DRAFT Minutes WSS-TC 10.4.2004

[Ron Williams <ron.williams@us.ibm.com>]

For comment and correction

~r

•    ✓    1    Call to order/roll call    10.4.05 9:04:28 AM

Chairs: Kelvin Lawrence,

Secretary: Don Flinn

Minutes: Ron Williams

Attendance

Attendance List

Voting Members

Maneesh         Sahu            Actional Corporation

Duane           Nickull         Adobe

Hal             Lockhart        BEA Systems, Inc.

Denis           Pilipchuk       BEA Systems, Inc.

Corinna         Witt            BEA Systems, Inc.

Rich            Levinson        Computer Associates

Thomas          DeMartini       ContentGuard

Dana            Kaufman         Forum Systems, Inc.

Toshihiro       Nishimura       Fujitsu Limited

Kefeng          Chen            GeoTrust

Irving          Reid            Hewlett-Packard

Kojiro          Nakayama        Hitachi

Derek           Fu              IBM

Kelvin          Lawrence        IBM

Mike            McIntosh        IBM

Anthony         Nadalin         IBM

Ron             Williams        IBM

Don             Flinn           Individual

Kate            Cherry          Lockheed Martin

Paul            Cotton          Microsoft Corporation

Vijay           Gajjala         Microsoft Corporation

Martin          Gudgin          Microsoft Corporation

Chris           Kaler           Microsoft Corporation

Frederick       Hirsch          Nokia Corporation

Abbie           Barbir          Nortel

Prateek         Mishra          Oracle Corporation

Vamsi           Motukuru        Oracle Corporation

Ben             Hammond         RSA Security

John            Linn            RSA Security

Rob             Philpott        RSA Security

Pete            Wenzel          SeeBeyond

Ronald          Monzillo        Sun Microsystems

John            Weiland         US Dept of the Navy

Hans            Granqvist       VeriSign

Members

Steve        Anderson         BMC Software

Carolina    Canales-Valenzuela Ericsson

Jeff        Hodges         NeuStar, Inc.

Blake        Dournaee         Sarvega

Will         Raymond         Tibco

Member that regained voting status after 10/4/05 Meeting

Steve         Anderson         BMC Software

Jeff         Hodges         NeuStar, Inc.

Will          Raymond         Tibco

19 REQUIRED - 31 ATTENDING - Quorum Achieved

▼    ✓    2    Reading/Approving minutes of last meeting (Sept 20th) [1]    10.4.05 9:13:13 AM

    •    ✓    Approved by unanimous consent (no objections registered)    

▼    ✓    3    Review of actions from prior meeting minutes [1]    10.4.05 9:14:30 AM

    •    ✓    Actions are caught up - closed or made issues (Kelvin)    

•    ✓    4    One Time Password proposal (continue discussion and try to reach closure)    10.4.05 9:14:37 AM

Chris - limit discussion to 30 mintues

Paul Cotton - had questions answered during dialogue.

Paul Cotton - proposed way forward. Not convinced work is in scope for TC. Simple procedure: Have proponents move that work on OTP  profile is in scope, triggering an electronic ballot to TC to determine whether or not this is to be a deliverable.

Hans - Seems ec vote would take a long time.

Kelvin - if such a motion was put forward - Oasis has 15 days in which to call an electronic ballot - + 7 to 15 days for actual vote, and Oasis is responsible for the ballot. We'd be clarifying the charter, not amending it. 

Mary - 2/3 majority required for passage, no more than 1/4 voting no.

Rob - Work item is in scope - TC should decide whether we want to work on deliverable - asserts clarification not required.

Abby agrees with Paul as vote being the most efficient means to address issue.

Rob - TC has to decide whether or not TC wants to do the work, and then go forward with "official" mechanism (clarification vote). 

Kelvin - decide as a TC how to close issue.

Ask chair to work with TC Admin to determine whether OTP profile is in scope.

Will (tibco) - RSA assures us that OTP is unencumbered.

Kelvin - This TC is still operating under old TC rules.

