[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for WSS TC June 14, 2005.
Minutes for WSS TC June 14, 2005.
Agenda:
1. Call to order, roll call
2. Reading/approving minutes of last meeting (31st May [1] )
3. Issue list review & document status
4. Kerberos status
5. Other business
6. Adjournment
[1] http://lists.oasis-open.org/archives/wss/200506/msg00015.html
1. Meeting was called to order 10:15 AM; Kelvin Lawrence and Chris Kaler were in the Chair.
John R. Weiland, US Navy, acted as recording secretary for this meeting.
Steve Anderson called for quorum:
Attendance of Voting Members
Jan Alexander Systinet
Steve Anderson BMC Software
Abbie Barbir Nortel
Carolina Canales-Valenzuela Ericsson
Symon Chang TIBCO Software, Inc.
Kefeng Chen GeoTrust
Paul Cotton Microsoft Corporation
Martijn de Boer SAP
Thomas DeMartini ContentGuard
Blake Dournaee Sarvega
Don Flinn Individual
Derek Fu IBM
Vijay Gajjala Microsoft Corporation
Hans Granqvist VeriSign
Martin Gudgin Microsoft Corporation
Frederick Hirsch Nokia Corporation
Jeff Hodges NeuStar, Inc.
Chris Kaler Microsoft Corporation
Kelvin Lawrence IBM
Rich Levinson Computer Associates
Hal Lockhart BEA Systems, Inc.
Mike McIntosh IBM
Prateek Mishra Principal Identity
Ronald Monzillo Sun Microsystems
Vamsi Motukuru Oracle Corporation
Anthony Nadalin IBM
Nataraj Nagaratnam IBM
Toshihiro Nishimura Fujitsu Limited
Rob Philpott RSA Security
Coumara Radja Sarvega
Irving Reid Hewlett-Packard
Maneesh Sahu Actional Corporation
Gene Thurston AmberPoint
Sam Wei Documentum
John Weiland US Dept of the Navy
Pete Wenzel SeeBeyond
Attendance of Non-Voting Members
Duane Nickull Adobe
Attendance of Voting Members - Probation
Denis Pilipchuk BEA
Kate Cherry Lockheed Martin
Membership Status Changes
Denis Pilipchuk BEA - Approved for membership, requested voting status 5/5/2005
Kate Cherry Lockheed Martin - Requested voting status 6/3/2005
Pete Wenzel SeeBeyond - Returned from LOA before 6/14/2005 call
James Rust Panacea Software - Requested membership 6/8/2005
Duane Nickull Adobe - Approved for membership 6/14/2005
Denis Pilipchuk BEA - Granted voting status after 6/14/2005 meeting
Corinna Witt BEA Systems, Inc. - Losing voting status 6/14/2005
Kojiro Nakayama Hitachi - Losting voting status 6/14/2005
Ben Hammond RSA Security - Losting voting status 6/14/2005
35 out of 41 voting members in attendence, we have a quorum.
2. Reading/approving minutes of last meeting (31st May [1] )
Minutes from last meeting approved, hearing no objections.
3. Issue list review & document status
Pending
364 - SWA profile: Can XML attachments be XML canonicalized and used in conjunction with SwA profile?
Frederick sent proposal to mailing list two weeks ago in draft 20. No discussion on list for past week. The only concern with resolving this issue as closed might be with regards to stating that the exclusive namespace prefix should be empty but since that statement is a SHOULD it might be OK, no comments were received.
Closed
370 - SWA profile: Add processing rules/guidance for SOAP and MIME intermediaries
SwA profile available for past two weeks.
Closed Note:364 and 370 captured in draft 20
384 - Kerberos TP: Channel Binding
No changes to the spec. Handled by Kerberos. Ron Monzillo raised an issue that a token is not valid if it is not delivered over the same channel that is in the channel binding token. GSS API initial context token has a field inside it that represents the channel binding, so if you are using a GSS api form as a wss security token and the channel binding links that token to a transport. If you try to use that token, independent to that channel binding, it will be rejected by the GSS API subsystem. While it is handled by GSS API, you cannot say that there is no influence from channel binding on message layer security especially if you want message layer security to be end to end.
