[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: OASIS WS-Security TC Minutes, Jan 13, 2004
OASIS WS-Security TC Minutes, Jan 13, 2004 > 1. Call to order, roll call The meeting was called to order at 10:05am EST. Kelvin Lawrence and Chris Kaler were in the Chair. Paul Cotton acted as recording secretary for this meeting. Attendance of Voting Members Gene Thurston AmberPoint Frank Siebenlist Argonne National Lab Merlin Hughes Betrusted Peter Dapkus BEA Hal Lockhart BEA Symon Chang CommerceOne Thomas DeMartini ContentGuard Guillermo Lao ContentGuard TJ Pannu ContentGuard Sam Wei Documentum John Hughes Entegrity Toshihiro Nishimura Fujitsu Kefeng Chen GeoTrust Irving Reid HP Yutaka Kudo Hitachi Paula Austel IBM Derek Fu IBM Kelvin Lawrence IBM Anthony Nadalin IBM Nataraj Nagaratnam IBM Ron Williams IBM Don Flinn Individual Bob Morgan Individual Paul Cotton Microsoft Vijay Gajjala Microsoft Chris Kaler Microsoft Richard Levinson Netegrity Prateek Mishra Netegrity Frederick Hirsch Nokia Ed Reed Novell Charles Knouse Oblix Steve Anderson OpenNetwork Vipin Samar Oracle Jerry Schwarz Oracle Eric Gravengaard Reactivity Andrew Nash RSA Security Rob Philpott RSA Security Martijn de Boer SAP Blake Dournaee Sarvega Coumara Radja Sarvega Pete Wenzel SeeBeyond Jonathan Tourzan Sony Yassir Elley Sun Microsystems Jeff Hodges Sun Microsystems Ronald Monzillo Sun Microsystems Jan Alexander Systinet Don Adams TIBCO John Weiland US Navy Phillip Hallam-Baker VeriSign Attendance of Prospective Members and Observers Maryann Hondo IBM Ben Hammond RSA Security Senthil Sengodan Nokia Ramana Turlapati Oracle Mike McIntosh IBM Shawn Gunsolley Booz Allen Hamilton Mike Colon Booze Allen Hamilton Membership Status Changes Maryann Hondo IBM - Granted voting status after 1/13/2004 call Ben Hammond RSA Security - Granted voting status after 1/13/2004 call Kevin Lewis Documentum - Granted voting status after 1/13/2004 call Tim Alsop CyberSafe - Requested membership 12/16/2003 cyc cyc IBM - Requested membership 12/18/2003 Eleanor Robinson Individual - Requested membership 12/20/2003 Mike McIntosh IBM - Requested membership 1/12/2004 Shawn Gunsolley Booz Allen Hamilton - Requested membership 1/12/2004 David Orchard BEA Systems - Lost prospective status after 1/13/2004 call Jagdip Talla Crimson Logic - Lost prospective status after 1/13/2004 call Vijay Gajjala Microsoft - Returned from LOA 1/13/2004 Alan Geller Microsoft - Requested membership 1/13/2004 The meeting had 48 voting members present out of 54 which represents a quorum. > 2. Reading/approving minutes of last meeting (Dec 16th) [1] The minutes of the last meeting were adopted unanimously. > 3. Status of documents (Editors/all) Kelvin asked the Editors to review the status of the documents. Tony Nadalin outlined the status of the WS-Security Core and the User Name Token Profile. He thinks the most recent posting covers all the editorial comments up to late on Mon Jan 12 including the comment on HMAC. Tony also made editorial corrections to the X509 Token Profile in Phil's absence. The editors have not yet made the #### change in the URI's of the Namespaces and the document URLs since this information is not yet available from OASIS management. The Chairs will ensure this is taken care of if the documents progress today. Jerry Schwarz pointed out that he objected to the HMAC revised text. Tony indicated that the revised text is in Section 3.2 at line number 245 (merged version) in the User Name Token Profile. Jerry would prefer that we prohibit the use of key derivation algorithm instead of saying it is out of scope and application-specific. Irving (HP) agreed with Jerry. Ron M (Sun) also agreed. Blake D (Sarvega) originally brought up this point and stated that he felt it was a big interoperability problem. Blake D felt that having at least one solution would be best but saying it is out of scope is acceptable. Chris K pointed out that following this reasoning would suggest that the usage attribute should not be in the profile. Mike M (IBM) moved to accept the text on lines 245-248 of User Name Token Profile. Seconded by Blake D (Sarvega). Vote 1 YES Hal Lockhart BEA Guillermo Lao ContentGuard TJ Pannu ContentGuard Sam Wei Documentum Toshihiro Nishimura Fujitsu Yutaka Kudo Hitachi Paula Austel IBM Kelvin Lawrence IBM Anthony