Paul - TC Admin will be reluctant to "rule" on scope issue.

Mary - a vote by the TC to 

Abby (verisign) - Can we simply take a vote to see if the TC wants to do the work?

Hal - Only 3 or 4 individuals typically work on profiles, so issue of TC wanting to do the work boils down to those that do the work.

Kelvin - we get into situations that only a vote will break the stalemate. Pauls Proposal. Rob's work with TC admin offline. Mary said no admin ruling until a decision (vote) and appeal to admin.

Ron Monzillo - decide whether we want to take on the work.

(?) What is the objective of the TC following publication of the 1.1 specs.

TC - conversion to new IPR rules we have 18 months to switch or vote on shifting to new.

Hal - suggest a motion be made . . .

Hal - propose to do work - see if TC by simple majority wants to do the work. If yes, Paul can still call for formal charter clarification resulting in formal Oasis vote.

Hans - move to "vote on the amended proposal as sent out by john linn, 8.2005, WSS-OTP token profile.

Hal - seconded

Abby - seconded

Two questions on 

Tony - framework or technology - unclear as to what is being proposed as input, output, and ipr. Text is unclear.

Hans - input - two existing OTP proposals - RSA produced, and one that Verisign has produced - no IP on Verisign producted. This is a framework, not a mechanism.

John Lynn (RSA) - conceptually parallel - a method independant framework - no proposal for a particuluar method - the methods themseleves are not in scope of this proposal.

RSA - no claims at the level of the document (IPR)  - no claims and no evidence of any. Input document - won't submit if doesn't comply with IP rules.

Paul - have to disclose any IPR and that of any other contributor.

Asked and answered by RSA and Verisign

Will - proposal - do the work to create a framework who's purpose is to support a proprietary format

(discussion) disputes this . . .

Interop question -  is there a common format to be implemented and support to enable interop testing.

Three companies attest to framework - 

Paul - in the past - we actually physical interop testing - interop validates the framework - but underlying mechanisms don't need to be implemented by the participants.l

Hal - thinks there are one or more mechanisms that could be implemented for use in interop.

Only one framework in the past, and that was the core document.

Paul puts the questions - 

Hal and Abby Seconds

Kelvin - Roll Call Vote

(Ron's unofficial tally:

        yes    no    abstain

sandhu    (no repsonse)

nichol            a

thurston    (no response)

lockhart    y

fillchuck            a

witt        y

levinson    y

demaritni            a

kafuman            a

nishimuru            a

chen        (no response)

reid        y

nakamuro            a

foo        (no response)

hondo    (no response)

lawrence            a

mcintosh        n

nadalin        n

williams        n

flinn                a

cherry    y

cotton        n

gaya            n

gudge        n

kaler            n

hirsch    y

baiberi        n

mishra    y

motokuru    y

hammond    y

linn        y

philpott    y

dubour    (no response)

wenzel            a

monzillo    y

wailtand    y

hans        y

Hal - majority of non-abstenstions

14 yes - 8 no - 9 abstensions: Motion Carries)

Don Flinn's official tally:

Vote Details

Maneesh    Sahu                  

Duane    Nickull                 A

Gene        Thurston                  

Hal        Lockhart         Y

Denis    Pilipchuk                 A

Corinna    Witt              Y

Rich        Levinson         Y

Thomas    DeMartini                  A

Dana        Kaufman                  A

Toshihiro    Nishimura                 A

Kefeng    Chen                  

Irving    Reid              Y

Kojiro    Nakayama                  A

Derek    Fu                  

Maryann    Hondo                  

Kelvin    Lawrence                  A

Mike        McIntosh              N

Anthony    Nadalin              N

Ron        Williams              N

Don        Flinn                  A

Kate        Cherry         Y

Paul        Cotton              N

Vijay    Gajjala              N

Martin    Gudgin              N

Chris    Kaler              N

Frederick    Hirsch         Y

Abbie    Barbir              N

Prateek    Mishra         Y

Vamsi    Motukuru         Y

Ben        Hammond         Y

John        Linn              Y

Rob        Philpott         Y

Martijn    de Boer                  

Pete        Wenzel                  A

Ronald    Monzillo         Y

John        Weiland         Y

Hans        Granqvist         Y

                           

                           

yes             14

no              8

abstain          9

Paul move to clarify charter to indicate OTP work is in scope (OTP one time password token profile), to add it to the deliverables.

