Re: [wss] Minutes v2, 9 August 2005 - with attendance

[Duane Nickull <dnickull@adobe.com>]

Please make that "Duane Nickull".

Thanks

Frederick.Hirsch@nokia.com wrote:

> 
>V2 Added attendance at end.
>
>Minutes, WSS TC Conference Call, 09 August 2005 
>Minute-taker - Frederick Hirsch, Nokia
>
>We are grateful to Oracle for sponsoring this call
>
>AI Tony/Dwane Nichols to review Kerberos token profile with respect to
>RFC 4120 (and obsoleted RFC 1510). Reference in profile to be updated.
>
>AI Tony to review text at line 984 in core, see if improvement needed.
>
>AI Gudge/VJ to add issue to issues list for encrypted key reference
>(Corrina issue)
>
>Agenda:
>1. Call to order, roll call
>
>34 voting members, need 22 - have quorum.
>
>2. Reading/approving minutes of last meeting (July 26th) [1] No
>objections to approving the minutes. Minutes approved.
>
>3. Issue list review & document status 
>
>One public review comment on public review comment list - regarding RFC.
>
>Issue list
>310 - pending
>Frederick - the new text in the latest core WSS draft at line 984 seems
>to be unclear.
>
>Tony to review text. 
>
>334 - pending
>Frederick - why don't we include xml:id in the list at line 500. Seems
>painful to require all profiles to be updated to support it.
>
>Xml:id at proposed rec, stays in proposed rec until W3C AC decides to
>approve. Closes in September.
>
>Text in this section does not preclude use of xml:id so no action here
>required.
>
>389 - pending
>
>403 pending
>Changes are in uploaded document
>
>338 open, no change
>
>394 - open
>
>updated status in issues list
>Ron had action item to send pointer to document to Abbie - done. 
>
>Gudge sent comment to discussion list
>RFC 1510 (Kerver v5) has been obsoleted by RFC 4120 Need to check that
>Kerberos token profile does not require adjustment.
>
>Paul - is RFC 4120 backward compatable?
>Gudge - provides more explanation and detail, clarifies aspect of
>protocol and intended use, so not clear that it is backward compatible.
>
>Tony - we've started reviewing these, will look at it. Asks for help
>from others on TC. 
>
>AI Tony to drive review of RFCs with respect to Kerberos profile, doing
>initial inspected
>
>Dwane Nichols from Adobe also volunteers to review RFC 4120/RFC 1510
>with respect to Kerberos token profile.
>
>References in Kerberos token profile should reference correct RFC.
>
>Open issue on this item.
>
>Hal - need to decide whether another public review is required, 2 weeks
>if so. Only required if substantive changes are made.
>
>Kelvin - Need to track potential changes to determine what is required.
>Paul Cotton - do you think any of the changes so far are technical Hal
>Lockhart- yes Paul Cotton - then to be safe, public comment should be
>submitted for such changes Tony Nadalin- issues list can be treated as
>comments Hal Lockhart - 310, 334, 389, 403 Paul Cotton - for every
>substantive public comment we can expect to raise an issue, so issues
>list can serve as list of comments/issues.
>
>Frederick - Jeff Hodges is at Neustar (to answer Hans question)
>
>4. Interop status for 1.1 
>
>Gudge
>Tony - Oracle, Microsoft, IBM have completed the interop, wrapping up
>with fourth party.
>
>Tony - a few minor issues may result from interop, nothing major.
>Gudge - some clarifications, nothing major.
>
>5. Other business 
>
>Hans - RSA & Verisign would like to work together in OASIS in WSS with a
>one-time password profile.
>Would like to consider submission - is there interest in the main TC?
>
>Frederick - asks about IPR implications, appropriate in WSS or new TC
>under new IPR policy?
>
>Hal - asks about openness
>Hans - vendor neutral profile, include all existing One time password
