With Abbie's affiliation Fixed -
• ✓ Call to order/roll call 10.4.05 9:04:28
Chairs: Kelvin Lawrence,
Secretary: Don Flinn
Minutes: Ron Williams
Maneesh Sahu Actional Corporation
Duane Nickull Adobe
Hal Lockhart BEA Systems, Inc.
Denis Pilipchuk BEA Systems, Inc.
Corinna Witt BEA Systems, Inc.
Rich Levinson Computer Associates
Thomas DeMartini ContentGuard
Dana Kaufman Forum Systems, Inc.
Toshihiro Nishimura Fujitsu Limited
Kefeng Chen GeoTrust
Irving Reid Hewlett-Packard
Kojiro Nakayama Hitachi
Derek Fu IBM
Kelvin Lawrence IBM
Mike McIntosh IBM
Anthony Nadalin IBM
Ron Williams IBM
Don Flinn Individual
Kate Cherry Lockheed Martin
Paul Cotton Microsoft Corporation
Vijay Gajjala Microsoft Corporation
Martin Gudgin Microsoft Corporation
Chris Kaler Microsoft Corporation
Frederick Hirsch Nokia Corporation
Abbie Barbir Nortel
Prateek Mishra Oracle Corporation
Vamsi Motukuru Oracle Corporation
Ben Hammond RSA Security
John Linn RSA Security
Rob Philpott RSA Security
Pete Wenzel SeeBeyond
Ronald Monzillo Sun Microsystems
John Weiland US Dept of the Navy
Hans Granqvist VeriSign
Steve Anderson BMC Software
Carolina Canales-Valenzuela Ericsson
Jeff Hodges NeuStar, Inc.
Blake Dournaee Sarvega
Will Raymond Tibco
Member that regained voting status after 10/4/05 Meeting
Steve Anderson BMC Software
Jeff Hodges NeuStar, Inc.
Will Raymond Tibco
19 REQUIRED - 31 ATTENDING - Quorum Achieved
▼ ✓ Reading/Approving minutes of last meeting (Sept 20th)  10.4.05 9:13:13
• ✓ Approved by unanimous consent (no objections registered)
▼ ✓ Review of actions from prior meeting minutes  10.4.05 9:14:30
• ✓ Actions are caught up - closed or made issues (Kelvin)
• ✓ One Time Password proposal (continue discussion and try to reach 10.4.05 9:14:37
Chris - limit discussion to 30 mintues
Paul Cotton - had questions answered during dialogue.
Paul Cotton - proposed way forward. Not convinced work is in scope for TC. Simple procedure: Have proponents move that work on OTP profile is in scope, triggering an electronic ballot to TC to determine whether or not this is to be a deliverable.
Hans - Seems ec vote would take a long time.
Kelvin - if such a motion was put forward - Oasis has 15 days in which to call an electronic ballot - + 7 to 15 days for actual vote, and Oasis is responsible for the ballot. We'd be clarifying the charter, not amending it.
Mary - 2/3 majority required for passage, no more than 1/4 voting no.
Rob - Work item is in scope - TC should decide whether we want to work on deliverable - asserts clarification not required.
Abby agrees with Paul as vote being the most efficient means to address issue.
Rob - TC has to decide whether or not TC wants to do the work, and then go forward with "official" mechanism (clarification vote).
Kelvin - decide as a TC how to close issue.
Ask chair to work with TC Admin to determine whether OTP profile is in scope.
Will (tibco) - RSA assures us that OTP is unencumbered.
Kelvin - This TC is still operating under old TC rules.
Paul - TC Admin will be reluctant to "rule" on scope issue.
Mary - a vote by the TC to
Abbie (Nortel) - Can we simply take a vote to see if the TC wants to do the work?
Hal - Only 3 or 4 individuals typically work on profiles, so issue of TC wanting to do the work boils down to those that do the work.
Kelvin - we get into situations that only a vote will break the stalemate. Pauls Proposal. Rob's work with TC admin offline. Mary said no admin ruling until a decision (vote) and appeal to admin.
Ron Monzillo - decide whether we want to take on the work.
(?) What is the objective of the TC following publication of the 1.1 specs.
TC - conversion to new IPR rules we have 18 months to switch or vote on shifting to new.
Hal - suggest a motion be made . . .
Hal - propose to do work - see if TC by simple majority wants to do the work. If yes, Paul can still call for formal charter clarification resulting in formal Oasis vote.
Hans - move to "vote on the amended proposal as sent out by john linn, 8.2005, WSS-OTP token profile.
Hal - seconded
Abby - seconded
Two questions on
Tony - framework or technology - unclear as to what is being proposed as input, output, and ipr. Text is unclear.
Hans - input - two existing OTP proposals - RSA produced, and one that Verisign has produced - no IP on Verisign producted. This is a framework, not a mechanism.
John Lynn (RSA) - conceptually parallel - a method independant framework - no proposal for a particuluar method - the methods themseleves are not in scope of this proposal.
RSA - no claims at the level of the document (IPR) - no claims and no evidence of any. Input document - won't submit if doesn't comply with IP rules.
Paul - have to disclose any IPR and that of any other contributor.
