[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for Telecon, Tuesday 21 October 2003
Minutes for WSSTC Telecon, Tuesday 21 October 2003 Dial in info: 1-954-797-0718 Passcode: 525362 Minutes taken by Steve Anderson ====================================================================== Summary ====================================================================== Votes: - Minutes from 7 October 2003 meeting accepted (unanimous) New (General) Action Items: - none Issues List Action Items & Status Updates: - [New ISSUE] Clarify SAML version requirements in SAML Token Profile - 165 - CLOSED - 166: - PENDING - [ACTION] Editors to update per issue - 167: - PENDING - [ACTION] Editors to update per issue - 168: - PENDING - [ACTION] Editors to update per issue - 169: - [ACTION] Hal to discuss weakness described in Issue 169, and to make proposal - [ACTION] Jerry to post his alternative also - OPEN - 170: - CLOSED - 171: - PENDING - [ACTION] Editors to make pass through docs - 172: - PENDING - [ACTION] Editors to add statement that either SOAP 1.1 or 1.2 can be used, and we don't make a specific recommendation - 173: - PENDING - [ACTION] Editors to ensure SOAP terminology is consistent - [ACTION] Hal to investigate inconsistencies between uses of SOAP 1.1 and 1.2, and possibly add material in an Appendix - 174: - PENDING - [ACTION] Editors to make examples consistent with SOAP 1.1 - 175: - PENDING - [ACTION] Editors to update per issue - 176: - PENDING - [ACTION] Editors to update per issue - 177: - PENDING - [ACTION] Editors to update per issue - 178: - PENDING - [ACTION] Editors to update per issue - 179: - PENDING - [ACTION] Editors to add square bracket notation - 180: - PENDING - [ACTION] Editors to update per issue - 181: - CLOSED - 182: - PENDING - [ACTION] Editors to update per issue - 183: - PENDING - [ACTION] Editors to update per issue - 184: - PENDING - [ACTION] Editors to update per issue - 185 - CLOSED - 186 - PENDING - [ACTION] Editors to update per issue - 187 - PENDING - [ACTION] Editors to add clarifying text - 188: - PENDING - [ACTION] Editors to update per issue - 189: - PENDING - [ACTION] Editors to remove untestable assertion in line 450 - 190: - [ACTION] Irving to post text for clarifying MustUnderstand in WSS - 191 - PENDING - [ACTION] Editors to update per issue - 192 - PENDING - [ACTION] Editors to remove the sentence at line 503 - 193: - CLOSED - 194 - PENDING - [ACTION] Editors to update per issue - 195 - DEFERRED - 196: - OPEN - 197: - PENDING - [ACTION] Editors to update per issue - 198: - PENDING - [ACTION] Editorials to clean up text for issue 198 - 199 - PENDING - [ACTION] Editors to update per issue - 200 - [ACTION] Hal to look this up and determine what to put in table - PENDING - 201: - PENDING - [ACTION] Editors to update per issue - 202: - PENDING - [ACTION] Editors to update per issue - 203: - PENDING - [ACTION] Editors to update per issue - 204 - PENDING - [ACTION] in line 855, Editors to clarify what we mean - 205 - PENDING - [ACTION] Editors to add bullet for Issue 205 - 206 - PENDING - [ACTION] Hal to write up explanation for issue 206 - 207 - PENDING - [ACTION] Editors to fill out whole table - 208 - PENDING - [ACTION] Editors to update per issue - 209 - PENDING - [ACTION] Editors to update per issue - 210 - PENDING - [ACTION] Editors to update per issue - 211 - PENDING - [ACTION] Editors to update per issue - 212 - PENDING - [ACTION] Editors to update per issue - 213 - PENDING - [ACTION] Editors to update per issue - 214 - PENDING - [ACTION] Editors to clean up duplicate text - 215 - PENDING - [ACTION] Editors to update per issue - 216 - PENDING - [ACTION] Editors to update per issue - 217 - PENDING - [ACTION] Jerry to propose explanation wording - 218 - PENDING - [ACTION] Editors to update per issue - 219 - PENDING - [ACTION] Editors to update per issue - 220 - PENDING - [ACTION] Editors to update per issue - 221 - PENDING - [ACTION] Editors to update per issue - 222 - PENDING - [ACTION] Editors to update per issue - 223 - CLOSED - 224 - PENDING - [ACTION] Editors to update per issue - 225 - PENDING - [ACTION] Editors to update per issue - 226 - PENDING - [ACTION] Editors to update per issue - 227 - PENDING - [ACTION] Editors to update per issue - 228 - PENDING - [ACTION] Editors to make any clarifications necessary for SOAP versions - 229 - PENDING - [ACTION] Editors to update per issue - 230 - PENDING - [ACTION] Editors to update per issue - 231 - PENDING - [ACTION] Editors to update per issue - 232 - PENDING - [ACTION] Editors to clarify that this is a partial list of security considerations - 233 - [ACTION] Editors to move the Username and X509 specific