RE: [wss] WSS TC Minutes 2006-08-08 (with roll call)

wss message

Issue list #90 is posted. Please feel free to point out any errors of categorization etc.

Thanks,
...Mike Rudolph
IST Security Architecture
Wells Fargo Bank
Desk (415) 243-5299 ... Cell (415) 806-4815
These opinions are entirely my own and not necessarily those of Wells Fargo.
"This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation."

From: Anthony Nadalin [mailto:drsecure@us.ibm.com]
Sent: Tuesday, August 15, 2006 7:45 PM
To: Paul Cotton
Cc: wss@lists.oasis-open.org
Subject: Re: [wss] WSS TC Minutes 2006-08-08 (with roll call)

Can we get issues assigned to these items so we can track them and report on them ?

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122

"Paul Cotton" <Paul.Cotton@microsoft.com>

"Paul Cotton" <Paul.Cotton@microsoft.com>

08/08/2006 01:29 PM

To	<wss@lists.oasis-open.org>
cc
Subject	[wss] WSS TC Minutes 2006-08-08 (with roll call)

WSS TC Minutes 2006-08-08 New ACTION items: ACTION 2006-08-08-01 Chris to drive the TC discussion of which URI is being used for the X509 token. ACTION 2006-08-08-02 Tony Nadalin to investigate the history of the key derivation section in the errata and to post the history to the TC email list. ACTION 2006-08-08-03 Editors to produce 1.1 errata documents and revised 1.1 documents showing the errata changes by Aug 15. 1. Roll call Voting Members Kate Cherry Lockheed Martin* Paul Cotton Microsoft Corporation* Thomas DeMartini ContentGuard* Don Flinn* Individual Ben Hammond RSA Security* Frederick Hirsch Nokia Corporation* Chris Kaler Microsoft Corporation* Dana Kaufman Forum Systems, Inc.* Kelvin Lawrence IBM* Rich Levinson Oracle John Linn RSA Security* Hal Lockhart BEA Systems, Inc.* ronald monzillo Sun Microsystems* Anthony Nadalin IBM* Kojiro Nakayama Hitachi, Ltd.* Mike Rudolph Wells Fargo* John Weiland US Dept of the Navy* Pete Wenzel Sun Microsystems* Greg Whitehead Hewlett-Packard* Members Chen Kefeng GeoTrust Rich Levinson Oracle Corporation* Ron Williams IBM* Corinna Witt BEA Systems, Inc.* 2. Approve last minutes Jun 27 minutes:http://lists.oasis-open.org/archives/wss/200606/msg00003.htmlAdopted unanimously. 3. Issues list There is no updated issues list. a. WSS 1.1 X509v3 URI Problem - Section 8.3, Dana Khttp://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200606/msg00001.html === I don't know if this has already been reported but in WSS 1.1 section 8.3, the URI for X509v3 is incorrectly documented and conflicts with WSS X509 Certificate Token Profile 1.1. The incorrect URI is:http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#X509v3 The correct URI for X509v3 is:http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 == Hal's response:http://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200606/msg00004.html Tony Nadalin suggested removing the #X509V3 on line 158 of X509 Token Profile 1.1. Usages of the fragment id in the Token Profile should use the WSS Core base URI. Note that the #X509V3 value is defined on line 1399 of WSS Core 1.1:http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf Chris suggested that the TC members research which of the two URIs is being used (either the one from the token profile or the Core spec) before we determine what to change. ACTION 2006-08-08-01 Chris to drive the TC discussion of which URI is being used for the X509 token. Tony pointed out that the TC interop documents used the WSS Core base URI. b. Kereberos Token Profile Issues, Dana Khttp://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200606/msg00005.html The proposed errata were adopted unanimously. c. WSS X.509 Certificate Token Profile 1.1 Issues, Dana Khttp://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200606/msg00006.html >Line 177 (table 2) documents #x509v1 as one of four token types defined in the profile. The TC agreed unanimously to create an errata to remove reference to the #x509v1 token type. d. Another Small WSS X.509 Certificate Token Profile 1.1 Change, DanaKhttp://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200606/msg00007.html The proposed errata were adopted unanimously. e. WSS 1.1 Profile - minor word change, Dana Khttp://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200606/msg00008.html The proposed erratum was adopted unanimously. f. Another X509 Token Profile 1.1 URI Issue, Dana Khttp://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200606/msg00009.html The TC agreed that the correct URI is:http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1 since that is what the TC's interop documents used and what several products use. Change 1014 in WSS Core 1.1 and line 480 in X509 Token Profile 1.1 to use "Thumbprint" in the URI. This erratum was adopted unanimously. g. Key Derivation section in Errata for UsernameToken Profile 1.0http://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200607/msg00000.html ACTION 2006-08-08-02 Tony Nadalin to investigate the history of the key derivation section in the errata and to post the history to the TC email list. h. SWA 1.1 Profile Issues, Dana Khttp://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200607/msg00001.html Fredericks reply:http://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200607/msg00002.html The proposed errata were adopted unanimously including Frederick's additional change. i. Kelvin's forward The URL for this message is not yet available. Hal volunteered to make these comments on behalf of BEA. > Section 5.3: > All refered "Section 5.4.1" should be "Section 4.4.1" > All refered "Section 5.4.2" should be "Section 4.4.2" Frederick recommended that the above changes NOT be made. The rest of the SwA changes look okay. Tony recommended the other changes to other documents be adopted. The proposed errata (except for the above change to SwA Section 5.3) were adopted unanimously. 4. Next steps Kelvin pointed out the next TC meeting would be on Aug 22. Frederick asked if the TC wanted to do revised versions of the specifications or just errata documents. Frederick asked if the Editors should try to produce both documents before the next meeting? Paul asked where the "new errata process" was defined that Hal and Frederick had mentioned. Frederick and Hal indicated that it was forthcoming. Chris proposed the following time line: a) in the next week the Editors produce errata documents and revised documents b) we complete the outstanding action items for the next meeting on Aug 22 c) we meet on Aug 22 to review a) and b) d) we do an electronic ballot on the accumulated errata and updated documents after the Aug 22 meeting e) we have a another meeting approximately 6 weeks after the Aug 22 to process any subsequent errata. ACTION 2006-08-08-03 Editors to produce 1.1 errata documents and revised 1.1 documents showing the errata changes by Aug 15. 5. Any other business The Chairs asked for volunteers to supply teleconference support for future TC meetings. 6. Adjournment The meeting adjourned at 11:07 ET. /paulc Paul Cotton, Microsoft Canada 17 Eleanor Drive, Ottawa, Ontario K2E 6A3 Tel: (613) 225-5445 Fax: (425) 936-7329mailto:Paul.Cotton@microsoft.com