Asked and answered by RSA and Verisign
Will - proposal - do the work to create a framework who's purpose is to support a proprietary format
(discussion) disputes this . . .
Interop question - is there a common format to be implemented and support to enable interop testing.
Three companies attest to framework -
Paul - in the past - we actually physical interop testing - interop validates the framework - but underlying mechanisms don't need to be implemented by the participants.l
Hal - thinks there are one or more mechanisms that could be implemented for use in interop.
Only one framework in the past, and that was the core document.
Paul puts the questions -
Hal and Abby Seconds
Kelvin - Roll Call Vote
(Ron's unofficial tally:
yes no abstain
sandhu (no repsonse)
thurston (no response)
chen (no response)
foo (no response)
hondo (no response)
dubour (no response)
Hal - majority of non-abstenstions
14 yes - 8 no - 9 abstensions: Motion Carries)
Don Flinn's official tally:
Duane Nickull A
Hal Lockhart Y
Denis Pilipchuk A
Corinna Witt Y
Rich Levinson Y
Thomas DeMartini A
Dana Kaufman A
Toshihiro Nishimura A
Irving Reid Y
Kojiro Nakayama A
Kelvin Lawrence A
Mike McIntosh N
Anthony Nadalin N
Ron Williams N
Don Flinn A
Kate Cherry Y
Paul Cotton N
Vijay Gajjala N
Martin Gudgin N
Chris Kaler N
Frederick Hirsch Y
Abbie Barbir N
Prateek Mishra Y
Vamsi Motukuru Y
Ben Hammond Y
John Linn Y
Rob Philpott Y
Martijn de Boer
Pete Wenzel A
Ronald Monzillo Y
John Weiland Y
Hans Granqvist Y
Paul move to clarify charter to indicate OTP work is in scope (OTP one time password token profile), to add it to the deliverables.
Abby - seconded
Kellvin - Oasis must call the vote
Mary - believes Paul is asking whether the TC needs to change the vote. Any work undertaken by the TC may be appealed to TC admin.
Mary - Appeal to TC admin
TC votes they would like to clarify the charter and undertake the work item with wording as to what the charter should say.
You can't clarify the charter and change it - these are two separate processses.
Why must whole TC take up the issue?
TC has voted to create an OTP profile.
Rob Philpott objects to Paul's motion. My opinion that when TC accepts work item - its supposed to be in scope. There is an appeal process whereby 3 or more can appeal. - Withdrawn
Hal - agrees -
Tony - you can always call for a clarification.
Chris - vote on the final text of the charter clarification.
Paul withdraws motion to clarify charter, Abby agrees
• ✓ Issues list review 10.4.05 10:25:16
430 - comments on the call from Mishra/Oracle: closed w/out objection
432 - : closed w/out objection
433 - : closed w/out objection
434 - schema corrections to SAML token 1.1 (scott cantor): closed w/out objection
436 - comments from Mark Wahl: closed w/out objection
437 - comments from Mark Wahl - username profile: closed w/out objection
438 - comments from Wahl - : closed w/out objection
334 - XML Id Issue: Tony Nadalin to incorporate changes: closed w/out objection
404 - RFC 4120 and 1510: Tony - changes made, not on list: pending
405 - (405 done, 429 not complete- monzillo): move to PENDING REVIEW
429 - still being discussed; ron and gudge discussion, about encrypted key - related to kerberos token profile. Ref type should be changed to token type (gudge): OPEN w/out objections
Kelvin - for J Hodges - 428 "closed because no action proposed" - Gudge to take AI to trace 428 and was Jeff's proposal on the table when voted.
439 - comments from J Hodges on call - referenced but not cited. Editorial Fixes - changes made, not posted (tony): Status Pending
443 - J Hodges - WSU timestamp description: made not posted (tony): PENDING
444 - WSS Page contains 10.04 errata - but have backed out certain errata. Paul requests it be taken out when fixed or adopt proposal via x.509v3 suggestion. Make errata reflect changes in 1.1 document (Paul). X.509 URI's are out of sync with current version (1.1) of the document. (Paul) Wants errata to reflect multiple decisions. (Gudge) replace "#X.509" with "#X.509v1". (Tony) we'll be breaking 1.0 versions by doing this. (Paul) by leaving the "incorrect" URI in the errata will encourage people to continue to do the wrong thing.
No objections to making the errata changes (URI Only).
Gudge - Net effect of three issues is to "fix" URI reference.: remains OPEN
427 - : CLOSED w/ no action w/out objections
435 - pratik sent a notice to vijay leaving a couple of items. (tony) open item of formal comback. (chris) have to close public comments - missing a few issues from public interop., related to 431: OPEN
445 - changes from erratta no included in v1 - editorial change: moved to PENDING
446 - clarification for STR transform, request someone to make changes and propose text. (Gudge takes AI): OPEN
440, 441, 443, (Chris) Wants some discussion on the list so wee can close these.
• ✓ Public review status/outlook for 1.1 final phases
▼ ✓ Other business
▼ ✓ Final Roll - Call
• ✓ Mike McIntosh
• ✓ Gudge
• ✓ Adjournment 10.4.05 10:59:42
Motion to adjourn and second.
<WS-SEC TC Minutes 10.4.2005.opml>
<Minutes 10.4.2005 Final.pdf>