security considerations to their own profiles - [ACTION] Paula to provide security considerations material - OPEN ====================================================================== Raw Notes ====================================================================== > > Agenda: > > 1. Roll call > - Attendance attached to bottom of these minutes - Quorum achieved > > 2. Review minutes from previous meeting (10/7/2003) > < http://lists.oasis-open.org/archives/wss/ > 200310/msg00015.html > > - [VOTE] unanimous consent, accepted > > 3. Public Review status and current comments > For comments just received from W3C XMLP WG see > < http://lists.oasis-open.org/archives/wss-comment/ > 200310/msg00016.html > > - Chris: all comments have been folded into the issues list - looking for doc status from editors - Phill: was looking for signoff from Merlin on a couple issues - Merlin: will take a look - Ron: hasn't put out new draft - there was a draft regarding interop - has spent some time making changes - will release new revision soon - Tony: has been incorporating changes from issues list, but no new revision has been posted - Chris: there are about 8 changes needed for Phill's docs - Phill: will work on those - Tony: comment period has closed, right? - Chris: yes - Hal: may want to discuss the SAML interop doc Prateek posted yesterday - mostly just announcing it - Prateek: was written by Richard Levinson - ready for comment - Ron: looked through it, and looks good - Tony: what version of SAML does it require? 1.1? - Ron: will take as an issue to make clear in the profile - [ISSUE] Clarify SAML version requirements in SAML Token Profile > > 4. Issues list review > - Chris: Starting at 166 - 166: - seems reasonable - PENDING - [ACTION] Editors to update per issue - 167: - had already agreed to do this - PENDING - [ACTION] Editors to update per issue - 168: - no objections to doing this - PENDING - [ACTION] Editors to update per issue - 169: - any objection to noting this, but not making any change - Irving: concerned about this - way to fix this is with challenge response - or by adding target indicator - Jerry: alternative of adding an attribute - [ACTION] Hal to discuss weakness described in Issue 169, and to make proposal - Jerry to post his alternative also - OPEN - 170: - OASIS issue - CLOSED - will pass feedback on to OASIS - 171: - PENDING - [ACTION] Editors to make pass through docs - 172: - Tony: we should state that we support SOAP 1.1 and 1.2, and change some of the examples - Chris: we should add a statement saying that you can also do everything in the spec with 1.2 - but not in favor of tilling the whole document - ???: there are some definitions that change with 1.2 - Chris: let's change the affected areas, but changing the examples isn't worth the effort - Hal: there are 3 issues in a row that deal with 1.1 vs. 1.2 - one of them is the big one, reworking the whole spec - shares concern of scope of that work, but still need to consider it - Ron: should we make statement that examples are 1.1-specific? - Chris: yes, definitely - PENDING - [ACTION] Editors to add statement that either SOAP 1.1 or 1.2 can be used, and we don't make a specific recommendation - 173: - Chris: we should use the 1.1 terminology, because it's most predominant - Hal: argument is that 1.2 terms are more rigorously defined - [example involving digital signatures] - not sure of all ramifications, but it should be given a look - PENDING - [ACTION] Editors to ensure SOAP terminology is consistent - Ron: are we going to have a section describing differences when 1.2 is used? - Chris: yes, editors should indicate clearly when they are citing SOAP, which version - [ACTION] Hal to investigate inconsistencies between uses of SOAP 1.1 and 1.2, and possibly add material in an Appendix - 174: - PENDING - [ACTION] Editors to make examples consistent with SOAP 1.1 - Ron: why 1.1? - Chris: involves the least changes - Jerry: but if we discuss differences regarding SOAP 1.2 in the appendix, we should provide examples - Chris: yes - Ron: the comments suggest that we use the 1.2 terminology because it is more precise - Chris: all our interop has been based on 1.1, so it would be more disruptive to move to 1.2 terms - Ron: not a SOAP expert, but it appears that the SOAP experts are suggesting that we're using outdated SOAP terms - 175: - PENDING - [ACTION] Editors to update per issue - 176: - PENDING - [ACTION] Editors to update per issue - Hal: there's either a comment from the original email missing in the issues list, or it got folded into another issue - [discussion, resolved that the one was folded into another issue] - 177: - PENDING - [ACTION] Editors to update per issue - 178: - PENDING - [ACTION] Editors to update per issue - 179: - PENDING - [ACTION] Editors to add square bracket notation - 180: - PENDING - [ACTION] Editors to update per issue - 181: - CLOSED - duplicate of issue 31 - 182: - decision has been to stay with SOAP 1.1 - any references with SOAP 1.2 should be up-to-date references - PENDING - [ACTION] Editors to update per issue - 183: - PENDING - [ACTION] Editors to update per issue - 184: - PENDING - [ACTION] Editors to update per issue - 185 - CLOSED - duplicate of issue 174 - 186 - PENDING - [ACTION] Editors to update per issue - 187 - Chris: we've gotten this question repeatedly - need to add a sentence explaining this - Hal: some people understand why we've done it, but are suggesting adding a role that isn't targeted at anyone specific, and states ordering - doesn't expect us to take that up - PENDING - [ACTION] Editors to add clarifying text - 188: - Tony: we've been changing this quite a lot - Hal: seems to be the fault of the XMLP folks being unclear - Chris: can add examples of consumed, like decrypting for purpose of verifying signatures, but passing encrypted data forward - PENDING - [ACTION] Editors to update per issue - Hal: thinks this is technical, not editorial, since it affects semantics - Chris: ok - 189: - Hal: the other way to solve this is to declare what profiles you support in the message - combining discussion of this issue and the next one ... - Jerry: this case is the reverse of case he's concerned with - Hal: then agrees with Chris - PENDING - [ACTION] Editors to remove untestable assertion in line 450 - 190: - Hal: they think our "no applied semantics" conflicts with SOAP's required semantics of MustUnderstand - Tony: can we just point back to SOAP - Steve: how about "no additional semantics" beyond SOAP - Hal: SOAP would require that new versions of WSS would have to be rejected by receivers written to previous versions - if you see anything in the header, you have to reject it - Chris: we discussed it at a F2F that we didn't want MustUnderstand to extend in depth - deliberately ambiguous - Hal: the XMLP folks say that is illegal - Irving: you can parse the security header, and conclude that a particular item is optional, and ignore it - [ACTION] Irving to post text for clarifying MustUnderstand in WSS - Chris: we'll see if the XMLP folks are ok with that - 191 - PENDING - [ACTION] Editors to update per issue - 192 - Chris: needs clarification around what to do with extensions you don't understand - Tony: this is just in core - details of processing tokens is up to the profile - Hal: still a question of what to do if you don't understand one - Jerry: suggests we drop the sentence - PENDING - [ACTION] Editors to remove the sentence at line 503 - 193: - duplicate of issue 185 - CLOSED - 194 - should be "attribute value" - PENDING - [ACTION] Editors to update per issue - 195 - Chris: not inclined to change - Irving: thinks this is a valid point - it is perfectly implementable, but not doing anyone any service by inventing new typing service - Chris: is it worth making the change now? - for anything new we do, we should heed this advice - DEFERRED - 196: - Chris: just to be consistent with the ValueType attr - Hal: given the confusion, thinks we should make this change - Chris: but it breaks interop - Irving: it wasn't used in the interop scenarios, and since it is complicating signatures, it should be changed - [discussion of larger issue of c14n of QNames] - Hal: proposes we leave this open until next meeting - Chris: not compelled to invalidate interop testing - OPEN - 197: - Chris: proposes we do same thing as with Username Token, and remove the line - PENDING - [ACTION] Editors to update per issue - 198: - PENDING - [ACTION] Editorials to clean up text for issue 198 - 199 - Hal: two cases - in general cover issue that implementation only supports certain tokens, and therefore STRs pointing to such tokens - if you find an extensibility item you don't understand, you fault the message - in the token profiles, need to say if you get extensions you don't understand, you have to fault - PENDING - [ACTION] Editors to update per issue - 200 - Chris: any objection of just listing this in the table? - [ACTION] Hal to look this up and determine what to put in table - PENDING - 201: - PENDING - [ACTION] Editors to update per issue - 202: - PENDING - [ACTION] Editors to update per issue - 203: - PENDING - [ACTION] Editors to update per issue - 204 - Hal: what they have in mind is not what we had in mind - PENDING - [ACTION] in line 855, Editors to clarify what we mean - 205 - PENDING - [ACTION] Editors