OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: OASIS WS-Security TC Minutes, April 6th, 2004

1.  Call to order, roll call
2.  Reading / approving minutes of last meeting (March 30, 2004)
3.  OASIS vote on spec
4.  Issues list review
5.  Interops
6.  Other business
7.  Adjournment

1.  meeting was called to order 10:25 AM, Kelvin Lawrence and Chris Kaler
were in the Chair.  John R. Weiland, US Navy, acted as recording secretary
for this meeting.

Steve Anderson did Roll Call:
Attendance of voting members

48 out of 58 in attendance, quorum achieved.

Attendance of Voting Members  

  Merlin Hughes Betrusted
  Hal Lockhart BEA
  Symon Chang CommerceOne
  Davanum Srinivas CA
  Thomas DeMartini ContentGuard
  Guillermo Lao ContentGuard
  TJ Pannu ContentGuard
  Sam Wei Documentum
  John Hughes Entegrity
  Tim Moses Entrust
  Toshihiro Nishimura Fujitsu
  Kefeng Chen GeoTrust
  Irving Reid HP
  Jason Rouault HP
  Yutaka Kudo Hitachi
  Paula Austel IBM
  Derek Fu IBM
  Maryann Hondo IBM
  Kelvin Lawrence IBM
  Mike McIntosh IBM
  Anthony Nadalin IBM
  Nataraj Nagaratnam IBM
  Ron Williams IBM
  Don Flinn Individual
  Bob Morgan Individual
  Paul Cotton Microsoft
  Vijay Gajjala Microsoft
  Alan Geller Microsoft
  Chris Kaler Microsoft
  Ellen McDermott Microsoft
  John Shewchuk Microsoft
  Richard Levinson Netegrity
  Prateek Mishra Netegrity
  Frederick Hirsch Nokia
  Abbie Barbir Nortel
  Lloyd Burch Novell
  Charles Knouse Oblix
  Steve Anderson OpenNetwork
  Ramana Turlapati Oracle
  Ben Hammond RSA Security
  Andrew Nash RSA Security
  Martijn de Boer SAP
  Blake Dournaee Sarvega
  Coumara Radja Sarvega
  Pete Wenzel SeeBeyond
  Yassir Elley Sun Microsystems
  Jeff Hodges Sun Microsystems
  Ronald Monzillo Sun Microsystems
  Jan Alexander Systinet
  John Weiland US Navy
Attendance of Prospective Members and Observers

  Maneesh Sahu Westbridge Technology
  Steven Lewis Booz Allen Hamilton
  Corinna Witt BEA
  Don Adams TIBCO

Membership Status Changes

  Senthil Sengodan Nokia - Granted voting status after 4/6/2004 concall

Steve Anderson

Meeting was delayed due to *7 pressed in error which locks the conference
call, members were routed to sub conference and then combined when problem
was remedied.  Roll to be called again at end of meeting to register those
who were unable to gain admittance to the conference in a timely manner.

2.  Reading and approving March 30, 2004 minutes.  Minutes accepted
unanimously with no objections.  

3.  Kelvin Lawrence addressed agenda item 3, to discuss the vote and
hopefully close the one loose end on the vote. Vote closed March 31, 2004
official results are as follows:  364 members 77 yes 1 no 22% of total,
characterized as Pretty good results for an OASIS member vote for a
specification with such a diverse nature.  

The order of business this morning is to address the no vote. OASIS
procedures state if there are any no votes, the OASIS staff will contact the
TC chairs which Karl Best has done.  The TC is asked to take a position and
communicate back to the staff.  We are asked to look at the ballot,
understand the no vote and then get back to OASIS staff with our position.
This should not be too difficult because emails we have seen from Yutaka
Kudo (Hitachi) has clarified quite a bit his position.  Kelvin thought that
Mr. Kudo's email stated that his intent was not to hold up the vote, but to
make a point of some things that need to get clarified as soon as possible.
Mr. Kudo confirmed this, and mentioned his issues with the URI in the spec
document particularly the URI for the type attribute such as value type and
encoding type attribute.  The URIs are in the form of URI fragments but the
base URI for these fragments are not clear.  During the 3rd interop testing
some company's implementations failed to operate due to misunderstanding of
URI value.  Mr. Kudo wishes to discuss this because it is an important issue
in the specification.

