OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Minutes for Telecon, Tuesday 21 October 2003


Minutes for WSSTC Telecon, Tuesday 21 October 2003
Dial in info: 1-954-797-0718  Passcode: 525362 
Minutes taken by Steve Anderson

======================================================================
                              Summary
======================================================================

  Votes:
  
    - Minutes from 7 October 2003 meeting accepted (unanimous)
  
  New (General) Action Items:
  
    - none
    
  Issues List Action Items & Status Updates:
  
    - [New ISSUE] Clarify SAML version requirements in SAML Token Profile
	- 165
		- CLOSED
	- 166: 
		- PENDING
		- [ACTION] Editors to update per issue
	- 167:
		- PENDING
		- [ACTION] Editors to update per issue
	- 168:
		- PENDING
		- [ACTION] Editors to update per issue
	- 169:
		- [ACTION] Hal to discuss weakness described in Issue 169, and 
		  to make proposal
		- [ACTION] Jerry to post his alternative also
		- OPEN
	- 170: 
		- CLOSED
	- 171:
		- PENDING
		- [ACTION] Editors to make pass through docs
	- 172:
		- PENDING
		- [ACTION] Editors to add statement that either SOAP 1.1 or 1.2
		  can be used, and we don't make a specific recommendation
	- 173:
		- PENDING
		- [ACTION] Editors to ensure SOAP terminology is consistent
		- [ACTION] Hal to investigate inconsistencies between uses of 
		  SOAP 1.1 and 1.2, and possibly add material in an Appendix
	- 174:
		- PENDING
		- [ACTION] Editors to make examples consistent with SOAP 1.1
	- 175:
		- PENDING
		- [ACTION] Editors to update per issue
	- 176:
		- PENDING
		- [ACTION] Editors to update per issue
	- 177: 
		- PENDING
		- [ACTION] Editors to update per issue
	- 178: 
		- PENDING
		- [ACTION] Editors to update per issue
	- 179:
		- PENDING
		- [ACTION] Editors to add square bracket notation
	- 180:
		- PENDING
		- [ACTION] Editors to update per issue
	- 181:
		- CLOSED
	- 182:
		- PENDING
		- [ACTION] Editors to update per issue
	- 183:
		- PENDING
		- [ACTION] Editors to update per issue
	- 184:
		- PENDING
		- [ACTION] Editors to update per issue
	- 185
		- CLOSED
	- 186
		- PENDING
		- [ACTION] Editors to update per issue
	- 187
		- PENDING
		- [ACTION] Editors to add clarifying text
	- 188:
		- PENDING
		- [ACTION] Editors to update per issue
	- 189:
		- PENDING
		- [ACTION] Editors to remove untestable assertion in line 450
	- 190:
		- [ACTION] Irving to post text for clarifying MustUnderstand in
		  WSS
	- 191
		- PENDING
		- [ACTION] Editors to update per issue
	- 192
		- PENDING
		- [ACTION] Editors to remove the sentence at line 503
	- 193:
		- CLOSED
	- 194
		- PENDING
		- [ACTION] Editors to update per issue
	- 195
		- DEFERRED
	- 196:
		- OPEN
	- 197:
		- PENDING
		- [ACTION] Editors to update per issue
	- 198:
		- PENDING
		- [ACTION] Editorials to clean up text for issue 198
	- 199
		- PENDING
		- [ACTION] Editors to update per issue
	- 200
		- [ACTION] Hal to look this up and determine what to put in table
		- PENDING
	- 201: 
		- PENDING
		- [ACTION] Editors to update per issue
	- 202:
		- PENDING
		- [ACTION] Editors to update per issue
	- 203:
		- PENDING
		- [ACTION] Editors to update per issue
	- 204
		- PENDING
		- [ACTION] in line 855, Editors to clarify what we mean
	- 205
		- PENDING
		- [ACTION] Editors to add bullet for Issue 205
	- 206
		- PENDING
		- [ACTION] Hal to write up explanation for issue 206
	- 207
		- PENDING
		- [ACTION] Editors to fill out whole table
	- 208
		- PENDING
		- [ACTION] Editors to update per issue
	- 209
		- PENDING
		- [ACTION] Editors to update per issue
	- 210
		- PENDING
		- [ACTION] Editors to update per issue
	- 211
		- PENDING
		- [ACTION] Editors to update per issue
	- 212
		- PENDING
		- [ACTION] Editors to update per issue
	- 213
		- PENDING
		- [ACTION] Editors to update per issue
	- 214
		- PENDING
		- [ACTION] Editors to clean up duplicate text
	- 215
		- PENDING
		- [ACTION] Editors to update per issue
	- 216
		- PENDING
		- [ACTION] Editors to update per issue
	- 217
		- PENDING
		- [ACTION] Jerry to propose explanation wording
	- 218
		- PENDING
		- [ACTION] Editors to update per issue
	- 219
		- PENDING
		- [ACTION] Editors to update per issue
	- 220
		- PENDING
		- [ACTION] Editors to update per issue
	- 221
		- PENDING
		- [ACTION] Editors to update per issue
	- 222
		- PENDING
		- [ACTION] Editors to update per issue
	- 223
		- CLOSED
	- 224
		- PENDING
		- [ACTION] Editors to update per issue
	- 225
		- PENDING
		- [ACTION] Editors to update per issue
	- 226
		- PENDING
		- [ACTION] Editors to update per issue
	- 227
		- PENDING
		- [ACTION] Editors to update per issue
	- 228
		- PENDING
		- [ACTION] Editors to make any clarifications necessary for SOAP 
		  versions
	- 229
		- PENDING
		- [ACTION] Editors to update per issue
	- 230
		- PENDING
		- [ACTION] Editors to update per issue
	- 231
		- PENDING
		- [ACTION] Editors to update per issue
	- 232
		- PENDING
		- [ACTION] Editors to clarify that this is a partial list of
		  security considerations
	- 233
		- [ACTION] Editors to move the Username and X509 specific
		  security considerations to their own profiles
		- [ACTION] Paula to provide security considerations material
		- OPEN
    
