Minutes for WSS TC June 14, 2005.

["Weiland, John R. NMIMC GS" <JRWeiland@US.MED.NAVY.MIL>]

Title: Minutes for WSS TC June 14, 2005.

Minutes for WSS TC June 14, 2005.
Agenda:
1. Call to order, roll call
2. Reading/approving minutes of last meeting (31st May [1] )
3. Issue list review & document status
4. Kerberos status
5. Other business
6. Adjournment

[1] http://lists.oasis-open.org/archives/wss/200506/msg00015.html

1.  Meeting was called to order 10:15 AM; Kelvin Lawrence and Chris Kaler were in the Chair. 
John R. Weiland, US Navy, acted as recording secretary for this meeting.

Steve Anderson called for quorum:

Attendance of Voting Members

  Jan Alexander Systinet
  Steve Anderson BMC Software
  Abbie Barbir Nortel
  Carolina Canales-Valenzuela Ericsson
  Symon Chang TIBCO Software, Inc.
  Kefeng Chen GeoTrust
  Paul Cotton Microsoft Corporation
  Martijn de Boer SAP
  Thomas DeMartini ContentGuard
  Blake Dournaee Sarvega
  Don Flinn Individual
  Derek Fu IBM
  Vijay Gajjala Microsoft Corporation
  Hans Granqvist VeriSign
  Martin Gudgin Microsoft Corporation
  Frederick Hirsch Nokia Corporation
  Jeff Hodges NeuStar, Inc.
  Chris Kaler Microsoft Corporation
  Kelvin Lawrence IBM
  Rich Levinson Computer Associates
  Hal Lockhart BEA Systems, Inc.
  Mike McIntosh IBM
  Prateek Mishra Principal Identity
  Ronald Monzillo Sun Microsystems
  Vamsi Motukuru Oracle Corporation
  Anthony Nadalin IBM
  Nataraj Nagaratnam IBM
  Toshihiro Nishimura Fujitsu Limited
  Rob Philpott RSA Security
  Coumara Radja Sarvega
  Irving Reid Hewlett-Packard
  Maneesh Sahu Actional Corporation
  Gene Thurston AmberPoint
  Sam Wei Documentum
  John Weiland US Dept of the Navy
  Pete Wenzel SeeBeyond
Attendance of Non-Voting Members
  Duane Nickull Adobe

Attendance of Voting Members - Probation
  Denis Pilipchuk BEA
  Kate Cherry Lockheed Martin

Membership Status Changes
  Denis Pilipchuk BEA - Approved for membership, requested voting status 5/5/2005
  Kate Cherry Lockheed Martin - Requested voting status 6/3/2005
  Pete Wenzel SeeBeyond - Returned from LOA before 6/14/2005 call
  James Rust Panacea Software - Requested membership 6/8/2005
  Duane Nickull Adobe - Approved for membership 6/14/2005
  Denis  Pilipchuk BEA - Granted voting status after 6/14/2005 meeting
  Corinna Witt BEA Systems, Inc. - Losing voting status 6/14/2005
  Kojiro Nakayama Hitachi - Losting voting status 6/14/2005
  Ben Hammond RSA Security - Losting voting status 6/14/2005

35 out of 41 voting members in attendence, we have a quorum.

2. Reading/approving minutes of last meeting (31st May [1] )

Minutes from last meeting approved, hearing no objections.

3. Issue list review & document status
Pending
364 - SWA profile: Can XML attachments be XML canonicalized and used in conjunction with SwA profile?
Frederick sent proposal to mailing list two weeks ago in draft 20.  No discussion on list for past week.  The only concern with resolving this issue as  closed might be with regards to stating that the exclusive namespace prefix should be empty but since that statement is a SHOULD it might be OK,  no comments were received.

Closed

370 - SWA profile: Add processing rules/guidance for SOAP and MIME intermediaries
SwA profile available for past two weeks. 
Closed   Note:364 and 370 captured in draft 20

384 - Kerberos TP: Channel Binding
No changes to the spec.  Handled by Kerberos.  Ron Monzillo raised an issue that a token is not valid if it is not delivered over the same channel  that is in the channel binding token.  GSS API initial context token has a field inside it that represents the channel binding, so if you are using a GSS  api form as a wss security token and the channel binding links that token to a transport.  If you try to use that token, independent to that channel  binding, it will be rejected by the GSS API subsystem.  While it is handled by GSS API, you cannot say that there is no influence from channel  binding on message layer security especially if you want message layer security to be end to end. 

     Channel binding, in GSS API inparticular, intended to insure that the initial context token can't be used over another instance of the transport.   So, if you have a message layer security mechanism who's premise is that it is transport consistent, that same token can exist beyond that transport  there is a contradiction between the use of channel binding and the ability to preserve the validity of that token.  That relation should be described,  or someone will end up with tokens rejected and not know why.

Closed with statement in minutes

385 Kerberos TP: References to obsolete documents
Rolled into draft
Closed

389 ID Clash case
Exact text to be changed agreed upon at last meeting.  Editors have not made changes yet.  Action item for Tony's edit in issues list.

Pending

397 Editors to label SwA, Kerberos, UserName, X509, Core, Rel, SAML 2.0 documents to 1.1
Already in earlier draft.
Closed

398 Missing /wsse:Security/@S11:MustUnderstand
Minor edit in last set of draft sent out.
Closed

399 Recently discovered WSS security threat
 Mike sent out a change to the security consideration section.  Changes rolled into latest draft of Core under a new subsection of security  consideration section.  A concern is still unaddressed - minor modifications will be resolved in new open issues.

Closed

400 Revisit of the proposed changes relating to Encrypted Header
Proposed changes - rolled into latest draft. 
Closed

Open issues

338 Hal: Proposed new work - WSS Templates
No change in status

378 Deprecating or otherwise superceding documents
No official deprecation procedure exists.  W3C spec, inserting a URL of latest version, suggested.  Ron put a statement in SAML token profile, a  question was raised as to it's wording.  OASIS will not take notice of the wording until standardization phase.

Closed - another issue may be opened to determine editorial wording supporting deprecation.

393 Update contributors list
Hans will send out list of names and companies. Two lists were suggested, one of members in good standing and another of contributors.  Changes  can be added at the last minute.

Pending mail from Hans that summarizes the contributors list.  Hans and ViJay marked as owners.

394 Interop document for SAML 2.0
Interop is not required by OASIS prior to public review.   Last version of SAML had a series of interops, 3 companies certified that they had made  substantial use of SAML and a private interop was conducted.  The TC did not do the interop.

Open

396 Mutual auth in Kerberos
Pulled off from 384, Out of scope of this document  Whenever you have a message based security mechanism, the only way to guarantee the  recipient is authenticated is either set up a session, or encrypt the message prior to sending it.  Since we are not describing sessions in this  specification so the way to do mutual authentication is with message encryption.

Closed with a note for action in issues list to ViJay.

401  X509 Profile Items & 402 Example errors in Username token profile namespace
Already rolled into latest draft token profile.
Closed

Document status

Core document is pretty much at a stable point.
All changes we have gone over today were updated last night.  x509, Username, Kerberos, Core, SwA, SAML, and REL updated.

Tony motions, Frederick seconds.  Take 7 specifications forward to Committee Draft status with the expectation we will vote to Committee Draft  again.  Carried unanimously.

Issue open to editors to update documents to committee draft and 389, and Hans create contributors list, security consideration section minor  modifications folded into Core spec.

Format contributor's list, ordered by company and individual within company.

Vote for public review at next call.

URL to clean specs to Kelvin for submission.

4. Kerberos status

Kerberos interop over

5. Other business

Phone call sponsors needed, none available after June 28.  Adobe volunteers.  Nortel., and BEA

6. Adjournment

Respectfully Submitted,

John R. Weiland
Information Technology Specialist
GS 2210 (APPSW) Code 07 Navy Medicine OnLine
Chair, DoN CIO Business Standards Council

Naval Medical Information Mngmt Cntr
Bldg 27
8901 Wisconsin Ave
Bethesda, Md. 20889-5605

301-319-1159
JRWeiland@us.med.navy.mil
http://navymedicine.med.navy.mil
"GIVE ME A PLACE TO STAND AND I WILL MOVE THE EARTH"
A remark of Archimedes quoted by Pappus of Alexandria