Kelvin confirms Mr. Kudo's intention not to hold up the spec and called on
the TC to decide how we will formally take a position.  Kelvin suggests a
motion that we write the OASIS staff we plan for the spec to proceed as is
and address the issue in errata.  Kelvin asks for a motion.  Hal Lockhart so
moved, Irving Reid seconds.  Hal suggests the wording that the TC votes to
accept the specifications as an OASIS standard.  Irving states that we
should inform OASIS that we will address the issues as errata, Hal agreed.

Definition, or statement was clarified as informing OASIS that the TC has
voted to move forward with publication and the issue addressed in errata and
incorporated in subsequent versions.

Chris confirms that a motion is on the floor, Kelvin asks for anyone who
missed the original roll call to speak up to be counted in the vote.

Irving Reid asks whether the definition should be more precise, and include
exactly what our response is.  Hal brings up comments on ballot that only
voting members can see. (he attempts to find them but later we find that the
comments accompany yes votes and also get included in errata).  Kelvin
states the no vote on the ballot did not contain comments, he approached the
Hitachi representative to clarify as did Karl Best. 

Kelvin intends to inform the OASIS staff:
1.  That we proceed with publication of the spec.
2.  TC will do something with spec update in future or errata and work on
the issues raised.  
3.  Discussed the issue with the representative and ensure his issues are
addressed in the appropriate manner.

Vote is called.  Quorum is confirmed. Kelvin asks for objections, no
response.  Carried unanimously, no objections made.

Kelvin proposed to raise this in issues list.  Ron Monzillo states "Kudo -
san's email has a concrete proposal of how to deal with this and that it be
pasted into issues list."

Hal then finds the comments that were from Wells Fargo, accompanying a yes

Chris Kaler mentions that Karl Best had indicated a change about errata.
The OASIS staff does not want the errata in the document, but are perfectly
fine with front page of the final spec having a statement about
non-normative errata and providing a URL. 

Chris Kaler asks the editors to provide a quick update on the compilation of
the errata:

Tony has errata compiled, but needs to understand when all errata will be
compiled for publishing once.  A formal document, rather than a list of
items, takes a couple of days.  Are there other issues that we need to close
prior to publishing?

Paul Cotton asks Tony if he proposes batching of errata rather than a one by
one basis.  Tony asks before pushing out what our decisions will be.  Hal
We ask Tony to assemble the current errata to a document and vote to accept
it after being posted to the list. Future updates can be decided.  

Motion Tony be directed to assemble errata into document and be voted on in
two weeks.  No objections, carried unanimously.  Vote will not hold up
release of spec.

Paul Cotton suggests format used in XACML spec.

Agenda item 4 - Issues list and status of other profiles.
266, 267, 268 still open.

266, 267 comments on SAML profile.  Ron Monzillo will send updated profile

266 - Ron thought Manesh's issues were addressed in email.  Manesh concurs
issue closed.

267 - SAML interop document. Rich Levenson author of SAML interop document,
is waiting for any new issues prior to issuing a new version.  Waiting on
Ron's updated SAML profile.

268 - How do we secure SOAP attachments?  Martijn de Boer thought this was
postponed, Chris Kaler confirms that this was postponed at the San Francisco
F2F interop.  Mr. De Boer has written some emails concerning this issue and
thought Frederick had also.  When are we going to address these issues?  How
should we prioritize the work?  

Kerberos profile will have a draft posted in the next 24 hours.  When to
fold in errata so we have that stuff integrated while we have it all fresh
in our minds.

