repost of Minutes of June 15 WSS TC meeting with attendance

[Paula K Austel <pka@us.ibm.com>]

Minutes of June 15 WSS TC meeting 
Paula Austel,IBM recording minutes 

1. Call to order, roll call 
Attendance information from Steve Anderson

Attendance of Voting Members
 
  Gene Thurston AmberPoint
  Frank Siebenlist Argonne National Lab
  Merlin Hughes Betrusted
  Peter Dapkus BEA
  Hal Lockhart BEA
  Corinna Witt BEA
  Steven Lewis Booz Allen Hamilton
  Symon Chang CommerceOne
  Davanum Srinivas CA
  Thomas DeMartini ContentGuard
  Guillermo Lao ContentGuard
  TJ Pannu ContentGuard
  Sam Wei Documentum
  Tim Moses Entrust
  Dana Kaufman Forum Systems
  Toshihiro Nishimura Fujitsu
  Kefeng Chen GeoTrust
  Irving Reid HP
  Kojiro Nakayama Hitachi
  Paula Austel IBM
  Derek Fu IBM
  Kelvin Lawrence IBM
  Mike McIntosh IBM
  Nataraj Nagaratnam IBM
  Ron Williams IBM
  Don Flinn Individual
  Bob Morgan Individual
  Kate Cherry Lockheed Martin
  Paul Cotton Microsoft
  Alan Geller Microsoft
  Chris Kaler Microsoft
  Ellen McDermott Microsoft
  Richard Levinson Netegrity
  Prateek Mishra Netegrity
  Frederick Hirsch Nokia
  Abbie Barbir Nortel
  Lloyd Burch Novell
  Charles Knouse Oblix
  Steve Anderson OpenNetwork
  Ramana Turlapati Oracle
  Ben Hammond RSA Security
  Rob Philpott RSA Security
  Martijn de Boer SAP
  Coumara Radja Sarvega
  Pete Wenzel SeeBeyond
  Jeff Hodges Sun Microsystems
  Ronald Monzillo Sun Microsystems
  Phillip Hallam-Baker VeriSign
  Maneesh Sahu Westbridge Technology
  
    
Attendance of Prospective Members
 
  Konstantin Shmakov BEA
  Senthil Sengodan Nokia
 

Membership Status Changes
 
  Yutaka Kudo Hitachi - Withdrew
6/2/2004
  Eric Gravengaard Reactivity - Withdrew 6/3/2004
  Konstantin Shmakov BEA - Granted voting status after 6/15/2004 call
  Senthil Sengodan Nokia - Granted voting status after 6/15/2004 call

2. Reading/approving minutes of last meeting (June 1st)
Meeting minutes approved. 

3. CD Vote on "REL Token Profile" results. 
Kelvin reviewed results. 
There were questions about whether the vote closed early. Kelvin checked
with Karl Best and he didn't see any problems. OASIS staff believes the
tool is working. Reflector seems to be working slowly.
Voting results were: 
44 yes, 1 no, 2 abstain 
47/61 voted 
44 is more than required 2/3 
Vote passed. 
We now have a committee draft, need to get the draft circulating more widely.
Hal: Need a vote to go to public review. Should we wait for SAML profile
to be ready? 
Review SAML interop first before making decision about public drafts.
Paul Cotton: Since REL is a committee draft he has sent document to WS-I
BSP to review. Working group would prefer that TC does not wait for SAML
profile before approving this for public comment. 
Hal: Document is already public (unlike WS-I) but public review is a separate
issue. 
Rob: Easier to get vote if we batch documents together.
Kelvin: We might confuse people if we have too many small releases.
Wait 2 weeks to decide on making REL profile available for public review
(document is already public and can be viewed by non-TC members)
Paul Cotton: Would like to see public review period soon.   

4. SAML interop status 
Results posted to the list: http://lists.oasis-open.org/archives/wss/200406/msg00044.html
Chris: Vijay is traveling but looks like interop was great success. Almost
everything worked. We have 3 vendors with implementations that are interoping.
We seem to be ready for a vote on a committee draft for SAML.
Kelvin: are there still some concerns listed in email or have they all
been addressed. 
Ron: There are some issues that reflect on core document. Value type for
encoding. In SAML profile Value type is string encoded. Core requires base64
encoding. Incompatibility there. Core doesn't offer enough options. Would
prefer not to change the SAML profile. This refers to the KeyIdentifier
inside a security token reference. 
Hal: Inconsistencies between X509 token profile and mandates of core spec.
Unambiguous reference to a token. If we are looking at revisions to SAML
profile then we should reconsider X509 profile too. 
ACTION: Open a new issue to handle this. 
Paula/Tony: There are some outstanding issues from IBM that need to be
posted to the list. Interop took 3 weeks and some issues are still being
resovled. 
Rich: All problems that came up in interop have been dealt with. Would
like to understand the issues from IBM. 
ACTION: All interop issues that have not been addressed MUST be posted
to the list by end of day next Tuesday (June 22). 


5. Errata status and review 
The errata was lost and is being reconstructed.
6. Status of other profiles (SAML, XrML, Kerberos) 
Alan Geller has volunteered to take over the Kerberos interop.
7. Issues list review   
Issue 277: 
Issue 283 post: 
http://lists.oasis-open.org/archives/wss/200406/msg00028.html
Hal 277 and 283 are the same issue. Close them both. 
Issue 282 (Password based key derviation): (Hal) need to provide more detailed
text. No objections to current proposal. 
Issue 285: (Attachments Profile - Frederick) New draft of transform document.
http://www.oasis-open.org/apps/org/workgroup/wss/download.php/7236/wss-swa-profile-1.0-draft-04-diff.pdf
Added new transforms and incorporated comments so far. People should review
the draft. Need to move this forward as a profile. 
Mike: Not sure about insertion and deletion - how does the new transform
effect that? If I sign every part, I have the same protection. The new
transform protects reordering. 
Frederick: we should look at the draft. 

8. Discussion of attachments proposal 
Martin G.: XML encryption intended for XML data. When we use this for binary
data should there be a warning that data should not be parsed after it
has been decrypted? 
Frederick: Issue of content ID and content location.
Should you decouple canonicalization from transform? 
Frederick: mime canonicalization versus xml canoncalization - we should
take this discussion to the list. 
9 . Pending OASIS public events & demo opportunities (FYI and discussion)
[2] 
10 . Other business 
11 . Adjournment 
At 11:00am 



----------------------------------------------------------
Paula K. Austel
Web Services Security
IBM T.J. Watson Research Center
(914)784-5025
Tieline 863-5025