[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [DRAFT] OASIS WSS TC Minutes 2005-08-23
OASIS WSS TC Minutes 2005-08-23 New Action Items AI 2005-08-23-01 Gudge to send the material on RFC 4120 changes to technical contacts from the TC's Kerberos interop to determine if they are able to move to the new RFC. AI 2005-08-23-02 Corinna and Gudge to work with Editor's to propose revised text for this editorial problem. AI 2005-08-23-03 Gudge to ask a professional cryptographic expert to look at the contradiction in Issue 418 and make a recommendation to the TC. AI 2005-08-23-04 Gudge will attempt to propose revised text for Issue 427. AI 2005-08-23-05 Gudge to mail revised text for Issue 429 to the TC. AI 2005-08-23-06 Gudge/Vijay to send results of Kerberos interop to the TC and to highlight if there were any issues raised. 1. Call to order, roll call The meeting started at 10:05am EDT with Chris Kaler and Kelvin Lawrence in the chair. Paul Cotton volunteered to record these minutes. <Roll call to be added> 2. Reading/approving minutes of last meeting (Aug 9th) [1] [1] http://lists.oasis-open.org/archives/wss/200508/msg00017.html The minutes of the Aug 9 meeting were adopted unanimously. 3. Issue list review, public review comments, doc status. Issues list: http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14151/OASI S%20Web%20Services%20Security%20Issues%20List%2073.htm Version 45, Modified on Monday July 26, 2004 23:19:23 -0700 a) Issue 310 Pending This issue was missing edits. Still Pending additional text to be added by Tony. b) Issue 334 Pending Frederick sent email suggesting that we include xml:id in the table. http://lists.oasis-open.org/archives/wss/200508/msg00012.html Tony pushed back on this change for compatibility reasons. Frederick wants xml:id to the list in Core so that any new token profile knows it is not precluded. Frederick is NOT suggesting we go back and re-do any existing profiles. Others supported Frederick. Duane requested that the list be clearly as stated as non-exclusive. Gudge expressed concern that mentioning xml:id in Core would force implementers to support xml:id since someone might use it in a token that would be used with the Core implementation. Chris K agreed that this would force everyone that supports WSS 1.1 to support xml:id. In addition Chris wondered if there was more spec work that was needed for the case that more than one *:id attribute is used (Gudge suggested this was an error). Paul tried to summarize the positions: a) put xml:id in now for the longer term b) don't put xml:id in now since it has immediate compatibility problems. Frederick asked how we would deal with XML 1.1 if WSS 1.1 was already a standard. Paul pointed out that lots of other parts of the lower stack could change e.g. XML Schema 1.1, new C14N, etc. Decision: leave pending and Frederick will consider providing a detailed proposal. The meeting agreed to decide this issue at the Sep 6 meeting. c) Issue 389 Pending Text was in document before last meeting already according to Thomas. Closed. d) Issue 403 Pending. Text was in document before last meeting already according to Thomas. Closed. e) Issue 338 Open No change. f) Issue 394 Interop document for SAML 2.0 Open Abbie completed an interop document and sent it to the editors of the previous interop document. Some of those editors are on vacation and Abbie hopes to send a document to the TC by early next week. Still Open. g) Issue 404 RFC 4120 vs rfc 1510 notes Open http://lists.oasis-open.org/archives/wss/200508/msg00018.html (Aug 19th) Duane's email points out that RFC 4120 obsoletes RFC 1510. In addition RFC 1420 says it is not backwards compatible. Chris suggested that the Kerberos implementers need to evaluate the changes outlined by Duanne. Gudge asked if we could leave our Kerberos spec as is since that is what we interop'ed on. Chris replied that we should try to see if vendors can indeed support RFC 4120. AI 2005-08-23-01 Gudge to send the material on RFC 4120 changes to technical contacts from the TC's Kerberos interop to determine if they are able to move to the new RFC. Open and we will try to decide at Sept 6 meeting. h) Issue 405 Likely error in the value type of the EncryptedKey STR. http://lists.oasis-open.org/archives/wss/200507/msg00040.html Text betweens 1081-1090 makes it very hard to decide what "value type" is being referred to. Gudge has a proposal to clarify this text which he can send later today. AI 2005-08-23-02 Corinna and Gudge to work with Editor's to propose revised text for the editorial problem identified by Issue 405. Status to be changed to Pending. Corinna asked if this change will subsume the change requested in: http://lists.oasis-open.org/archives/wss/200507/msg00041.html This will become issue 429 since it is a different issue. i) Issue 406 SAML Editorial comments Ron replied that he agreed. Status to be changed to Pending since we do not yet have a document showing the changes. j) Issue 407 REL comments Thomas uploaded a document with these changes. Status to be changed to Pending Review. Kelvin asked if these are editorial. Gudge said he thought they were editorial. k) Issue 408 Editorial comments on Kerberos Status is Pending. l) Issue 409 Editorial comments on X.509 Status is Pending. m) Issue 410 Editorial comments User Name Email id in Issues list should be msg 5 (not msg 4). Status is Pending. n) Issue 411 Editorial comments on Core Status is Pending. o) Isse 412 REL token Thomas has uploaded a document with this change. Status to be changed to Pending Review. p) Issue 413 Kerberos comments from Gudge, Issue 1 The meeting agreed with Gudge's suggested change to have the value type attribute on the reference element. The answer to the first question in Gudge's email is Yes. Status to be changed to Pending (editors to make change). q) Issue 414 Kerberos comments from Gudge, Issue 2 Gudge does not believe he is changing the semantics of the sentence but since he did not understand the original sentence we reviewed the change. The meeting agreed to make Gudge's suggested change. Status to be changed to Pending (editors to make change). r) Issue 415 Kerberos comments from Gudge, Issues 3 and 4 WSS should be in the list of Normative References and it should be to WSS 1.1. The meeting agreed to make Gudge's suggested change. Status to be changed to Pending (editors to make change). s) Issue 416 User Name token profile comment The meeting agreed that this was a cut and paste error. Status to be changed to Pending (editors to make change). t) Issue 417 User Name token profile comment What is the type of Salt element? Should this be a base64 type? Kelvin asked if that would impact interop? Chris said no since we did not test this. The meeting agreed that the type should be base64 type. Status to be changed to Pending (editors to make change). The Editors are reminded to actually change the schema. u) Issue 418 User name token profile comment Does decimal value mean xs:decimal or xs:unsignedInteger. The meeting agreed that the type should be xs:unsignedInteger. Status to be changed to Pending (editors to make change). The Editors are reminded to actually change the schema. v) Issue 419 User name token profile comment Line 191 and 383 appear to give contradicting advice about where to put the password. Irving suggested we get a cryptographic expert at this difference. Duane asked if we leave the difference that we consider adding an explanation. AI 2005-08-23-03 Gudge to ask a professional cryptographic expert to look at the contradiction in Issue 418 and make a recommendation to the TC. Status remains Open with the Action on Gudge. w) Issue 420 X.509 token profile comment Line 157 is missing a URI. The meeting agreed. Status to be changed to Pending (editors to make change). x) Issue 421 X.509 token profile comment Line 176 description for the single certificate cases is not correct. The meeting agreed. Status to be changed to Pending (editors to make change). y) Issue 422 X.509 token profile comment. The URI should be relative to WSS 1.0 URI. The meeting agreed. Status to be changed to Pending (editors to make change). z) Issue 423 X.509 token profile comment Line 248 value in ValueType column is wrong. The meeting agreed. Status to be changed to Pending (editors to make change). aa) Issue 424 X.509 token profile comment Line 430 needs to permit Thumbprint support. The meeting decided to add an example of Thumbprint support and delete lines 430-431. Status to be changed to Pending (editors to make change). ab) Issue 425 SAML token profile comments Ron replied and agreed to make a change for the third item. No changes were needed for the first two items. The meeting agreed. Status to be changed to Pending (editors to make change). ac) Issue 426 Kerberos token profile comment The meeting agreed to make this change. Gudge will send revised text to the Editors. Duane suggests that Gudge check RFC 4120. Chris thought this was just a wording problem. Status to be changed to Pending (editors to make change to be proposed by Gudge). ad) Issue 427 Core comment We do actually specify usage of STR's outside security headers and therefore the proposed re-wording is not correct. Paul asked if we could get re-wording to cover the commenter's case and our use of STR's outside of security headers. AI 2005-08-23-04 Gudge will attempt to propose revised text for Issue 427. Kelvin suggested that the proposed wording be sent back to the comment list. Status to remain Open. ae) Issue 428 Recursive security token reference Chris expressed concern about recursive definition without doing interop on it. Paul pointed out that this is change request for WSS 1.0 since it is not specific to the functionality in WSS 1.1. Frederick would like to keep this Open to permit supporters of this problem to further explain their case. The commenter does not want to embed a token more than once. Status to remain Open. The TC agreed to close this at the Sept 6 meeting. af) Issue 429 (created at this meeting) http://lists.oasis-open.org/archives/wss/200507/msg00041.html "The use of STR/Reference/@ValueType to identify the type of the referenced security token is deprecated. (line 912) The recommended way is to use STR/@wsse:TokenType." AI 2005-08-23-05 Gudge to mail revised text for Issue 429 to the TC. Status to remain Open. The TC agreed to close this at the Sept 6 meeting. > 4. Interop status for 1.1 Kelvin asked if any more companies had participated in the Interop. Gudge believes that there is interop between at least four participants. AI 2005-08-23-06 Gudge/Vijay to send results of Kerberos interop to the TC and to highlight if there were any issues raised. > 5. Other business a) RSA and Versign proposal for OTP token profile proposal http://lists.oasis-open.org/archives/wss/200508/msg00026.html The proposal arrived at about 9pm EDT last night. Due to the late arrival of the proposal the TC decided to discuss this at the Sept 6 meeting. > 6. Adjournment The meeting was adjourned at 11:48am EDT. /paulc Paul Cotton, Microsoft Canada 17 Eleanor Drive, Nepean, Ontario K2E 6A3 Tel: (613) 225-5445 Fax: (425) 936-7329 mailto:pcotton@microsoft.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]