Minutes v1, 9 August 2005

[<Frederick.Hirsch@nokia.com>]

Attendance to be added

Minutes, WSS TC Conference Call, 09 August 2005
Minute-taker - Frederick Hirsch, Nokia

We are grateful to Oracle for sponsoring this call

AI Tony/Dwane Nichols to review Kerberos token profile with respect to
RFC 4120 (and obsoleted RFC 1510). Reference in profile to be updated.

AI Tony to review text at line 984 in core, see if improvement needed.

AI Gudge/VJ to add issue to issues list for encrypted key reference
(Corrina issue)

Agenda:
1. Call to order, roll call

34 voting members, need 22 - have quorum.

2. Reading/approving minutes of last meeting (July 26th) [1] 
No objections to approving the minutes. Minutes approved.

3. Issue list review & document status 

One public review comment on public review comment list - regarding RFC.

Issue list 
310 - pending
Frederick - the new text in the latest core WSS draft at line 984 seems
to be unclear.

Tony to review text. 

334 - pending
Frederick - why don't we include xml:id in the list at line 500. Seems
painful to require all profiles to be updated to support it.

Xml:id at proposed rec, stays in proposed rec until W3C AC decides to
approve. Closes in September.

Text in this section does not preclude use of xml:id so no action here
required.

389 - pending

403 pending
Changes are in uploaded document

338 open, no change

394 - open

updated status in issues list
Ron had action item to send pointer to document to Abbie - done. 

Gudge sent comment to discussion list
RFC 1510 (Kerver v5) has been obsoleted by RFC 4120
Need to check that Kerberos token profile does not require adjustment.

Paul - is RFC 4120 backward compatable?
Gudge - provides more explanation and detail, clarifies aspect of
protocol and intended use, so not clear that it is backward compatible.

Tony - we've started reviewing these, will look at it. Asks for help
from others on TC. 

AI Tony to drive review of RFCs with respect to Kerberos profile, doing
initial inspected

Dwane Nichols from Adobe also volunteers to review RFC 4120/RFC 1510
with respect to Kerberos token profile.

References in Kerberos token profile should reference correct RFC.

Open issue on this item.

Hal - need to decide whether another public review is required, 2 weeks
if so. Only required if substantive changes are made.

Kelvin - Need to track potential changes to determine what is required.
Paul Cotton - do you think any of the changes so far are technical
Hal Lockhart- yes
Paul Cotton - then to be safe, public comment should be submitted for
such changes
Tony Nadalin- issues list can be treated as comments 
Hal Lockhart - 310, 334, 389, 403
Paul Cotton - for every substantive public comment we can expect to
raise an issue, so issues list can serve as list of comments/issues.

Frederick - Jeff Hodges is at Neustar (to answer Hans question)

4. Interop status for 1.1 

Gudge
Tony - Oracle, Microsoft, IBM have completed the interop, wrapping up
with fourth party.

Tony - a few minor issues may result from interop, nothing major.
Gudge - some clarifications, nothing major.

5. Other business 

Hans - RSA & Verisign would like to work together in OASIS in WSS with a
one-time password profile.
Would like to consider submission - is there interest in the main TC?

Frederick - asks about IPR implications, appropriate in WSS or new TC
under new IPR policy?

Hal - asks about openness
Hans - vendor neutral profile, include all existing One time password
(OTP) mechanisms.

Hal - need an editor and a draft to get started 

Frederick - what are plans for the Minimalist Profile, and how long do
we plan to keep TC running

Paul - charter enumerates tokens we should profile in WSS, cannot extend
charter. Charter mentions core and 4 profiles.

Paul - Do we only need 3 to approve adding this, or the whole TC?
Hal - or at least majority?

Paul - are there others with IPR that need to join TC so that we are
protected?

Hans - idea is general framework can support variety of methods, which
might have IPR, but not in the general framework

Hal - not sure TC should do this.

Chris - SwA is about interpretation of security header in specific
scenario - input document talked about attachments, took out of 1.0, but
addressed in 1.1 which original input document in charter had
considered, so was in scope.

Charter:
http://www.oasis-open.org/committees/wss/charter.php

Don - charter mentions initial work, not too narrow.

Ron - can be considered related to password derived key work, so can
consider close to the work already done

Kelvin - is there more you could share so TC can evaluate it for TC
consideration.

Simon Chang/Tibco - interested in seeing more detail

Hans - will send more information to list

Additional public review comment
Corinna - sent comment to TC rather than public list - comment on
encrypted key reference. Should be added to issue list and public review
comments.

Gudge - need to clarify what to add to issues list, not clear what to
add

See
http://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200507/m
sg00041.html

http://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200507/m
sg00040.html

http://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200507/m
sg00039.html

Add issue to issue list. Not all agree there is an issue, but can close
if we agree.

AI Gudge/VJ to add issue to issues list for encrypted key reference.

Hal - will sponsor teleconference 6 Sept, 18 Oct. 

Chairs request additional volunteers to provide teleconference bridges.
 
6. Adjournment 

[1] http://lists.oasis-open.org/archives/wss/200507/msg00042.html

---