Draft minutes 2 Nov 2004

[<Frederick.Hirsch@nokia.com>]

Draft Minutes for 2 Nov 2004 WSS call

Minutes taken by Frederick Hirsch
Draft 1

Call Date:  Tuesday, 02 November 2004
Time:  07:00am - 09:00am Pacific Time

Our thanks to Lockheed Martin for sponsoring this call

Agenda:
1. Call to order, roll call

Quorum reached.

2. Reading/approving minutes of last meeting (19th October 2004)
 http://www.oasis-open.org/archives/wss/200410/msg00066.html

Reposted with attendance list. Minutes approved without objection.

* Tony Updates on 1.1 proposals/edits, issue list review

Errata status - all further updates to 1.1, not errata. Errata complete
today.
282 - updated in 1.1 document, 
298 - made change in 1.1 in section 7.1 to clarify Hal's text
309 - did not see issue in core, need clarification on this, need
pointer to exact problem
84 - review text - cases where transform is not needed, do not want to
require use of transform always.
103 - updated in 1.1
310 - updated in 1.1
315 - changed in 1.1

Kelvin - Is 1.1 doc posted?
Tony - Not yet, will post soon. Will be merged with VJ's changes.

Tony requests clarification on 309. 

Hal offers to provide clarification on issue 309.

Hal will review 84.

3. Standard submission status 

Announcement went out for standardization for two profiles. Karl is
leaving OASIS end of this week, Mary McCrae is new staff contact.

4. Errata status 

Discussed in Tony update.

5. Other document status (SwA, Kerberos, 1.1 proposals/edits)

Frederick - SwA profile 13 draft out last week, minor changes. Please
give feedback
http://www.oasis-open.org/archives/wss/200410/msg00068.html

VJ Resolution text for issues 317, 318, 319 rolled into 1.1, already
posted, Tony incorporating in newest 1.1 draft

Kerberos interop will be handled by Gudge, please send comments on
scenarios document.

Ron - where are updates for each issue?
VJ - each is marked
Ron - which change bar for which issue
VJ - should be clear, issues are distinct


6. Issue list review 

Issue list Number 52,
http://www.oasis-open.org/apps/org/workgroup/wss/download.php/9897/wss-i
ssues-52.htm

84 - Hal/Tony to follow up 

250 - Ron sent email:
http://www.oasis-open.org/archives/wss/200411/msg00005.html
Proposal: Two different attributes - one to type token, other for type
reference. Also change name of ValueType
Please review before next meeting

263 - still open - Gudge action item

271 - Looking for someone to follow-up on this issue
Hal can encode domain in username, even though not standard. To do
completely would be difficult
Ron asks if member of Wells-Fargo in TC?
Kelvin - No
Marked as closed, not that username can include other attributes if
needed.

282, 298,  - Tony updated, leave marked as pending, people should review
update when Tony sends update to list

309 - Tony needs help finding issue in core. 
Token profile editors should review other token profiles to determine if
any action is required.

310 - pending, VJ sent out, needs review and feedback
Ron - should this issue be on X.509 token profile
VJ - we had discussed having this in core as a general mechanism

315 - Tony updated, pending, needs review and feedback

317 - open
Hal - leave open, sent email regarding this.
http://www.oasis-open.org/archives/wss/200410/msg00069.html
Requires further discussion on list
AI - Hal and VJ to discuss and propose text

318, 319 - pending, VJ sent out, needs review and feedback

330 - leave pending, editorial changes to be incorporated by editors

331, 332 - open, assign to editors (Tony)

333 closed
Resolved in both scenarios and SwA profile.

334 open, Ron to propose text before next WSS call (16 Nov)

Ron sent message -
http://www.oasis-open.org/archives/wss/200411/msg00003.html
Proposal is to anticipate SAML 2.0 attribute by adding another
AssertionID, which has different namespace.
Should add both for SAML 1.1 and SAML 2.0.