>(OTP) mechanisms.
>
>Hal - need an editor and a draft to get started 
>
>Frederick - what are plans for the Minimalist Profile, and how long do
>we plan to keep TC running
>
>Paul - charter enumerates tokens we should profile in WSS, cannot extend
>charter. Charter mentions core and 4 profiles.
>
>Paul - Do we only need 3 to approve adding this, or the whole TC?
>Hal - or at least majority?
>
>Paul - are there others with IPR that need to join TC so that we are
>protected?
>
>Hans - idea is general framework can support variety of methods, which
>might have IPR, but not in the general framework
>
>Hal - not sure TC should do this.
>
>Chris - SwA is about interpretation of security header in specific
>scenario - input document talked about attachments, took out of 1.0, but
>addressed in 1.1 which original input document in charter had
>considered, so was in scope.
>
>Charter:
>http://www.oasis-open.org/committees/wss/charter.php
>
>Don - charter mentions initial work, not too narrow.
>
>Ron - can be considered related to password derived key work, so can
>consider close to the work already done
>
>Kelvin - is there more you could share so TC can evaluate it for TC
>consideration.
>
>Simon Chang/Tibco - interested in seeing more detail
>
>Hans - will send more information to list
>
>Additional public review comment
>Corinna - sent comment to TC rather than public list - comment on
>encrypted key reference. Should be added to issue list and public review
>comments.
>
>Gudge - need to clarify what to add to issues list, not clear what to
>add
>
>See
>http://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200507/m
>sg00041.html
>
>http://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200507/m
>sg00040.html
>
>http://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200507/m
>sg00039.html
>
>Add issue to issue list. Not all agree there is an issue, but can close
>if we agree.
>
>AI Gudge/VJ to add issue to issues list for encrypted key reference.
>
>Hal - will sponsor teleconference 6 Sept, 18 Oct. 
>
>Chairs request additional volunteers to provide teleconference bridges.
> 
>6. Adjournment 
>
>[1] http://lists.oasis-open.org/archives/wss/200507/msg00042.html
>
>---
>
>Attendance of voting members
>
>Maneesh Sahu, Actional Corporation
>Gene Thurston, AmberPoint
>Hal Lockhart, BEA Systems, Inc.
>Denis Pilipchuk, BEA Systems, Inc.
>Corinna Witt, BEA Systems, Inc.
>Steve Anderson, BMC Software
>Rich Levinson, Computer Associates
>Thomas DeMartini, ContentGuard
>Toshihiro Nishimura, Fujitsu Limited
>Kefeng Chen, GeoTrust
>Irving Reid, Hewlett-Packard
>Derek Fu, IBM
>Kelvin Lawrence, IBM
>Mike McIntosh, IBM
>Anthony Nadalin, IBM
>Nataraj Nagaratnam, IBM
>Kojiro Nakayama, Hitachi
>Don Flinn, Individual
>Kate Cherry, Lockheed Martin
>Paul Cotton, Microsoft Corporation
>Martin Gudgin, Microsoft Corporation
>Chris Kaler, Microsoft Corporation
>Frederick Hirsch, Nokia Corporation
>Abbie Barbir, Nortel
>Vamsi Motukuru, Oracle Corporation
>Prateek Mishra, Oracle Corporation
>Ben Hammond, RSA Security
>Rob Philpott, RSA Security
>Blake Dournaee, Sarvega
>Pete Wenzel, SeeBeyond
>Ronald Monzillo, Sun Microsystems
>Symon Chang, TIBCO Software, Inc.
>John Weiland, US Dept of the Navy
>Hans Granqvist, VeriSign
>
>Prospective Voting Members Attendance
>
>John Linn, RSA Security
>Maryann Hondo, IBM
>Duane Nickull, Adobe
>
>---------------
>
>---------------------------------------------------------------------
>To unsubscribe from this mail list, you must leave the OASIS TC that
>generates this mail.  You may a link to this group and all your TCs in OASIS
>at:
>https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 
>
>  
>