[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: OASSIS WS-Security TC Minutes, February 10, 2004
Agenda 1. Call to order, roll call 2. Reading / approving minutes of last meeting (January 27th) 3. Submission status 4. Issues list review 5. Status of other profiles / interop planning etc 6. Discuss possible New Orleans F2F (not much feedback on the list) 7. Other business 8. Adjournment 1. The meeting was called to order 10:15 AM, Chris Kaler was in the Chair, Kelvin Lawrence arrived later due to illness. John R. Weiland, US Navy, acted as recording secretary for this meeting. Steve Anderson did Roll Call: Attendance of voting members Gene Thurston AmberPoint Frank Siebenlist Argonne National Lab Peter Dapkus BEA Symon Chang CommerceOne Davanum Srinivas CA Thomas DeMartini ContentGuard TJ Pannu ContentGuard Sam Wei Documentum John Hughes Entegrity Toshihiro Nishimura Fujitsu Kefeng Chen GeoTrust Irving Reid HP Jason Rouault HP Yutaka Kudo Hitachi Paula Austel IBM Kelvin Lawrence IBM Anthony Nadalin IBM Nataraj Nagaratnam IBM Don Flinn Individual Bob Morgan Individual Paul Cotton Microsoft Vijay Gajjala Microsoft Chris Kaler Microsoft Ellen McDermott Microsoft John Shewchuk Microsoft Richard Levinson Netegrity Prateek Mishra Netegrity Frederick Hirsch Nokia Abbie Barbir Nortel Lloyd Burch Novell Ed Reed Novell Charles Knouse Oblix Steve Anderson OpenNetwork Vipin Samar Oracle Ramana Turlapati Oracle Eric Gravengaard Reactivity Rob Philpott RSA Security Martijn de Boer SAP Blake Dournaee Sarvega Pete Wenzel SeeBeyond Jonathan Tourzan Sony Yassir Elley Sun Microsystems Jeff Hodges Sun Microsystems Ronald Monzillo Sun Microsystems Don Adams TIBCO John Weiland US Navy Phillip Hallam-Baker VeriSign Attendance of prospective members or observers Mike McIntosh IBM Alan Geller Microsoft Corinna Witt BEA Senthil Sengodan Nokia Membership status changes Mike McIntosh IBM - Granted voting status after 2/10/2004 call Shawn Gunsolley Booz Allen Hamilton - Lost prospective status after 2/10/2004 call Joe Barbush Novell - Lost prospective status after 2/10/2004 call Kevin Lewis Documentum - Lost voting status after 2/10/2004 call John Killian Booz Allen Hamilton - Requested membership 1/29/2004 Maneesh Sahu Individual - Requested membership 2/5/2004 Corinna Witt BEA - Requested membership 2/9/2004 45 out of 60 were present at beginning of meeting, quorum achieved. 2. Reading and approving Jan 27 minutes: NO objections. Minutes approved. 3. Mission Status. Document for submission on the 15th Posted by Kelvin. Edits made and revised, ready to go end of week. No comments from TC. Thanks for Hard work and testimonials. 4. Issues List 33 posted by Vijay Gaijala 244, 247 - Pending - Updates to the Kerberos Profile. Chris working with Philip to get that back in shape based on the new URL revisions. 234 - Closed - Ron Clarify SAML requirements in SAML profile - which version of SAML Martijn de Boer has editorial change. Action to track this. 254 Comments on core spec - Tony Nadalin compiling list of errata, this will be added. Chris and Kelvin Spoke to Karl Best, proposed appendix to end of document, assuming all the votes go through, labeled as a non normative errata not subject to review but has some errata considerations. Paul Cotton asks will we have to create a new copy of whole document for addition of errata. URL to website with dynamic errata list suggested. Ron Monzillo asked if we will publish errata with document for final standardization vote. Appendix would be published that identifies errata as not being voted on with spec, errata in progress. John Weiland mentions that W3C has current, latest and errata links on web site. Errata mostly contains editorial comments received after vote, no normative changes. Ron Monzillo is concerned the errata's existence will not be known. 