oasis-open.org/committees/wss/documents/wss-issues-10.htm John Shewchuk walked group through issues list, posted last night. #19 pending - Phil Griffin draft delivered to Tony Nadalin in Dec posted in Jan, so should be closed. Subsequent user name issues later. Ron Monzillo - not against core draft anymore. John Shewchuk - if issues will raise against new draft Ron Monzillo - perhaps form group around profiling activities. one of the alternatives John Shewchuk - recommend close this one, raise issues Gene Thurston how to do interop on just core draft, don't we need a profile Chris Kaler - we can use what we have with profiles right now How to move forward Chris Kaler - on mailing list, or on list Kelvin Lawrence- having scenarios will help us know what needs to be closed Gene Thurston specification authors, Chris Kaler - as needed Gene Thurston - sent comments, don't know who Ron Monzillo - have offered to help, but mostly tony & phil Hal Lockhart - interop should be based on specification we accept as committee spec, frozen in time, acceptance by TC - company statemenet Phil Hallam-Baker - interop is to see if problems in spec Hal don't expectit to be final committee spec Phil Hallam-Baker - don't want to start formal process for committee spec before interop = find so much in interop Hal Lockhart - only asking for vote Kelvin Lawrence- this is what we are thinking - voting on which one we should use Kelvin Lawrence- will probably want to have multiple interops Ron Monzillo - username, password likely one of the profiles included in interop Need a vote? If true, then we need to review draft in more detail Chris Kaler - go through issues, finish core then address username profile Ron Monzillo - ok John Shewchuk - #19 resolution, is closed? Any objections? Phil Griffin - agrees Request for issues list maintainer to disambiguate Phils AGREED - #19 closed. Kelvin Lawrence #10, #11 have actions on chair, should remain Pending. John Shewchuk Mark pending post-interop Chris Kaler: 11 post-interop 10 interop - postponed until through core spec ---- #28 SAML binding Ron Monzillo - need to support case where signing SAML security token. Need to understand how to reference SAML token from signature. Hard to reference, not extensible. Need to define transform. Ron, Tony, Chris will work on this transform useful flor any security token. Chris Kaler - Separate issue. Thought this was edits, needed to review edits. Jerry Schwarz - transform was my issue - haven't seen any email about it Chris Kaler- not closed, have action to write up for review Jerry Schwarz - says resolved, #63 Chris will talk about #63 when we get there. Ron Monzillo - we need to make the transform as part of another issue Chris Kaler - want to link this with other issue AGREED #28 and #63 linked together, stays pending Frederick Hirsch - Ron have you released new version including my comments Ron Monzillo - not yet, in progress --- #46 postponed pending scenarios --- #59 Editorial comments on XrML - Thomas to review changes by Phil Hallam-Baker Chris Kaler - Thomas not on call Kelvin Still a voting member Action: Guillermo Lao - will speak with Thomas Ron Monzillo - thought remaining issue was proof of possession Chris Kaler - at our next call if we haven't heard from Thomas we should close this Guillermo Lao - most of concern is proof of possession as Ron Monzillo said Ron Monzillo should make editorial changes so we don't rely on term proof of possession John Shewchuk - Guillermo can you make sure you know status Guillermo Lao - will ask Thomas to send note on status of issues 61 Pending Frederick Hirsch - check with tony, make sure in document, reviewed. (Note below that change confirmed with Tony, to be in next draft) 63 - should be pending Ron Monzillo - explanation of solution to reference problem Jerry Wrapper will have id needed John Shewchuk - optional? Jerry - yes Chris Kaler - what happened at last meeting - did not want to do wrapper, wanted to do transform instead, hence why this was closed, but needed to add action item for transform Jerry - how does this work Chris Kaler - idea of transform - simple, constrained transform, allowing use of security token reference in it, allowing it to be signed. Preferable, token not in different places in different locations, simplerer Jery You would need to duplicate token Ron, No it would be a reference. Transform binds it to specific token. Jerry assuming every secrutiy token will have a means to reference it Ron Monzillo - Transform allows a digital signature reference form to reference security token Ron Monzillo Transform has to be rich enough to support different token profiles. Jerry - wrapper doesn't need to be extended Chris - we've already established that we want to extend security token reference for each profile type. Both XrML and SAML bindings define mechanism for pointing at it. Now have common transform to use security token reference, use same mechansims Jerry what about role Ron Monzillo usage Chris Kaler - this is an open issue, #3 usage by role, Ron Monzillo need to create table of values Chris Kaler - need to add to security token reference Jerry need way to indicate purpose for usernames - why each is there. Chris Kaler - just placing in security header not enough - might need to reference, role