Abby - seconded

Kellvin - Oasis must call the vote

Mary - believes Paul is asking whether the TC needs to change the vote. Any work undertaken by the TC may be appealed to TC admin.

Mary - Appeal to TC admin 

TC votes they would like to clarify the charter and undertake the work item with wording as to what the charter should say.

You can't clarify the charter and change it - these are two separate processses.

Why must whole TC take up the issue?

TC has voted to create an OTP profile.

Rob Philpott objects to Paul's motion. My opinion that when TC accepts work item - its supposed to be in scope. There is an appeal process whereby 3 or more can appeal. - Withdrawn

Hal - agrees - 

Tony - you can always call for a clarification.

Chris - vote on the final text of the charter clarification.

Paul withdraws motion to clarify charter, Abby agrees

•    ✓    5    Issues list review    10.4.05 10:25:16 AM

Pending Review

430 - comments on the call from Mishra/Oracle: closed w/out objection

432 - : closed w/out objection

433 - : closed w/out objection

434 - schema corrections to SAML token 1.1 (scott cantor): closed w/out objection

436 - comments from Mark Wahl: closed w/out objection

437 - comments from Mark Wahl - username profile: closed w/out objection

438 - comments from Wahl - : closed w/out objection

Pending

334 - XML Id Issue: Tony Nadalin to incorporate changes: closed w/out objection

404 - RFC 4120 and 1510: Tony - changes made, not on list: pending

405 - (405 done, 429 not complete- monzillo): move to PENDING REVIEW

429 - still being discussed; ron and gudge discussion, about encrypted key - related to kerberos token profile. Ref type should be changed to token type (gudge): OPEN w/out objections

Kelvin - for J Hodges - 428 "closed because no action proposed" - Gudge to take AI to trace 428 and was Jeff's proposal on the table when voted. 

439 - comments from J Hodges on call - referenced but not cited. Editorial Fixes - changes made, not posted (tony): Status Pending

443 - J Hodges - WSU timestamp description: made not posted (tony): PENDING

OPEN

444 - WSS Page contains 10.04 errata - but have backed out certain errata. Paul requests  it be taken out when fixed or adopt proposal via x.509v3 suggestion. Make errata reflect changes in 1.1 document (Paul). X.509 URI's are out of sync with current version (1.1) of the document. (Paul) Wants errata to reflect multiple decisions. (Gudge) replace "#X.509" with "#X.509v1". (Tony) we'll be breaking 1.0 versions by doing this. (Paul) by leaving the "incorrect" URI in the errata will encourage people to continue to do the wrong thing.

No objections to making the errata changes (URI Only).

Gudge - Net effect of three issues is to "fix" URI reference.: remains OPEN

427 - : CLOSED w/ no action w/out objections

435 - pratik sent a notice to vijay leaving a couple of items. (tony) open item of formal comback. (chris) have to close public comments - missing a few issues from public interop., related to 431: OPEN

445 - changes from erratta no included in v1 - editorial change: moved to PENDING

446 - clarification for STR transform, request someone to make changes and propose text. (Gudge takes AI): OPEN

440, 441, 443, (Chris) Wants some discussion on the list so wee can close these.

•    ❑    6    Public review status/outlook for 1.1 final phases    

▼    ✓    7    Other business    

    ▼    ✓    Final Roll - Call    

    •    ✓    Mike McIntosh    

    •    ✓    Gudge    

•    ✓    8    Adjournment    10.4.05 10:59:42 AM

Motion to adjourn and second.

_____________________________

PDF Version: 

WS-SEC TC Minutes 10.4.2005.pdf

OPML Version:�

WS-SEC TC Minutes 10.4.2005.opml

smime.p7s