256 STR attributes not protected - Issue Split one Pending, one Postponed - Mike McIntosh - came from Hal - when dereferencing transform is used, on a security token reference, you replace the entire security token reference and you not sign any usage attributes that are on the security token reference itself. Ron Monzillo clarifies - Reference in signedinfo to an STR with a transform on STR, bites that go into the input stream of the digest are only the bites of token not attribute of the STR. Mike saw the solution as Signing twice, with dereferencing transform and without, was suggested Ron mentioned the inverse case when you have an embedded token should we use the STR and said no. Should we use the deferencing transform on an embedded STR because attributes would be lost. Ron thinks the dereferencing transform should not be written the way it is, Don Flinn commented last meeting dereferencing transform should include the bites of the STR and the Token and there would never be this complexity. Mike's workaround is OK if everyone uses it. Usage and other supporting attributes could be important. SAML uses location and binding. Issue split one marked pending and added to errata of security considerations, one marked postponed, for addressing in future version. 258 Closed duplicate of 254. 259, 260 editorial changes pending add to errata. 261 How do we handle the sender voucher scenario for SAML - Don Flinn mentions that impersonation is not delegation, client control is necessary of which delegatee accepts delegation, and restrictions on what delegatee can do. Ron said we are not attempting delegation in this profile. Invocation subject difficult to determine in high level bits, not well defined. Richard Levinson agrees Sender vouchers are not quite handled properly. One sender voucher scenario mushroomed into set of four distinct use cases with separate intermediary in SAML assertion authority, subject deals with intermediary and recipient can either trust intermediary of authority, or both in varying degrees. Don and Ron have use cases that try to stay away from these complexities. Issue of where the keyinfo is pointing to the web services signature. In Ron's use case the keyinfo appears to be under the subject confirmation element in the sender voucher assertion, that may violate the SAML core spec that states the keyinfo subject confirmation should represent the key held by the subject, not the attester. Ron believes the SAML core spec should be changed, Rich thinks a compromise can be reached without changing the core spec. Rich Levinson suggests Security consideration or non normative statement is needed concerning impersonation versus delegation to prevent confusion. Issue still Open. Ronald Monzillo, Richard Levinson, Rob Philpot and BoB Morgan will work impersonation issue on SAML TC List. 262 - similar sender voucher comments on interop comments - closed - document ok until SAML discussions require change. 263 - Open enumerations post v1 review period - postponed - Chris Kaler mentioned there was a great discussion on list, Irving Reid says, as Eve Mahler pointed out, there is dead code in schema. There is a piece of definition there that nothing else in the schema links to, not used in verification. list should be put in normative text rather than schema. issue postponed. 5. Status of other profiles / interop planning etc Best time to run a virtual interop was discusses. Interop will be a rerun of the previous interop tests against the latest schema, giving participants a chance to check their latest implementations against the spec. Last week of February was not good, due to conflict with RSA conference. 1 - 5 of March, was OK, pending objections from email thread. SAML and Xrml profile interop may be 5th through 8th of April, pending objections from email thread. 6. Discuss possible New Orleans F2F (not much feedback on the list) Chris suspects the issues before the TC does not warrant a F2F. 7. Other Business: None Final role check and end of meeting 1054 AM. Meeting adjourned. Very Respectfully, John R. Weiland Information Technology Specialist GS 2210 (APPSW) Code 38 Naval Medicine OnLine Naval Medical Information Mngmt Cntr Bldg 27 8901 Wisconsin Ave Bethesda, Md. 20889-5605 301-319-1159 JRWeiland@us.med.navy.mil http://nmo.navy.mil/ "GIVE ME A PLACE TO STAND AND I WILL MOVE THE EARTH" A remark of Archimedes quoted by Pappus of Alexandria
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]