Nadalin IBM Nataraj Nagaratnam IBM Ron Williams IBM Paul Cotton Microsoft Vijay Gajjala Microsoft Chris Kaler Microsoft Frederick Hirsch Nokia Charles Knouse Oblix Steve Anderson OpenNetwork Blake Dournaee Sarvega Coumara Radja Sarvega Jonathan Tourzan Sony Vote 1 NO Merlin Hughes Betrusted Symon Chang CommerceOne Irving Reid HP Don Flinn Individual Bob Morgan Individual Prateek Mishra Netegrity Vipin Samar Oracle Jerry Schwarz Oracle Eric Gravengaard Reactivity Andrew Nash RSA Security Rob Philpott RSA Security Martijn de Boer SAP Pete Wenzel SeeBeyond Yassir Elley Sun Microsystems Jeff Hodges Sun Microsystems Ronald Monzillo Sun Microsystems Jan Alexander Systinet Vote 1 ABSTAIN Gene Thurston AmberPoint Thomas DeMartini ContentGuard John Hughes Entegrity Kefeng Chen GeoTrust Richard Levinson Netegrity Ed Reed Novell John Weiland US Navy Phillip Hallam-Baker VeriSig For: 20 Against: 17 Abstain: 8 Motion carries. Kelvin asked if there are any other issues outstanding. Chris K noted that Hal L was supposed to tell us if we needed to say anything about SOAP 1.2. Hal felt that this material was not necessary for progression. No one on the call disagreed. But Hal L pointed out that voting on a document that arrived last night is quite difficult due the large number of late changes. Ron M indicated that he had reviewed the Issues List and had difficulty determining how the document has been changed in relation to the status of the Issues List. Kelvin pointed out that the major technical changes were made in the Dec draft of the document and subsequent revised versions have had change bars and have been reflecting editorial changes. Ron's email of Jan 12 pointed to the following issues: >issue 13: Element ordering in security tag Ron pointed the meeting to lines 856-857 in the Core Spec which has been pointed to by several issues and these lines still appear in the spec. Issues 143 and 201 are related to this. Ron proposed to delete lines 856-857 which relate to key ordering. Tony indicated that these lines were indeed clarified in a previous edit. Tony pointed to the clarification in line 440 of the Core Spec (merged). Ron felt that this clarification was not applicable to his problem with lines 856-857. Tony pointed out that the ordering rules were indeed clarified. Hal suggested that lines 856-857 could say "use the correct order" instead of "alter the order". Ron subsequently agreed to leave this issue and no action was taken. >issue 62: versioning mechanism Chris K pointed out the solution was to version the document/namespace URIs. Ron was concerned about document versioning and runtime versioning. Chris K said that a new version of a token would be reflected in a new document and thus the new token would be identified by the document/namespace URI which is already versioned. This decision was made at the San Francisco F2F. Jerry asked where the User Name Token Profile demonstrates how the ValueType value is specified. Someone pointed to lines 239 in the User Name Token Profile which defines what the full URI is. Ron agreed that the versioning information is carried in the URI. >issue 173: "Examples use earlier versions of SOAP or early drafts of SOAP 1.2. Pass thru examples. Editors to make examples consistent with SOAP 1.1" Chris K: All the examples were made to be in SOAP 1.1. Hal L had an action to investigate whether we needed to say anything about SOAP 1.2 and the TC felt that this was not mandatory. Ron agreed that this issue was indeed resolved. >issue 187 from the W3C XMLP WG and referring to "Two <wsse:Security> header blocks MUST NOT have the same value for S:role." Tony indicated that this is clarified on line 430 of the WS-Security Core spec in response to Frederick's editorial comment. Chris K said we thought we had answered this by email that this rule is there to avoid an ordering problem. Ron agreed that this issue has indeed been resolved but he suggested that the TC needs to send response emails to XMLP and the WS-I BSP. Kelvin said that he had sent an email explaining what happened to comments on Nov 11 and Kelvin asked then and again if there were any deficiences in his response. [The meeting revisited this issue a second time.] Rob pointed to minutes of the Oct 21 2003 meeting that dealt with issue 187 which indicate that the Editor's