======================================================================
                             Raw Notes
======================================================================

> 
> Agenda:
> 
> 1. Roll call
>

- Attendance attached to bottom of these minutes
- Quorum achieved

> 
> 2. Review minutes from previous meeting (10/7/2003)
>    < http://lists.oasis-open.org/archives/wss/
>      200310/msg00015.html >
>

- [VOTE] unanimous consent, accepted

> 
> 3. Public Review status and current comments 
>    For comments just received from W3C XMLP WG see 
>    < http://lists.oasis-open.org/archives/wss-comment/
>      200310/msg00016.html >
>

- Chris: all comments have been folded into the issues list
- looking for doc status from editors
- Phill: was looking for signoff from Merlin on a couple issues
- Merlin: will take a look
- Ron: hasn't put out new draft
	- there was a draft regarding interop
	- has spent some time making changes
	- will release new revision soon
- Tony: has been incorporating changes from issues list, but no new
  revision has been posted
- Chris: there are about 8 changes needed for Phill's docs
- Phill: will work on those
- Tony: comment period has closed, right?
- Chris: yes
- Hal: may want to discuss the SAML interop doc Prateek posted yesterday
- mostly just announcing it
- Prateek: was written by Richard Levinson
- ready for comment
- Ron: looked through it, and looks good
- Tony: what version of SAML does it require? 1.1?
- Ron: will take as an issue to make clear in the profile
- [ISSUE] Clarify SAML version requirements in SAML Token Profile