a function of usage of token Jerry - raw reference, containing usage Ron Monzillo - example of that in SAML profile Jerry wrapper would be more direct and straightforward Chris Kaler - goal to avoid containers and extra parsing Ron Monzillo wrap tokens since binary - need way to associate, do we want to wrap them twice? Jerry Schwarz - referencing wrapper semantically to referencing wrapped token Ron Monzillo - need place for usage stuff, if wrapped, then would need to use signature meachanism to add usage, other way is simpler, with a uniform token. Every token could have enough detail to allow referenced in every possible way. Kelvin - how are we to resolve this issue John Shewchuk - Ron Monzillo made good point - we cannot identify allt he ways people might want to have info that might be refernced. Problematic to create single way, hence advantage of trasnform. Jerry, do you think transform method inadewquate Jerry Schwarz I don't understand it John Shewchuk - I propsoe we walk through it with you, rather than debate on call Write down document, with example. Ron Monzillo can help with writing Chris - ACTION Need new issue #66 to open transform. Close 28 and 63. Tony, Ron and Chris. Ron Monzillo could have both transform and wrapper. Chris security related information - allows different references Jerry Schwarz how do I know if top level token is for security John Shewchuk - namespaces, determine semantics Chris Reference invokes token, pulls into context Jerry Schwarz - top level element that is just a reference? Chris - had this a while ago, Ron Monzillo - example in SAML bindings Jerry Schwarz - I haven't read the SAML bindings. ---- Hal Usage label values - posted something on that in Dec, but there was no issue, should there be? ACTION Add item 67 - Resolve usage labels, mark post-interop draft. ----- 64 - Post interop ---- John Shewchuk - done with issues list - first time ever Issue 61 - Tony has put wording in draft, but hasn't sent it out yet. Should be going out. Chris - only two issues pending on core doc. #61, clarification, #66 is transform. Start with interop on username token or binary token, then transform does not block progress Ron Monzillo - doesn't block, but might require structural change. Jerry concern where usage information gets bound might change usage of tokens. Prateek - issue with username password - never store plain passwords, store hash. Profile is written requiring availabilty of plaintext password Chris - not sure it is true - password equivalent could be hash Phil Hallam-Baker - unless public keycrypto no way to both stores password 1 way encrypted in directory and 1 way encrypted over wire. 1 way encrypt password - residue is as good as the password. Prateek - in practicie, all we get is hash, doesn't work with this John Shewchuk - Kerberos works as PHil described, can be duplicated with the way the profile is written As written can send hash. Prateek - send messages to list, way it is written requires plaintext password at server Hal - Kerberos defines how hash is done, might need salt value in this case for example John Shewchuk - believe can carry salt as written, need to check this. Could have a problem ACTION - Examine plaintext password issue, and Prateek message. Hal also potential interoperability issue regarding hashing algorithms ACTION Issue 68 - review username password hash encryption mechanisms Phil Hallam-Baker - could decide not to resolve this, SAML authentication mechanisms have addressed this, only need to defined binding John Shewchuk - need to address issue of whether we carry correct issue Ron Monzillo Phil do you mean subject confirmation Phil Hallam-Baker need authentication server involved, public key exchange, secured encrypted link - lots of work patented by Jablon, encrypted key exchange Prateek - orthogonal to issue of real deployments that just have a hash. Do not want to have to change deployment models. John Shewchuk - agree, write down not require plain text password at server ACTION - John to capture prateeks issue, prateek to send issue by next meeting. Chris - would like new draft out by monday of next week, to allow full week review, allowing vote at next call Ron Monzillo - editors meeting would help Chris will arrange editors meeting call later this week Kelvin - Chris, we can produce a checklist allowing interop to get done. ACTION - chairs to get this checklist out Paul: Lead time for vote on committee draft? Plan needs to make this clear. Jerry Schwarz - Can you also please explain formal semantics Paul - can look at Oasis process draft Kelvin - will require several iterations - would like to avoid excessive committee spec voting Hal - most steps when making an Oasis standard submission. 2/3 of total TC no more than 1/4 voting to disapprove Kelvin - Are you working on scenarios? Chris - will send some material to list, and some is already on list. ---------------- Updated profile documents Phil Hallam-Baker - XrML draft substantially revised, primarily comments from Thomas. Changed names of X509 and Kerberos drafts, need comments before going further. Chris need to make sure username has new name. Ron Monzillo - are there implementations of the Kerberos and XrML profiles? It seems when there are implementations then there would be more comments. Are people implementing? Hal Lockhart - two levels - understand spec, understand differently --------------------- Discuss next F2F Chris possbily premature, since next F2F would require interoperability testing. Kelvin - propose dates when we put checklist out Hal Lockhart - two issues to address. 