[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes WSS TC 5-31-2005 / corrected 6-2-2005
Respectfully resubmitted with the following corrections:
Added Gene Thurston from Amber Point in attendance and corrected Hans Granqvist affiliation from Geo Trust to Verisign.
Tuesday May 31, 2005
Meeting called to Order
Kelvin Lawrence, IBM, presided as chair,
John Weiland, US Navy, was minute taker.
Attendance of Voting Members
Gene Thurston AmberPoint
Maneesh Sahu Actional Corporation
Hal Lockhart BEA Systems, Inc.
Steve Anderson BMC Software
Thomas DeMartini ContentGuard
Carolina Canales-Valenzuela Ericsson
Dana Kaufman Forum Systems, Inc.
Toshihiro Nishimura Fujitsu Limited
Kefeng Chen GeoTrust
Hans Granqvist Verisign
Irving Reid Hewlett-Packard
Derek Fu IBM
Kelvin Lawrence IBM
Mike McIntosh IBM
Anthony Nadalin IBM
Nataraj Nagaratnam IBM
Ron Williams IBM
Don Flinn Individual
Paul Cotton Microsoft Corporation
Vijay Gajjala Microsoft Corporation
Chris Kaler Microsoft Corporation
Jeff Hodges NeuStar, Inc.
Abbie Barbir Nortel
Vamsi Motukuru Oracle Corporation
Prateek Mishra Principal Identity
Martijn de Boer SAP
Blake Dournaee Sarvega
Coumara Radja Sarvega
Ronald Monzillo Sun Microsystems
Jan Alexander Systinet
Symon Chang TIBCO Software, Inc.
John Weiland US Dept of the Navy
Attendance of Non-Voting Members
Denis Pilipchuk BEA
Membership Status Changes
Denis Pilipchuk BEA - Approved for membership 5/5/2005
Maryann Hondo IBM - Lost voting status after 5/31/2005 call
Kate Cherry Lockheed Martin - Lost voting status after 5/31/2005 call
30 in attendance out of 42. 22 are required for quorum.
No objections to approving minutes accepted unanimously.
Issues List:
Pending Issues:
Status: Closed 357 - Need a Token Type URI in SAML token profile - Pending for a couple of weeks, no objections raised.
Status: Closed 377 - xenc:Reference List SwA comment - Already in Draft 19, Frederick is out today.
Status: Closed 379 - Kerberos TP: Use Kerberos V GSS-API mechanism - Already in Kerberos Token Profile
Status: Closed 380 - Kerberos TP: Service principal names - Old comment from Hal, who is Ok with it.
380 381 and 382 changes rolled in and published prior to last call
Status: Closed 381 Kerberos TP: Session key negotiation and key re-use
Status: Closed 382 Kerberos TP: Replay protection and mutual authentication - Action to Vijay to reference other mutual authentication related issue.
Status: Pending 384 Kerberos TP: Channel Binding - Tony has action to fold into document and publish.
Status: Pending 385 Kerberos TP: References to obsolete documents - Already in latest revision
Status: Closed 386 + 387 Kerberos TP: Repeat symmetric encryption requirement from Section 3.5 in Section 3.4? - Published prior to last meeting both moved to closed
Status: Closed 388 Editorial Comments on Username Token 1.1 - Pending review for some time
Status: Closed 390 Section Numbering issue - Pending review for some time
Status: Closed 391 Tracking incorporation of SAML 2.0 - Action to follow-up with Ron Monzillo to SSTC
Status: Closed 392 URI error in Kerberos Profile - Published prior to last call closed with no objections
Open issues:
Status: Open 338 Proposed new work WSS Templates - No Change
Status: Pending 364 SWA profile: Can XML attachments be XML canonicalized and used in conjunction with SwA profile? - Requires review
Status: Pending 370 SWA profile: Add processing rules/guidance for SOAP and MIME intermediaries - Requires review
Status: Open 378 Deprecating or otherwise superceding documents -Kelvin and Paul Cotton will follow up for this TC, Hal will work issue in stealth mode
Status: Closed 389 ID Clash case email sent on 17th some follow up emails and discussions. Action to Editors to make change -http://lists.oasis-open.org/archives/wss/200505/msg00082.html
Michael McIntosh wrote: Thu, 26 May 2005 09:05:15 -0400
Since every WSS implementation, regardless of what STs it supports, must know that wsu:Id, xenc:*/ID, and ds:*/ID attributes are of ID type the
WSS Core can say:
The wsse:Security processing MUST check for duplicate values from among
the set of wsu:Id, xenc:*/ID, and ds:*/ID attributes.
The SAML Token Profile can say:
The wsse:Security processing MUST check for duplicate values from among
the set of wsu:Id, saml:AssertionID, xenc:*/ID, and ds:*/ID attributes.
Since we'd like the WSS processing to also check any other ID values too, the
WSS Core can say:
The wsse:Security processing SHOULD check for duplicate values from among
the set of ID attributes that it is aware of.
The wsse:Security processing MUST generate a fault if a duplicate ID value
is detected.
Status: Open 393 URI error in Kerberos Profile Update Contributor's list - Action item for Hans
Status: Open 394 Interop document for SAML 2.0 - Ron Monzillo can create proposal for scenario. Volunteers to create scenarios can do so on the mailing list.
Status: Closed 395 Write a proposal on backward compatibility closed proposal to not add to code. - Note sent out to TC by Gudge. Ron raised a question about must generate to the mailing list inspired by this issue. He wanted to be sure everyone was clear about the language being proposed. Action was to produce proposal for addition to Core, but issues were judged to be more informational rather than Normative. No changes are to be made to Core, it will remain in the email archive.
Status: Open 396 Mutual auth in Kerberos - pending follow up with Tony
Status: Pending 397 Editors to label SwA, Kerberos, UserName, X509, Core, Rel, SAML 2.0 documents to 1.1 - in draft posted yesterday pending review.
Status: Pending 398 Missing /wsse:Security/@S11:MustUnderstand - in draft posted yesterday pending review.
Status: Open 399 Recently discover WSS security threat - Hal and Mike take for action a security consideration that highlights the issue.
Status: Pending 400 Revisit of the proposed changes relating to EncryptedHeader 1653 through 1655 be removed pending assigned to editors
Document Status:
Will any of the seven documents be in votable status by next meeting? SwA has no open issues, Kerberos has one open and one unknown, core has a couple of small changes, and SAML was just posted. A formatting question was raised as to whether the correct templates were used.
We expect to have a vote next meeting. June 14th. Vote will be done early in the meeting, if at all possible, in consideration of TC members dialing in long distance from Amsterdam.
Kerberos:
No additional status IBM and Microsoft has had a successful interop, issues were rolled into profile. Profile is ready pending any additional interest from the mailing list. Vijay will post.
Meeting adjourned.
Very Respectfully,
John R. Weiland
Information Technology Specialist
GS 2210 (APPSW) Code 07 Navy Medicine OnLine
Naval Medical Information Mngmt Cntr
Bldg 27
8901 Wisconsin Ave
Bethesda, Md. 20889-5605
301-319-1159
JRWeiland@us.med.navy.mil
http://navymedicine.med.navy.mil
"GIVE ME A PLACE TO STAND AND I WILL MOVE THE EARTH"
A remark of Archimedes quoted by Pappus of Alexandria
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]