> 
> 4. Issues list review
>

- Chris: Starting at 166
- 166: 
	- seems reasonable
	- PENDING
	- [ACTION] Editors to update per issue
- 167:
    - had already agreed to do this
    - PENDING
	- [ACTION] Editors to update per issue
- 168:
	- no objections to doing this
	- PENDING
	- [ACTION] Editors to update per issue
- 169:
	- any objection to noting this, but not making any change
	- Irving: concerned about this
	- way to fix this is with challenge response
	- or by adding target indicator
	- Jerry: alternative of adding an attribute
	- [ACTION] Hal to discuss weakness described in Issue 169, and to
	  make proposal
		- Jerry to post his alternative also
	- OPEN
- 170: 
	- OASIS issue
	- CLOSED
	- will pass feedback on to OASIS
- 171:
	- PENDING
	- [ACTION] Editors to make pass through docs
- 172:
	- Tony: we should state that we support SOAP 1.1 and 1.2, and change
	  some of the examples
	- Chris: we should add a statement saying that you can also do 
	  everything in the spec with 1.2
	- but not in favor of tilling the whole document
	- ???: there are some definitions that change with 1.2
	- Chris: let's change the affected areas, but changing the examples
	  isn't worth the effort
	- Hal: there are 3 issues in a row that deal with 1.1 vs. 1.2
	- one of them is the big one, reworking the whole spec
	- shares concern of scope of that work, but still need to consider
	  it
	- Ron: should we make statement that examples are 1.1-specific?
	- Chris: yes, definitely
	- PENDING
	- [ACTION] Editors to add statement that either SOAP 1.1 or 1.2 can
	  be used, and we don't make a specific recommendation
- 173:
    - Chris: we should use the 1.1 terminology, because it's most
      predominant
    - Hal: argument is that 1.2 terms are more rigorously defined
    - [example involving digital signatures]
    - not sure of all ramifications, but it should be given a look
    - PENDING
    - [ACTION] Editors to ensure SOAP terminology is consistent
    - Ron: are we going to have a section describing differences when
      1.2 is used?
    - Chris: yes, editors should indicate clearly when they are citing
      SOAP, which version
    - [ACTION] Hal to investigate inconsistencies between uses of 
      SOAP 1.1 and 1.2, and possibly add material in an Appendix
- 174:
	- PENDING
	- [ACTION] Editors to make examples consistent with SOAP 1.1
	- Ron: why 1.1?
	- Chris: involves the least changes
	- Jerry: but if we discuss differences regarding SOAP 1.2 in the 
	  appendix, we should provide examples
	- Chris: yes
	- Ron: the comments suggest that we use the 1.2 terminology because
	  it is more precise
	- Chris: all our interop has been based on 1.1, so it would be more
	  disruptive to move to 1.2 terms
	- Ron: not a SOAP expert, but it appears that the SOAP experts are
	  suggesting that we're using outdated SOAP terms
- 175:
    - PENDING
	- [ACTION] Editors to update per issue
- 176:
    - PENDING
	- [ACTION] Editors to update per issue
    - Hal: there's either a comment from the original email missing in
      the issues list, or it got folded into another issue
    - [discussion, resolved that the one was folded into another issue]
- 177: 
    - PENDING
	- [ACTION] Editors to update per issue
- 178: 
    - PENDING
	- [ACTION] Editors to update per issue
- 179:
    - PENDING
    - [ACTION] Editors to add square bracket notation
- 180:
    - PENDING
	- [ACTION] Editors to update per issue
- 181:
    - CLOSED
    - duplicate of issue 31
- 182:
    - decision has been to stay with SOAP 1.1
    - any references with SOAP 1.2 should be up-to-date references
    - PENDING
	- [ACTION] Editors to update per issue
- 183:
    - PENDING
	- [ACTION] Editors to update per issue
- 184:
    - PENDING
	- [ACTION] Editors to update per issue
- 185
    - CLOSED
    - duplicate of issue 174
- 186
    - PENDING
	- [ACTION] Editors to update per issue
- 187
    - Chris: we've gotten this question repeatedly
    - need to add a sentence explaining this
    - Hal: some people understand why we've done it, but are suggesting
      adding a role that isn't targeted at anyone specific, and states
      ordering
    - doesn't expect us to take that up
    - PENDING
    - [ACTION] Editors to add clarifying text
- 188:
    - Tony: we've been changing this quite a lot
    - Hal: seems to be the fault of the XMLP folks being unclear
    - Chris: can add examples of consumed, like decrypting for purpose
      of verifying signatures, but passing encrypted data forward
    - PENDING
	- [ACTION] Editors to update per issue
    - Hal: thinks this is technical, not editorial, since it affects
      semantics
    - Chris: ok
- 189:
    - Hal: the other way to solve this is to declare what profiles you 
      support in the message
    - combining discussion of this issue and the next one ...
    - Jerry: this case is the reverse of case he's concerned with
    - Hal: then agrees with Chris
    - PENDING
    - [ACTION] Editors to remove untestable assertion in line 450
- 190:
    - Hal: they think our "no applied semantics" conflicts with SOAP's
      required semantics of MustUnderstand
    - Tony: can we just point back to SOAP
    - Steve: how about "no additional semantics" beyond SOAP
    - Hal: SOAP would require that new versions of WSS would have to be
      rejected by receivers written to previous versions
    - if you see anything in the header, you have to reject it
    - Chris: we discussed it at a F2F that we didn't want MustUnderstand
      to extend in depth
    - deliberately ambiguous
    - Hal: the XMLP folks say that is illegal
    - Irving: you can parse the security header, and conclude that a
      particular item is optional, and ignore it
    - [ACTION] Irving to post text for clarifying MustUnderstand in WSS