1) what sort of interop is this? Publicly announced in press or not. Chris - just a tc effort to get some implmentations going, not a pr event Hal Lockhart - must have rules to suppress information. 2) what is process for determining which scenarios for interop? how will it be driven. Chris - #1 Cannot keep people from talking. on #2, discuss scenarios, or sequence of scnerios on list then talk about it at next week. Hal Lockhart - looking for criteria for decision Kelvin - choose simpler scenarios, establish core Hal Lockhart bread and butter Kelvin will iterate Chris want some success Kelvin - not looking for announcements, want to make spec better Jerry Schwarz - call it something other than interop - "meeting with code" kelvin - just call it F2F Jerry Schwarz - if it appears on web page, it will become publicity. Just talk about F2F with code. Kelvin - will do what we can. People can read minutes. Chris - want to have codce meeting that is successful Chris could have ways to run code, then discuss outcome. Jerry Schwarz - should be part of official tc meeting, otherwise issues about NDAs and other issues. Chris - other issue is quorum Hal Lockhart - majority of people are not TC members if others writing code. Chris - not all member companies will be ready with code either Guillermo What is possibility of doing interop on web itself? Hal Lockhart - good for initial testing hard to put untested code on web Kelvin - came to this conclusion at Baltimore define cases to be tested, supply test messages, people can test code again. Hal Lockhart - is it ok for who participated and who didn't to be public information Chris - could not be F2F, not a meeting, then no minutes Jerry Schwarz - F2F for testing, another F2F meeting. Quorum at any point, then you have quorum Frederick - had problems with that in Baltimore Hal Lockhart - not clear need for an official meeting for the code work Structure event so that public information flow is appropriate. Kelvin Flow is to test and then update specs with changes. ACTIONs - Chris and Kelvin to put out proposal ------------------ Discuss remaining issues, other business. No discussion. ------------------- Kelvin - need to get scenarios out. People need to indicate what issues are preventing code work. Hal Lockhart - discussing when and where? Can we talk about where? Kelvin - a few weeks after documents are closed, need to know how long it takes to get code together. Need interoperability test cases first Hal Lockhart could be more controversial than spec itself Ron Monzillo could talk about scenarios now? Kelvin - some people were going to post scnearios Ron Monzillo - username password and X509 first Chris - reasonable as first steps Martin Should include signature stuff, including timestamp element, can be anywhere Chris element can be used anywhere - is a SOAP. Generic expiration markers etc, but timestamp header is a SOAP header. Hal Lockhart identify dimensions and decide fixed, or couple of points, then construct tests (e.g. which tokens, which flows ) === martin Chris - propose mailing list discussion on scenarios, focus on document review and completion of actions. Ron Monzillo - with use cases we can focus on document review where? A number of people have volunteered to host. Last meeting was on East coast, so perhaps on middle or West Coast. If people have suggestions please mail to list. Kelvin - shall we ajourn Don - Have put out mail with format for use cases - could be a starting point for consistency Kelvin Lawrence - will repost Guillermo - Use cases to WS-I, should repost to this list? Kelvin Lawrence - issues of rules, copyright? Chirs Kaler- someone should talk with Eve, technically copyrighted by WS-I Jerry Schwarz - just giving standards organization right to use, not transferring copyright. Kelvin Lawrence - any other business Hal Lockhart - Motion to ajourn no objection ----------------------------- Action Summary: ACTION - John to capture Prateek's issue, Prateek to send issue by next meeting. ACTION - Chris and Kelvin to put out proposal regarding interop and/or F2F ACTION - Ron to put out revision of SAML Token Profile ACTION - chairs to get interop checklist out ACTION - all - review new profiles. Issue Agreement Summary: #19 closed. #10, #11 have actions on chair, should remain Pending. 11 post-interop 10 interop - postponed until through core spec #46 postponed pending scenarios #59 Thomas to review changes by Phil Hallam-Baker, Guillermo will check with Thomas to ensure Thomas posts message to list. Will close on next call if no response. #61 pending - Tony has made change, draft to be posted later for review. #63 - pending #64 - Post interop New issue: #66 - transform. Close 28 and 63. Tony, Ron and Chris. (Subsequent to early decision to link 28 and 63 and keep pending) New issue: 67 - Resolve usage labels, mark post-interop draft. New Issue 68 - review username password hash encryption mechanisms
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC