[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: OASIS WSS TC Minutes 2005-11-01 (without roll call)
OASIS WSS TC Minutes 2005-11-01 New Action Items None. 1. Call to order/roll call <roll call to be provided> 2. Reading/Approving minutes of last meeting (Oct 18th) [VER 4] http://lists.oasis-open.org/archives/wss/200510/msg00063.html [VER 5] http://lists.oasis-open.org/archives/wss/200510/msg00070.html [VER 5] adopted unanimously. 3. Issues list review http://www.oasis-open.org/apps/org/workgroup/wss/download.php/15131/OASI S%20Web%20Services%20Security%20Issues%20List%2080.htm a) Pending Review Issue 404 - Move to Closed Issue 439 - Move to Closed Issue 441 - Move to Closed Issue 443 - Move to Closed Issue 445 - Move to Closed b) Pending (Yellow) Issue 428 - Move to Pending Review Issue 431 - Move to Pending Review Issue 440 - Move to Pending Review Issue 444 - Done but not yet posted. Should be done on Nov 1 or Nov 2. Remains as Pending. Issue 446 - Move to Pending Review Issue 449 - Move to Pending Review FYI the Core Namespace is the following: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd Frederick to change the SwA Namespace to be like the Core Namespace (see above) from: http://docs.oasis-open.org/wss/wss1-1-SwAProfile-1.0.xsd to: http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1.xsd Related action item for which there was no issue: AI 2005-10-18-05 Tony to determine correct legal notices text (Mary to provide this text) and then the other Editor's should adopt the same text. Tony: Do SAML and SwA have the correct legal notice text? Thomas: REL will need to be checked. Ron: I did not change SAML. Frederick: SwA and Tony's docs have the correct text. Chris: The Editor's need to get the right legal text in SAML and REL documents. Ron: Is the title of the WSS Core document final as: "Web Services Security: SOAP Message Security 1.1 (WS-Security 2004)" Chris: Does anyone think we should change this title. TC: No response. Chris: Then the title of the Core spec will NOT be changed. Ron: Should the copyright be 2002-2005 in all the documents? Frederick: In the older documents yes. Paul: Note the Core spec currently says: >Copyright (C) OASIS Open 2005. All Rights Reserved. This should be changed to "2002-2005" in Core, X.509, Username, SAML and REL. This copyright can be "2004-2005" in Kerberos and SwA. c) Open Issue 338 - No progress. Issue 448 - Move to Pending. http://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200510/m sg00049.html Tony agreed to implement the missing three changes. Issue 450 - Move to Pending http://lists.oasis-open.org/archives/wss-comment/200510/msg00002.html Editor to change: a) The [XMLSIG] reference to remove the URI (http://www.w3.org/TR/xmldsig-core/): >[XMLSIG] D. Eastlake, J. R., D. Solo, M. Bartel, J. Boyer , B. Fox , E. Simon. >Signature Syntax and Processing, W3C Recommendation, 12 February 2002. b) In the Schema file change the URI from the undated reference to the dated reference for the Feb 2002 document. Ron: No change need to SAML. d) Closed Issue 391 - Abbie will post the [V1] of the document. Summary: We have edits pending to all the documents. e) New Issues AI 2005-10-18-03 Ron to raise a new issue to cover his proposal to make TokenType mandatory in the Kerberos Token Profile. http://lists.oasis-open.org/archives/wss/200511/msg00005.html After discussion of Ron's proposal the following changes were approved unanimously: a) Lines 227-228 (to match value at 220-221): Change "#Kerberosv5APREQSHA1" to "#Kerberosv5_AP_REQ" b) Line 160 Remove "and wsse11:TokenType". c) Line 161: Replace "for this token" with "for this attribute". d) Lines 202-204 Original text: "When a Kerberos Token is referenced using <wsse:SecurityTokenReference> the @ValueType attribute is not required. If specified, the URI listed above as Kerberos token type MUST be specified." Replacement text: "When a Kerberos Token is referenced using <wsse:SecurityTokenReference> the @TokenType attribute SHOULD be specified, and its value MUST be the URI that identifies the Kerberos token type as defined for a corresponding BinarySecurityToken/@ValueType attribute. The Reference/@ValueType attribute is not required. If specified, its value MUST be equivalent to that of the @TokenType attribute." Gudge: The sentiment is that the @TokenType attribute is optional but when it occurs its value must match the value from the table that defines the values for @ValueType. Chris: Mark this new issue as Pending. 4. Public review status & outlook for 1.1 final phases Ron: How will we process the Pending Review items? Chris: Let's get the documents posted by end of business on Wed Nov 2 and give the TC 24-48 hours to review the Pending Review issues. Then we can initiate any votes before the end of the week so we have some chance to make the monthly OASIS Nov 15 deadline. Chris: One ballot to make the draft Committee Specifications and the second ballot is to request standardization by OASIS. MOVED by Hal Lockhart, seconded Tony Nadalin The WSS TC approves the submission of the current WSS 1.1 documents as modified at today's meeting for Committee Specification vote. WSS TC also requests that the resulting WSS 1.1 Committee Specification be submitted for OASIS standardization. Adopted unanimously. 5. Other business None. 6. Adjournment The meeting adjourned at 9:00 PDT. /paulc Paul Cotton, Microsoft Canada 17 Eleanor Drive, Nepean, Ontario K2E 6A3 Tel: (613) 225-5445 Fax: (425) 936-7329 mailto:Paul.Cotton@microsoft.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]