    - Chris: we'll see if the XMLP folks are ok with that
- 191
    - PENDING
	- [ACTION] Editors to update per issue
- 192
    - Chris: needs clarification around what to do with extensions you
      don't understand
    - Tony: this is just in core
    - details of processing tokens is up to the profile
    - Hal: still a question of what to do if you don't understand one
    - Jerry: suggests we drop the sentence
    - PENDING
    - [ACTION] Editors to remove the sentence at line 503
- 193:
    - duplicate of issue 185
    - CLOSED
- 194
    - should be "attribute value"
    - PENDING
	- [ACTION] Editors to update per issue
- 195
    - Chris: not inclined to change
    - Irving: thinks this is a valid point
    - it is perfectly implementable, but not doing anyone any service
      by inventing new typing service
    - Chris: is it worth making the change now?
    - for anything new we do, we should heed this advice
    - DEFERRED
- 196:
    - Chris: just to be consistent with the ValueType attr
    - Hal: given the confusion, thinks we should make this change
    - Chris: but it breaks interop
    - Irving: it wasn't used in the interop scenarios, and since it is
      complicating signatures, it should be changed
    - [discussion of larger issue of c14n of QNames]
    - Hal: proposes we leave this open until next meeting
    - Chris: not compelled to invalidate interop testing
    - OPEN
- 197:
    - Chris: proposes we do same thing as with Username Token, and 
      remove the line
    - PENDING
	- [ACTION] Editors to update per issue
- 198:
    - PENDING
    - [ACTION] Editorials to clean up text for issue 198
- 199
    - Hal: two cases
        - in general cover issue that implementation only supports 
          certain tokens, and therefore STRs pointing to such tokens
        - if you find an extensibility item you don't understand, you
          fault the message
    - in the token profiles, need to say if you get extensions you don't
      understand, you have to fault
    - PENDING
	- [ACTION] Editors to update per issue
- 200
    - Chris: any objection of just listing this in the table?
    - [ACTION] Hal to look this up and determine what to put in table
    - PENDING
- 201: 
    - PENDING
	- [ACTION] Editors to update per issue
- 202:
    - PENDING
	- [ACTION] Editors to update per issue
- 203:
    - PENDING
	- [ACTION] Editors to update per issue
- 204
    - Hal: what they have in mind is not what we had in mind
    - PENDING
    - [ACTION] in line 855, Editors to clarify what we mean
- 205
    - PENDING
    - [ACTION] Editors to add bullet for Issue 205
- 206
    - PENDING
    - [ACTION] Hal to write up explanation for issue 206
- 207
    - PENDING
    - [ACTION] Editors to fill out whole table
- 208
    - PENDING
	- [ACTION] Editors to update per issue
- 209
    - PENDING
	- [ACTION] Editors to update per issue
- 210
    - PENDING
	- [ACTION] Editors to update per issue
- 211
    - PENDING
	- [ACTION] Editors to update per issue
- 212
    - PENDING
	- [ACTION] Editors to update per issue
- 213
    - PENDING
	- [ACTION] Editors to update per issue
- 214
    - Tony: don't understand
    - where it duplicates, we can clean up, but it serves a different
      purpose
    - PENDING
    - [ACTION] Editors to clean up duplicate text
- 215
    - PENDING
	- [ACTION] Editors to update per issue
- 216
    - PENDING
	- [ACTION] Editors to update per issue
- 217
    - Jerry: this comes up, and deserves a clarification
    - Chris: there was a long email discussion on this
    - both sides need access to same secret data (password/equivalent)
    - Jerry: in many environments, this isn't feasible
    - Tony: whether you use it or not is a matter of how you want to use
      it
    - PENDING
    - [ACTION] Jerry to propose explanation wording
- 218
    - PENDING
	- [ACTION] Editors to update per issue
- 219
    - Chris: proposes we change this to a normative RECOMMEND
    - PENDING
	- [ACTION] Editors to update per issue
- 220
    - PENDING
	- [ACTION] Editors to update per issue
- 221
    - PENDING
	- [ACTION] Editors to update per issue
- 222
    - similar change as earlier, using square bracket notation
    - PENDING
	- [ACTION] Editors to update per issue
- 223
    - duplicate of Issue 31
    - CLOSED
- 224
    - PENDING
	- [ACTION] Editors to update per issue
- 225
    - PENDING
	- [ACTION] Editors to update per issue
- 226
    - PENDING
	- [ACTION] Editors to update per issue
- 227
    - PENDING
	- [ACTION] Editors to update per issue
- 228
    - all profiles should be consistent with core
    - as per earlier discussion, we will stick with SOAP 1.1
    - PENDING
    - [ACTION] Editors to make any clarifications necessary for SOAP 
      versions
    - Phill: should examples that are now SOAP 1.2 specific be changed
      to be SOAP 1.1 specific?
    - Chris: yes
- 229
    - PENDING
	- [ACTION] Editors to update per issue
- 230
    - Chris: any objection to clarifying that this is only about
      signatures?
    - [none]
    - PENDING
	- [ACTION] Editors to update per issue
- 231
    - PENDING
	- [ACTION] Editors to update per issue
- 232
    - PENDING
    - [ACTION] Editors to clarify that this is a partial list of security
      considerations
- 233
    - Paula: found the security considerations very confusing
    - [ACTION] Editors to move the Username and X509 specific security
      considerations to their own profiles
    - [ACTION] Paula to provide security considerations material
    - OPEN
- jumping back to SAML stuff
- 165
    - Ron: both Hal and I responded, but the submitter didn't respond
      back
    - Chris: were replies public?
    - Ron: both were to WSS-Comment
    - CLOSED
- Chris: lots of work for editors