Hal suggests chair compile list of postponed issues, the members can then
prioritize them.  Hal, who can see the voting members comments made in the
nature of errata.  The comments include doing SAML, and public comments made
to list on Missed qname in x509, and incorrect reference into xml

Agenda item #5 General interop final status.  
Great interop, final results of all test boxes, 89% - 99% passed.  1 vendor
had interop problems.  Endpoints still hosted, testing continues.  Rich
levinson requests a list of endpoints.  Chris needs to keep confidential,
but will compile list for interop thread.  Chris will call for any
additional updates to summary interop document.

Vijay Gajjala gives status on XRML and SAML virtual interops.  XRML will
take place on the 10th of May, SAML on the 17th of May.  6 companies will do
SAML, 2 will do both.  Feedback requested.

Other Business:

TJ Pannu has a new version of the XRML document containing editorial
comments, requests feedback.

Ron was curious about several emails about identity assertion from the BSP,
related to impersonation, identity propagation was term used.  Identity
propagation with username token was an item on the BSP agenda.  What was the
status of issue and should it be taken up in the WSS?

Ramana Turlapati, from Oracle, posted issue to BSP, Jerry Schwartz had
action item to address to the BSP.  Ramana summarized the issue, BSP asked
in absence of SAML like mechanisms can we use a simple username token to
propagate identity in cases like a portal application trying to propagate to
a web service.  How would I use and sign a username token without a
password?  Should I sign it?  Response from Ron Monzillo, and Mike McIntosh
from IBM, was this can be done but issue was interoperability.  The token
would be signed in a certain way and there should be a profile for that
usage.  Ron thought the profile should be included in the username token
binding document, Hal disagreed.  Hal's point was that there are dozens, or
more different kinds of ways to use the mechanisms in WSS that have no
official assigned semantics one instance is binary security token used when
the server is responding with encryption, the key implied by that.  BSP
could say there should be particular semantics, however WSS does define
semantics for many mechanisms.  Why do this particular one?  Ron thinks we
have the binding of security tokens to messages as the principle signature
use in this model. Hal says we have general guidance, but have not defined
when it's use is required.  Ron says the issue is whether the signer is the
authoritative for the message or the username identified in the token
binding.  Every time we bind a token we have to identify is it the binding
mechanism we identifies what identities or claims bound or is it the token
bound that identifies the claim.  In X509, for example, to sign a message we
are binding the claim, it seems to be the next natural extension to that to
say we are binding claims in a token using another token.

Don Flinn thought we were getting into delegation, Ron disagrees claiming
impersonation.  Hal agrees with Don if it is outside of web services. 

Ron puts forward a business intermediate model where x contacts y and uses
one of our mechanisms to establish identity but y can't sign as x, so signs
as itself and presents x's identity to z.  The ability of the intermediate,
in this case to impersonate the caller.

Ramana mentions that WSRP was looking for some way to propagate identity
from mid tier to WSRP portlet.  That was the origination of the use case.

Hal thinks that if it is wired into the spec that everyone will have to use
it the same way.  Ron found that hard to disagree with but sees benefit in a
process that defines one security token that vouches for another.  Similar
to the SAML model applied to the X509 certificate.

The proposal is to use the model, similar to this one, in the sender voucher
profile be used in all profiles.

Hal says Tony should propose the change for discussion.  Kelvin proposes
this be taken to the list.

Chris Kaler asks for other issues.  Anyone who missed the role call was
asked to speak up.

Kelvin will send the response to Karl Best and copy list.

1120 Chris Motions to adjourn Tony seconds.

Very Respectfully,

John R. Weiland
Information Technology Specialist 
GS 2210 (APPSW) Code 38 Naval Medicine OnLine

Naval Medical Information Mngmt Cntr
Bldg 27
8901 Wisconsin Ave
Bethesda, Md. 20889-5605

A remark of Archimedes quoted by Pappus of Alexandria

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]