Channel binding, in GSS API inparticular, intended to insure that the initial context token can't be used over another instance of the transport. So, if you have a message layer security mechanism who's premise is that it is transport consistent, that same token can exist beyond that transport there is a contradiction between the use of channel binding and the ability to preserve the validity of that token. That relation should be described, or someone will end up with tokens rejected and not know why.
Closed with statement in minutes
385 Kerberos TP: References to obsolete documents
Rolled into draft
Closed
389 ID Clash case
Exact text to be changed agreed upon at last meeting. Editors have not made changes yet. Action item for Tony's edit in issues list.
Pending
397 Editors to label SwA, Kerberos, UserName, X509, Core, Rel, SAML 2.0 documents to 1.1
Already in earlier draft.
Closed
398 Missing /wsse:Security/@S11:MustUnderstand
Minor edit in last set of draft sent out.
Closed
399 Recently discovered WSS security threat
Mike sent out a change to the security consideration section. Changes rolled into latest draft of Core under a new subsection of security consideration section. A concern is still unaddressed - minor modifications will be resolved in new open issues.
Closed
400 Revisit of the proposed changes relating to Encrypted Header
Proposed changes - rolled into latest draft.
Closed
Open issues
338 Hal: Proposed new work - WSS Templates
No change in status
378 Deprecating or otherwise superceding documents
No official deprecation procedure exists. W3C spec, inserting a URL of latest version, suggested. Ron put a statement in SAML token profile, a question was raised as to it's wording. OASIS will not take notice of the wording until standardization phase.
Closed - another issue may be opened to determine editorial wording supporting deprecation.
393 Update contributors list
Hans will send out list of names and companies. Two lists were suggested, one of members in good standing and another of contributors. Changes can be added at the last minute.
Pending mail from Hans that summarizes the contributors list. Hans and ViJay marked as owners.
394 Interop document for SAML 2.0
Interop is not required by OASIS prior to public review. Last version of SAML had a series of interops, 3 companies certified that they had made substantial use of SAML and a private interop was conducted. The TC did not do the interop.
Open
396 Mutual auth in Kerberos
Pulled off from 384, Out of scope of this document Whenever you have a message based security mechanism, the only way to guarantee the recipient is authenticated is either set up a session, or encrypt the message prior to sending it. Since we are not describing sessions in this specification so the way to do mutual authentication is with message encryption.
Closed with a note for action in issues list to ViJay.
401 X509 Profile Items & 402 Example errors in Username token profile namespace
Already rolled into latest draft token profile.
Closed
Document status
Core document is pretty much at a stable point.
All changes we have gone over today were updated last night. x509, Username, Kerberos, Core, SwA, SAML, and REL updated.
Tony motions, Frederick seconds. Take 7 specifications forward to Committee Draft status with the expectation we will vote to Committee Draft again. Carried unanimously.
Issue open to editors to update documents to committee draft and 389, and Hans create contributors list, security consideration section minor modifications folded into Core spec.
Format contributor's list, ordered by company and individual within company.
Vote for public review at next call.
URL to clean specs to Kelvin for submission.
4. Kerberos status
Kerberos interop over
5. Other business
Phone call sponsors needed, none available after June 28. Adobe volunteers. Nortel., and BEA
6. Adjournment
Respectfully Submitted,
John R. Weiland
Information Technology Specialist
GS 2210 (APPSW) Code 07 Navy Medicine OnLine
Chair, DoN CIO Business Standards Council
Naval Medical Information Mngmt Cntr
Bldg 27
8901 Wisconsin Ave
Bethesda, Md. 20889-5605
301-319-1159
JRWeiland@us.med.navy.mil
http://navymedicine.med.navy.mil
"GIVE ME A PLACE TO STAND AND I WILL MOVE THE EARTH"
A remark of Archimedes quoted by Pappus of Alexandria
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]