> 
> 5. Other business
>

- none

> 
> 6. Adjourn
>

- Adjourned


-----------------------------------------------------------------------

Attendance of Voting Members:
  
  Frank Siebenlist Argonne National Lab
  Merlin Hughes Baltimore Technologies
  Peter Dapkus BEA
  Hal Lockhart BEA
  Symon Chang CommerceOne
  TJ Pannu ContentGuard
  Sam Wei Documentum
  Tim Moses Entrust
  Toshihiro Nishimura Fujitsu
  Irving Reid HP
  Jason Rouault HP
  Yutaka Kudo Hitachi
  Derek Fu IBM
  Maryann Hondo IBM
  Anthony Nadalin IBM
  Ron Williams IBM
  Bob Morgan Individual
  Paul Cotton Microsoft
  Vijay Gajjala Microsoft
  Chris Kaler Microsoft
  Ellen McDermott Microsoft
  Prateek Mishra Netegrity
  Frederick Hirsch Nokia
  Abbie Barbir Nortel
  Lloyd Burch Novell
  Howard Melman Novell
  Ed Reed Novell
  Charles Knouse Oblix
  Steve Anderson OpenNetwork
  Jerry Schwarz Oracle
  Eric Gravengaard Reactivity
  Rob Philpott RSA Security
  Martijn de Boer SAP
  Pete Wenzel SeeBeyond
  Yassir Elley Sun Microsystems
  Ronald Monzillo Sun Microsystems
  Don Adams TIBCO
  John Weiland US Navy
  Phillip Hallam-Baker VeriSign
    
    
Attendance of Observers or Prospective Members:

  Blake Dournaee Sarvega
  Kefeng Chen GeoTraust
  Richard Levinson Netegrity
  Coumara Radja Sarvega
  Paula Austel IBM
  Michael McIntosh IBM
  
  
Membership Status Changes:

  Peter Dapkus BEA - Returned from LOA 10/21/2003
  Shawn Sharp Cyclone Commerce - Lost status due to inactivity
  Rich Salz DataPower - Lost status due to inactivity
  Chris Kurt Microsoft - Lost status due to inactivity
  Mark O'Neill Vordel - Lost status due to inactivity
  Coumara Radja Sarvega - Requested membership 9/23/2003
  Kefeng Chen GeoTrust - Requested membership 10/1/2003
  Blake Dournaee Sarvega - Requested membership 10/8/2003
  Richard Levinson Netegrity - Requested membership 10/14/2003

--
Steve Anderson
OpenNetwork



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]