[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: DSS-TC 8 March 2004 meeting minutes
MEETING MINUTES FOR DSS Telephone conference Date: Monday, 08 March 2004 Time: 12:00 pm - 01:00pm Eastern Time Attendees: Voting Members: Hal Lockhart, BEA Systems Pieter Kasselman, Betrusted Mike McIntosh, IBM Anthony Nadalin, IBM Krishna Yellepeddy, IBM Juan Carlos Cruellas, Individual Andreas Kuehne, Individual Trevor Perrin, Individual Nick Pope, Individual John Ross, Individual Frederick Hirsch, Nokia Mobile Phones David Finkelstein, RSA Security Dimitri Andivahis, Surety Ed Shallow, Universal Postal Union Observers: Burt Kaliski, RSA Security Agenda: 1 Welcome by chair (Juan Carlos Cruellas) 2. Confirm Minutes Secretary (Burt Kaliski) Confirmed. 3. Roll Call. Quorum achieved (14 voting members, 9 needed) 4. Approval of agenda No discussion 5. Approval of minutes - 23 February 2004 - Approved 6. Review of outstanding actions (see below) * 04-02-23-1 - Trevor to take description of SOAP binding from another protocol defined by OASIS ( e.g. SAML), and add this to DSS core document with the editorial note that additional/special attention needed for this. Done, for XKMS and SAML. New action: AP 04-03-08-1: Trevor to add text for WSS. * 04-02-23-2 - Trevor to put in wording for handling this in Time Stamp profile Done. New action: AP 04-03-08-2: Trevor to add identifiers for alternative time-stamping profiles. * 04-02-23-3 - XAdES. Juan Carlos, Nick, Ed to discuss feasibility of protocol that supports both ASN.1 and XML and report at next meeting. Juan-Carlos will start discussion by e-mail tomorrow. * 04-02-23-3 (bis) - German Signature Law profile. Nick to get an idea of timetable from Andreas Kuehne Done. To be discussed at a later time. * 04-02-23-4 - on all. See how Policy wise server profile fits in with other profiles. Open. 7. Discussion on profiles 7.1 Report on the status of the work for each of the profiles. Expected time for first draft. - Time-stamp * First draft done. Trevor will add request identifiers for specific profiles. The verification protocol will reuse the SigningTime attribute from the core to indicate when the timestamp was produced. Some editorial comments have been given. Goal is to be ready for a committee draft by the next meeting. - Code-signing Pieter expects to have a first draft of the abstract profile by March 15. The next step is to have at least one concrete profile; schedule TBD. - EPM Ed expects to have a first draft in 2 to 3 weeks, and a final draft, optimistically, in 5 weeks. - Wsecurity Still in development. - XAdES Juan-Carlos indicated that the team working on this document has agreed to prepare an abstract profile from which others can be derived, and has decided to start with most general concrete profile. In the concrete profile, one may request an XadES signature by giving the identifier of one specific form, and may obtain signatures with different properties by enumerating the properties. He sent a fragment of the first draft today. He expects to finish the first draft in 2 weeks, for discussion at the next conference call. He requests that Ed check if he agrees with approach. - German Signature Law First draft is done. Andreas will simplify it to refer to external documents from German Signature Law rather than summarizing them. Question about how to request that attribute certificates be included in signatures. Juan-Carlos noted that "certified roles" in XadES may address this. - Policy wise server First draft has been posted. - Entity seal First draft has been posted. The signature specifies the identity of requester and signing time. Nick indicated that most aspects are straightforward. Question about how to indicate a "statement of intent". Free-form text, or something more specific? In this profile, or more generic? Group recommends the XadES "commitment type", which is an identifier, in "commitment rules" in the signature policy. Discussion to be continued. AP 04-03-08-3: Nick to start email discussion on Statement of Intent vs CommitmentType. - Judicial signing - Notarial No updates on these; expected later as legal framework develops. AP 04-03-08-4: Chairs to contact John Messing for update at next meeting. 7.2 Coordination document. - Brief report. http://www.oasis-open.org/apps/org/workgroup/dss/download.php/5446/oasis-dss -1.0-profiles-discussion-wd-02.doc Will wait until profiles done for further work. - Discussion on the template for the profiles. http://www.oasis-open.org/apps/org/workgroup/dss/download.php/5712/oasis-dss -1.0-profiles-XYZ-spec-wd-03.doc http://www.oasis-open.org/apps/org/workgroup/dss/download.php/5714/oasis-dss -1.0-profiles-XYZ-spec-wd-03.pdf Nick had sent comments to Trevor about the terms "protocol profile," "process profile," "signature profile"; profiles should be just of "DSS protocol". A non-normative summary should be given early in a profile document, e.g., Section 1.3. Document should indicate whether it is abstract or concrete (e.g., put "abstract" in title). 8. Report on status of Core document. References: http://www.oasis-open.org/apps/org/workgroup/dss/download.php/5706/oasis-dss -1.0-core-spec-wd-13.doc http://www.oasis-open.org/apps/org/workgroup/dss/download.php/5707/oasis-dss -1.0-core-spec-wd-13.pdf http://www.oasis-open.org/apps/org/workgroup/dss/download.php/5715/oasis-dss -1.0-core-schema-wd-13.xsd Trevor is adding some text on SOAP. Some comments to be resolved: - What type of URI for schema name space, currently URN, could switch to URL. - Paul Madsen's issue about supporting the case where an external policy authority signs some inputs that client includes with its request; use case currently being discussed. Also, "qualified name" should be changed to URI. Trevor will change this. 9 Work plan. -Plans for Committee Drafts of Core and TIme-stamp profile. Ready for committee draft by next meeting? Depends on progress in next two weeks. Goal to stabilize at next meeting, then finalize. -Approval and implementation plans. Hal reviewed the OASIS document approval cycle. Three members must attest to successfully using a proposed standard --- this could be three different profiles. The group will discuss in more detail at the next conference call. -Plans for the rest of the profiles. 10. Any other business No further discussion. 11. Confirm next conference call: 22th March 04 Confirmed. Close Respectfully submitted, Burt Kaliski, RSA Laboratories bkaliski@rsasecurity.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]