Ron - proposed as errata for 1.1
Paul - ok with that, but not earlier

Already agreed to add 1.1 attribute, now deciding whether to add 2.0 as
well. Ron draft specific text to enable vote on this.

336 - closed
Frederick - Changed in draft 13 of SwA profile.

337 - closed
Addressed in scenarios document

338 - open
WSS Templates proposal

Hal - define set of specific message exchanges to be reviewed for
security issues.
Would like TC to accept this as work item

Frederick - is this a charter change

Hal - completely consistent, yet charter lists deliverables, so might
need to change list of deliverables for charter.

Paul Cotton - looked at minutes of first F2F, made list of other
possible deliverables, decided on concrete deliverables for TC, amended
charter, charter specifies only normative deliverables, others were
postponed. Not clear whether this requires charter change, but perhaps
intent was to limit charter to normative deliverables

Hal - this proposed work is non-normative

Paul - question about adding work to work plan until other work is done,
concern about slowing 1.1 work impacting WS-I Basic Security Profile
work. Additional issue of transition to new IPR policy, prefer
completion of technical work before transition. Not in scope of charter
right now, concerned about IPR. 

Kelvin - decision of TC, yet need to determine priorities, including
profiles to complete

Hal - not sure what is holding up Minimalist profile. Kerberos and SwA
are almost done, in interop. Concerned about risks regarding insecure
applications.

Ron - do this in context of existing profiles, which describe their
vulnerabilities already, are we already doing this?

Frederick - questions similarity to WS-I Basic Security Profile
scenarios document

Hal - related but does not profile detailed templates for message
content, more detailed level of detail.
Have produced draft.

Don Flynn - Sounds like non-normative primer.

Hal - template should only work on completed work, but yes resourcing
might be an issue.

Don - should be separate document, not hold up other work.

Hal - looking for resolution whether it should be done in this TC

John Weiland - ebXML is doing something similar?
Hal - less specific, and more high level. Could be good source of
requirements

Ron - Why profiling efforts that are already occurring isn't useful

Hal - concern is that engineers don't have enough guidance

Ron - asked whether BSP profiles completed

Hal - WS-I focus has been on interoperability

Ron - questions whether profiles are template activity or need for
independent activity

Don - possible interactions among profiles

Hal - clarify WSS Profiles and WS-I basic security profile (BSP)

Ron - thought BSP was mapping security to exchange pattern 

Frederick - WS-I security scenarios document

Hal - not as much detail, not on current WS-I BSP plan.

Hal - propose we discuss on next WSS call

Issue still open, TC members need to review and discuss with colleagues,
need to decide at later meeting

Paul - Microsoft will need more than 2 weeks
Frederick - agree that time is needed for review

Kelvin - Hal will work on it, answer questions

Hal - any objection to Hal continuing work, posting material to list

Paul - no objection

Kelvin - using list for discussion is ok, as long as consistent with IPR
policy

339 - open,
http://lists.oasis-open.org/archives/wss/200410/msg00067.html
Proposal to add pkipath reference for X.509 token profile 1.1, not an
errata item. URL and copy of document to create reference were provided
in email. 

Action item on editors to update X.509 token profile.

7. SwA interop summary 

Blake - 4 participants, Actional, Sun, IBM, Oracle participated. 4
scenarios, interop for 1st three, last scenarios added later so not
everyone could implement. 

Send summary to list:

Sent issues list:
http://www.oasis-open.org/archives/wss/200411/msg00004.html

Frederick - Action item to send mail listing issues and impact related
to SwA profile.

Maneesh from Actional noted some issues, 

Action item to post to list these issues


8. Interop planning status (SwA2, Kerberos) 

SwA2 - Scheduled for 15 Nov for second interop

Gudge - Scenarios document to list, please post comments and corrections
to list. Gudge is running interop.

9. Other business 

None

10. Adjournment