Correction to the Attendence list …
My name is missing from the attendance list:
Gene Thurston, AmberPoint
- Gene -
From: Weiland, John R.
NMIMC GS [mailto:JRWeiland@US.MED.NAVY.MIL]
Sent: Thursday, June 02, 2005
12:22 AM
To: 'Kelvin Lawrence';
wss@lists.oasis-open.org
Subject: [wss] Minutes WSS TC
5-31-2005
Tuesday May 31, 2005
Meeting called to Order Kelvin Lawrence,
IBM, presided as chair,
John Weiland, US Navy, was minute taker.
Attendance of Voting Members
Maneesh Sahu Actional Corporation
Hal Lockhart BEA Systems, Inc.
Steve Anderson BMC Software
Thomas DeMartini ContentGuard
Carolina
Canales-Valenzuela Ericsson
Dana Kaufman Forum Systems, Inc.
Toshihiro Nishimura Fujitsu Limited
Kefeng Chen GeoTrust
Hans Granqvist GeoTrust
Irving Reid Hewlett-Packard
Derek Fu IBM
Kelvin Lawrence
IBM
Mike McIntosh IBM
Anthony Nadalin IBM
Nataraj Nagaratnam IBM
Ron Williams IBM
Don Flinn Individual
Paul Cotton Microsoft Corporation
Vijay Gajjala Microsoft Corporation
Chris Kaler Microsoft Corporation
Jeff Hodges NeuStar, Inc.
Abbie Barbir Nortel
Vamsi Motukuru Oracle Corporation
Prateek Mishra Principal Identity
Martijn de Boer SAP
Blake Dournaee Sarvega
Coumara Radja Sarvega
Ronald Monzillo Sun Microsystems
Jan Alexander Systinet
Symon Chang TIBCO Software, Inc.
John Weiland US
Dept of the Navy
Attendance of Non-Voting Members
Denis Pilipchuk BEA
Membership Status Changes
Denis Pilipchuk BEA - Approved for membership 5/5/2005
Maryann Hondo IBM - Lost voting status after 5/31/2005 call
Kate Cherry Lockheed Martin - Lost voting status after 5/31/2005 call
30 in attendance out of 42. 22
are required for quorum.
No objections to approving minutes accepted
unanimously.
Issues List:
Pending Issues:
Status: Closed 357 - Need a Token Type URI in SAML token
profile - Pending for a couple of weeks,
no objections
raised.
Status: Closed 377 - xenc:Reference List SwA
comment
- Already in Draft 19, Frederick is out today.
Status: Closed 379 - Kerberos TP: Use Kerberos V GSS-API mechanism
- Already in Kerberos Token
Profile
Status: Closed 380 - Kerberos TP: Service principal
names
- Old comment from Hal, who is Ok with it.
380 381 and 382 changes rolled in and published prior to last call
Status: Closed 381 Kerberos TP: Session key negotiation and key
re-use
Status: Closed 382 Kerberos TP: Replay protection and mutual
authentication - Action to Vijay to reference other mutual authentication
related issue.
Status: Pending 384 Kerberos TP: Channel Binding - Tony has action to fold into
document and publish.
Status: Pending 385 Kerberos TP: References to obsolete
documents
- Already in latest revision
Status: Closed 386 + 387 Kerberos TP: Repeat symmetric encryption
requirement from Section 3.5 in Section 3.4? - Published prior to last meeting
both moved to closed
Status: Closed 388 Editorial Comments on Username Token
1.1
- Pending review for some time
Status: Closed 390 Section Numbering
issue
- Pending review for some time
Status: Closed 391 Tracking incorporation of SAML
2.0
- Action to follow-up with Ron Monzillo to SSTC
Status: Closed 392 URI error in Kerberos
Profile
- Published prior to last call closed with no objections
Open issues:
Status: Open 338 Proposed new work WSS
Templates - No Change
Status: Pending 364 SWA profile: Can XML attachments be XML canonicalized and
used in conjunction with SwA profile? - Requires review
Status: Pending 370 SWA profile: Add processing rules/guidance for SOAP and
MIME intermediaries - Requires review
Status: Open 378 Deprecating or otherwise superceding
documents -Kelvin and Paul Cotton will follow up for this TC, Hal will work
issue in stealth mode
Status: Closed 389 ID Clash case email sent on 17th some follow up emails
and discussions. Action to Editors to make change
-http://lists.oasis-open.org/archives/wss/200505/msg00082.html
Michael McIntosh wrote: Thu, 26 May
2005 09:05:15 -0400
Since every WSS implementation, regardless of what STs it supports, must know
that wsu:Id, xenc:*/ID, and ds:*/ID attributes are of ID type the
WSS Core can say:
The wsse:Security processing MUST check for duplicate values from among
the set of wsu:Id, xenc:*/ID, and ds:*/ID attributes.
The SAML Token Profile can say:
The wsse:Security processing MUST check for duplicate values from among
the set of wsu:Id, saml:AssertionID, xenc:*/ID, and ds:*/ID attributes.
Since we'd like the WSS processing to also
check any other ID values too, the
WSS Core can say:
The wsse:Security processing SHOULD check for duplicate values from among
the set of ID attributes that it is aware of.
The wsse:Security processing MUST generate a fault if a duplicate ID value
is detected.
Status: Open 393
URI error in Kerberos Profile Update Contributor's list - Action item for Hans
Status: Open 394 Interop document for SAML 2.0 - Ron
Monzillo can create proposal for scenario. Volunteers to create scenarios
can do so on the mailing list.
Status: Closed 395 Write a proposal on backward compatibility
closed proposal to not add to code. - Note sent out to TC by Gudge. Ron
raised a question about must generate to the mailing list inspired by this
issue. He wanted to be sure everyone was clear about the language being
proposed. Action was to produce proposal for addition to Core, but issues
were judged to be more informational rather than Normative. No
changes are to be made to Core, it will remain in the email archive.
Status: Open 396 Mutual auth in Kerberos - pending
follow up with Tony
Status: Pending 397 Editors to label SwA, Kerberos, UserName, X509, Core, Rel,
SAML 2.0 documents to 1.1 - in draft posted yesterday pending review.
Status: Pending 398 Missing /wsse:Security/@S11:MustUnderstand - in draft
posted yesterday pending review.
Status: Open 399 Recently discover WSS security threat
- Hal and Mike take for action a security consideration that highlights the
issue.
Status: Pending 400 Revisit of the proposed changes relating to EncryptedHeader
1653 through 1655 be removed pending assigned to editors
Document Status:
Will any of the seven documents be in votable status by next meeting? SwA
has no open issues, Kerberos has one open and one unknown, core has a couple of
small changes, and SAML was just posted. A formatting question was raised
as to whether the correct templates were used.
We expect to have a vote next meeting. June
14th. Vote will be done early in the meeting, if at all possible, in
consideration of TC members dialing in long distance from Amsterdam.
Kerberos:
No additional status IBM and Microsoft has had a successful interop,
issues were rolled into profile. Profile is ready pending any additional
interest from the mailing list. Vijay will post.
Meeting adjourned.
John R.
Weiland
Information Technology Specialist
GS 2210 (APPSW) Code 07
Navy Medicine OnLine
Naval Medical Information Mngmt Cntr
Bldg 27
8901 Wisconsin Ave
Bethesda, Md.
20889-5605
301-319-1159
JRWeiland@us.med.navy.mil
http://navymedicine.med.navy.mil
"GIVE
ME A PLACE TO STAND AND I WILL MOVE THE EARTH"
A remark of Archimedes quoted by Pappus
of Alexandria