to add bullet for Issue 205 - 206 - PENDING - [ACTION] Hal to write up explanation for issue 206 - 207 - PENDING - [ACTION] Editors to fill out whole table - 208 - PENDING - [ACTION] Editors to update per issue - 209 - PENDING - [ACTION] Editors to update per issue - 210 - PENDING - [ACTION] Editors to update per issue - 211 - PENDING - [ACTION] Editors to update per issue - 212 - PENDING - [ACTION] Editors to update per issue - 213 - PENDING - [ACTION] Editors to update per issue - 214 - Tony: don't understand - where it duplicates, we can clean up, but it serves a different purpose - PENDING - [ACTION] Editors to clean up duplicate text - 215 - PENDING - [ACTION] Editors to update per issue - 216 - PENDING - [ACTION] Editors to update per issue - 217 - Jerry: this comes up, and deserves a clarification - Chris: there was a long email discussion on this - both sides need access to same secret data (password/equivalent) - Jerry: in many environments, this isn't feasible - Tony: whether you use it or not is a matter of how you want to use it - PENDING - [ACTION] Jerry to propose explanation wording - 218 - PENDING - [ACTION] Editors to update per issue - 219 - Chris: proposes we change this to a normative RECOMMEND - PENDING - [ACTION] Editors to update per issue - 220 - PENDING - [ACTION] Editors to update per issue - 221 - PENDING - [ACTION] Editors to update per issue - 222 - similar change as earlier, using square bracket notation - PENDING - [ACTION] Editors to update per issue - 223 - duplicate of Issue 31 - CLOSED - 224 - PENDING - [ACTION] Editors to update per issue - 225 - PENDING - [ACTION] Editors to update per issue - 226 - PENDING - [ACTION] Editors to update per issue - 227 - PENDING - [ACTION] Editors to update per issue - 228 - all profiles should be consistent with core - as per earlier discussion, we will stick with SOAP 1.1 - PENDING - [ACTION] Editors to make any clarifications necessary for SOAP versions - Phill: should examples that are now SOAP 1.2 specific be changed to be SOAP 1.1 specific? - Chris: yes - 229 - PENDING - [ACTION] Editors to update per issue - 230 - Chris: any objection to clarifying that this is only about signatures? - [none] - PENDING - [ACTION] Editors to update per issue - 231 - PENDING - [ACTION] Editors to update per issue - 232 - PENDING - [ACTION] Editors to clarify that this is a partial list of security considerations - 233 - Paula: found the security considerations very confusing - [ACTION] Editors to move the Username and X509 specific security considerations to their own profiles - [ACTION] Paula to provide security considerations material - OPEN - jumping back to SAML stuff - 165 - Ron: both Hal and I responded, but the submitter didn't respond back - Chris: were replies public? - Ron: both were to WSS-Comment - CLOSED - Chris: lots of work for editors > > 5. Other business > - none > > 6. Adjourn > - Adjourned ----------------------------------------------------------------------- Attendance of Voting Members: Frank Siebenlist Argonne National Lab Merlin Hughes Baltimore Technologies Peter Dapkus BEA Hal Lockhart BEA Symon Chang CommerceOne TJ Pannu ContentGuard Sam Wei Documentum Tim Moses Entrust Toshihiro Nishimura Fujitsu Irving Reid HP Jason Rouault HP Yutaka Kudo Hitachi Derek Fu IBM Maryann Hondo IBM Anthony Nadalin IBM Ron Williams IBM Bob Morgan Individual Paul Cotton Microsoft Vijay Gajjala Microsoft Chris Kaler Microsoft Ellen McDermott Microsoft Prateek Mishra Netegrity Frederick Hirsch Nokia Abbie Barbir Nortel Lloyd Burch Novell Howard Melman Novell Ed Reed Novell Charles Knouse Oblix Steve Anderson OpenNetwork Jerry Schwarz Oracle Eric Gravengaard Reactivity Rob Philpott RSA Security Martijn de Boer SAP Pete Wenzel SeeBeyond Yassir Elley Sun Microsystems Ronald Monzillo Sun Microsystems Don Adams TIBCO John Weiland US Navy Phillip Hallam-Baker VeriSign Attendance of Observers or Prospective Members: Blake Dournaee Sarvega Kefeng Chen GeoTraust Richard Levinson Netegrity Coumara Radja Sarvega Paula Austel IBM Michael McIntosh IBM Membership Status Changes: Peter Dapkus BEA - Returned from LOA 10/21/2003 Shawn Sharp Cyclone Commerce - Lost status due to inactivity Rich Salz DataPower - Lost status due to inactivity Chris Kurt Microsoft - Lost status due to inactivity Mark O'Neill Vordel - Lost status due to inactivity Coumara Radja Sarvega - Requested membership 9/23/2003 Kefeng Chen GeoTrust - Requested membership 10/1/2003 Blake Dournaee Sarvega - Requested membership 10/8/2003 Richard Levinson Netegrity - Requested membership 10/14/2003 -- Steve Anderson OpenNetwork
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]