were to add clarifying text. Ron indicated that he would prefer that the spec specifically mention why two header blocks MUST NOT have the same value for the S:role. Hal confirmed that this is indeed done to avoid any ordering problem. Hal agreed that we agreed to add some text here. >issue 189 the W3C XMLP WG asked how must compliant implementations declare the profiles they support? Did we answer this question? Chris: Yes we answered this question and the answer there is no required way to declare this. Ron agreed with this status. >issue 198, the W3C XMLP WG asked how section 6.4 qualifies as a framework? Ron felt this item could be skipped at this time. >issue 203 from the W3C XMLP WG asked whether "SOAP applications" is appropriately used in line 920, as this line is really talking about what a WSS implementation must do. Ron simply pointed out this issue. > issue 217 from W3C XMLP WG asked if a password equivalent should be password equivalent should be contained in a wsse:PasswordText or wsse:PasswordDigest typed Password element. Chris K indicated that text was added to clarify this question. You can indeed do either. Chris pointed to line 171 in the Core Spec. Kelvin pointed out that this change was made as a result of TC decision. > issue 183 commented on, "This document defines syntax and semantics of signatures within a <wsse:Security> element. No further change was requested although Ron suggested that the grammar of the change was not the best. >issue 207 from W3C XMLP WG - "Error handling: The specification should define the values of the Fault/Reason/Text, Fault/Code/Value and Fault/Code/Subcode/Value EIIs". Chris K pointed the meeting to lines 1488-1492 in the Core Spec. Ron agreed that this dealt with this issue and no further change was required. >other issues Ron asked if we were going to review the open issues with numbers 235 and higher. Issue 236 is resolved by a recent version since the offending sentence was deleted. Issue 237 is resolved by a recent version which removes the backpointer to the security token. Issue 238 was closed with no action. The meeting agreed that no text for SOAP 1.2 was required. Merlin proposed to resolve Issue 239 by ensuring that a X.509 issue serial element is wrapped in a X.509 data element because D-Sig was not going to make our requested change. Adopted unanimously and this changes the X.509 token profile. Issue 240 is already closed with the lastest version. Issue 241 (re restriction on timestamp) was dealt with on lines 1739 in the Core Spec but Tony agreed that a further change was required for the second half of the issue. > 4. Voting (as per previous e-mail) Chris proposed the following plan: a) Tues and Wed to review the current documents to ensure that normative text in the current documents correctly reflects decisions of the TC b) Thu new versions are available from the editors c) Fri we review new versions to ensure that any subsequent changes are correctly done. d) over the weekend the Editors produce a final spec e) next week the Chairs will set up 2 Kavi votes (adopt all three specs as CD and then to progress them) for a period of one week. Jerry suggested that anyone commenter should give explicit text for any Change they propose. Kelvin asked if there was any objection to having just two votes instead of six votes (adoption+progression by three documents). There was no objection to having just two votes on adoption and progression of the set of three specs. Kelvin requested implementers to send email to him noting that they have successfully used the specification. We will also need the IP statement clear per the OASIS rules. Kelvin will point the TC to the checklist of ten things that we must do when we have a positive vote to progress. See: http://www.oasis-open.org/committees/process.php#standard > 5. Issues list status/review See above discussion of Ron M's email on the issues list. > 6. Status of other profiles/interop planning etc Not discussed. > 7. Other business None. > 8. Adjournment The meeting adjourned at 12:00 noon EST. [1] http://lists.oasis-open.org/archives/wss/200312/msg00102.html Paul Cotton, Microsoft Canada 17 Eleanor Drive, Nepean, Ontario K2E 6A3 Tel: (613) 225-5445 Fax: (425) 936-7329 mailto:pcotton@microsoft.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]