Re: [xcbf] [Fwd: [security-jc] submission of OASIS work to ITU-T]

["Phillip H. Griffin" <phil.griffin@asn-1.com>]

Monica the notes follow from the XCBF meeting. And yes,
this name refers to the keyName component.

Phil

OASIS XCBF Meeting Notes - Baltimore, MD USA December 9, 2002

1. Change X9.84 references from 2002 to 2003.

2. Alessadro will post URLs to the XCBF list of public M1
   document containing defintions of terms that do not agree
   with some of the ones in our XCBF document.

   After review, we should suggest places in the XCBF document
   where it would be beneficial to refer to these M1 definitions.

   NOTE: All of the yellow highlighted terms in the current
   document indicate that I can find no location in the text
   where they are referenced. So these are all candidates for
   deletion. The question marks in the terms indicate that
   this definition is merely included because it is a term
   used only by one of the yellow terms. These will be deleted
   if the parent term is removed.

3. Search for use of "template" and see if we can better qualify
   our usage with "reference" or "sample", etc.

   NOTE: There were three uses of template outside of the
   definitions and terms. I inserted the word "reference"
   at all three locations to qualify.

4. Need to define cryptographic and security terms. Need to try to
   show where term definition comes from by using a reference in the
   definition of the term. We should use the most appropriate
   terminology (M1 for biometrics, X9/RFCs for security) for each
   of our terms.

5. Add hypertext links from usage of ASN.1 type names to the text
   area where they are first defined.

   NOTE: The editor attempted this and decided that he does not
   have sufficient bandwidth to accomplish this task.

6. For SignedData certs and crls, we need ECN to allow these
   components to be base64 encoded. Paul Thorpe will provide the
   XML EI.
  
7. Alessandro will submit for review and discussion a new first
   sentence to the document at lines 22-23 and 65-66 to the list.

   NOTE: Alessandro, please send this to the list.

8. PHG will check consistancy of usage of "component of Type" and
   "component of type Type" throughout document.

   Done. Any changes highlighted with revision changes flagged.

9. Finished Encrypted Content Information. Review should start
   back at line 1195, Fixed Key EncryptedData.



Monica Martin wrote:

>The revised document looks good.
> 
>Noticed though one question on:
>To verify the message authentication code, the user computes a MAC or
>HMAC on the biometric information using the same shared secret key
>identified by its name, and compares this result to the message
>authentication value received to determine the integrity of the
>biometric information.
> 
>Wouldn't name be keyName?
> 
>If not, let me know.  In addition, the notes I have from the meeting you
>sent were for WSS.  Are the XCBF document changes the representation of
>the meeting minutes?
>Just wanted to ensure I didn't miss something.
> 
>Thanks.
>Monica
>
>-----Original Message-----
>From: Phillip H. Griffin [mailto:phil.griffin@asn-1.com]
>Sent: Friday, December 20, 2002 7:10 AM
>To: [OASIS XCBF]
>Subject: [xcbf] [Fwd: [security-jc] submission of OASIS work to ITU-T]
>
>
>Maybe we'll get a similar opportunity when we finish XCBF.
>
>Still waiting for Paul and Paul to approve the face to face 
>document changes. And MM and BS and JL, I would 
>appreciate a quick review and vote please.
>
>Phil
>
>
>-------- Original Message -------- 
>Security JC:
>
>
>
>FYI - I have been approached recently by a representative from the ITU-T
>
>
>central secretariat, Richard Hill, who expressed interest in having 
>
>OASIS submit some of our completed work for approval under the ITU-T 
>
>process. OASIS was earlier in the year granted A.4 and A.5 recognition 
>
>by ITU-T, and they would like to see us take advantage of that 
>
>recognition by submitting some of our work. (This is similar to what we 
>
>are doing with the ebXML specs: submitting them to ISO for approval 
>
>under their process.)
>
>
>
>ITU-T is particularly interested in our security work, as that is a 
>
>topic that they work on quite a bit. I suggested that perhaps we could 
>
>submit the SAML, recently approved as an OASIS Standard, and XACML, 
>
>which we hope will also be approved soon. Richard thought that this 
>
>would be a good plan, and he and I will discuss how best to do this 
>
>under the ITU-T process while still allowing OASIS ownership of the work
>
>
>and retaining the right of the OASIS TCs to do further work on the
>specs.
>
>
>
>-Karl
>
>
>
>
>
>=================================================================
>
>Karl F. Best
>
>Vice President, OASIS
>
>+1 978.667.5115 x206
>
>karl.best@oasis-open.org <mailto:karl.best@oasis-open.org>
>http://www.oasis-open.org <http://www.oasis-open.org> 
>
>
>
>
>
>----------------------------------------------------------------
>
>To subscribe or unsubscribe from this elist use the subscription
>
>manager: 
>
>
>
>
>
>
>----------------------------------------------------------------
>To subscribe or unsubscribe from this elist use the subscription
>manager: <http://lists.oasis-open.org/ob/adm.pl>
>
>  
>