WSS Minutes 2006-04-04 [VER2] With Attendance

[Michael McIntosh <mikemci@us.ibm.com>]

SUMMARY

NEW ACTION ITEM: Chairs to start electronic ballot on approval of the 
updated 1.0 errata as Committee Draft.

COMPLETED ACTION: Tony reviewed the minimalist profile and has the opinion 
that is no longer relevent.

AGREED: Drop the minimalist profile work item.

NEW ACTION ITEM: Tony to submit One Time Password algorithm.

> Agenda:
> REMINDER CALL WILL BE LIMITED TO ONE HOUR DUE TO WS-SX F2F
> 
> 1. Call to order/roll call

Michael McIntosh took minutes

Don Flinn took the role call

First Name Last Name         Company
Abbie      Barbir            Nortel Networks Limited*
Carolina   Canales-ValenzuelaEricsson*
Symon      Chang             Blue Titan Software*
Paul       Cotton            Microsoft Corporation*
Thomas     DeMartini         ContentGuard*
Don        Flinn*            Individual
Derek      Fu                IBM*
Hans       Granqvist         VeriSign *
Ben        Hammond           RSA Security*
Frederick  Hirsch            Nokia Corporation*
Chris      Kaler             Microsoft Corporation*
Kelvin     Lawrence          IBM*
Rich       Levinson          Computer Associates*
John       Linn              RSA Security*
Hal        Lockhart          BEA Systems, Inc.*
Michael    McIntosh          IBM*
ronald     monzillo          Sun Microsystems*
Anthony    Nadalin           IBM*
Kojiro     Nakayama          Hitachi, Ltd.*
Duane      Nickull           Adobe Systems*
Mike       Rudolph           Wells Fargo*
John       Weiland           US Dept of the Navy*
Greg       Whitehead         Hewlett-Packard*

Members
Jeff       Hodges            Neustar, Inc.*
Will       Raymond           Tibco Software Inc.*
Ron        Williams          IBM*

           Lost Voting Status
Gene       Thurston          AmberPoint*
Corinna    Witt              BEA Systems, Inc.*

Regained Voting Status
Will       Raymond           Tibco Software Inc.*

> 2. Reading/Approving minutes of last meeting (21st March 2006)[1]

Minutes read and approved - with addition of attendance

> 3. SAML 2 Interop status

Prateek not present so this item is defered until the next meeting.

> 4. Issues list (if any issues)

Kelvin asked Mike Rudolf to review the minutes of the last meeting for 
items that need to be tracked in the issues list.

Tony posted updated 1.0 errata - moved to approve as CD via electronic 
ballot (majority of voting members)

NEW ACTION ITEM: Chairs to start electronic ballot on approval of the 
updated 1.0 errata as Committee Draft.

COMPLETED ACTION: Tony reviewed the minimalist profile and has the opinion 
that is no longer relevent.

AGREED to drop the minimalist profile work item

***One Time Password Discussion***

Tony - initially was said we could not use UsernameToken to contain OTP, 
was said that addditional algorithm specifier was needed - now people as 
saying algorithm specifier is not needed.

John - there is a need to optionally convey algorithm

Chris - is it true that parameters are specific to each algorithm?

John - different classes of algorithms need different parameters

Hal - you can enumerate the total set of parameters then find the subset 
associated with a class of algorithm

Paul - some where questioning the proprietary algorithms, Phil mistook 
that we wanted to get rid of all of the algorithms

John - if we are designing a framework that is extensible why be concerned 
with any algorithms?

Chris - for interop

Mike - why isn't UsernameToken adequate?

John - goal is to be able to able to provide parameters in a way that is 
visible

Hal- when the profile was discussed people had said UsernameToken had not 
worked

John - If you used UsernameToken you would need a new profile for each 
algorithm

Hal - is there new work to do? does it involve new identifiers? and how 
much work is involved for each?

John - the intent is to provide a range of parameters

Hal - do we define identifiers for only documented algorithms? or do we 
include identifiers for undocumented/unspecified algorithms?

Ron - is it that we want to include a single algorithm an dthere is IP 
behind them?

Paul - several people pointed to the fact that the algorithms are 
trademarked and encumbered at the last meeting

Ron - why not make that algorithm the baseline of interoperability? would 
the submitters not agree to at least one?

John - the most common deployment situation will mean that the sending and 
receiving WSS node will not generate or validate the password

Chris - do you have an answer to Ron's question?

John - no.

Tony - IBM will submit an algorithm that is RF for a default algorithm.

Paul - wrt IPR statement made by submitters - action was that John would 
speak to Phil Hallem Baker - still pending?

Jonh - in progress between companies.

Chris - found statements from participants in RSA conference that is 
unclear wrt IPR on any other than RSA

Paul - need an explicit list of action items - explicit IPR statement 
beyond initial submissions

NEW ACTION ITEM: Tony to submit One Time Password algorithm

Paul: Propose to not have a call until IPR statement is clarified

Abbie: Seconded

Ron: There are open issues re SAML profile

Chris: Send issues to the list and we will decide whether to have a 
meeting in two weeks

> 5. Remaining business for 2006 (continuing prior discussion)
> 6. Other business
> 7. Adjournment

Mike: Moved to adjourn

Frederick: Seconded

Chris: Adjourned