[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [VER 2] WS-SX TC Minutes, Mar 28 2006
Added roll call. WS-SX TC Minutes, Mar 29 2006 Summary of new Action items: AI-2006-03-29-01 Gudge owes Prateek a response (to message 82) for issue 33. AI-2006-03-29-02 Tony Gullota to provide further examples illustrating issue 48 in time for the F2F. AI-2006-03-29-03 Martin Raepple will provide text for new section from issue 41 before the F2F. AI-2006-03-29-04 Marc Goodner to update interop doc with resolution of issue 47 before F2F. 1. Call to order/roll call Present: Jong Lee, BEA Systems, Inc.* Corinna Witt, BEA Systems, Inc.* Symon Chang, Blue Titan Software* Steve Anderson, BMC Software* Rich Levinson, Computer Associates* Yakov Sverdlov, Computer Associates* Dana Kaufman, Forum Systems, Inc.* Toshihiro Nishimura, Fujitsu Limited* Greg Whitehead, Hewlett-Packard* Paula Austel, IBM* Ching-Yun (C.Y.) Chao, IBM* Henry (Hyenvui) Chung, IBM* Heather Hinton, IBM* Michael McIntosh, IBM* Anthony Nadalin, IBM* Mike Lyons, Layer 7 Technologies Inc.* Jan Alexander, Microsoft Corporation* Paul Cotton, Microsoft Corporation* Colleen Evans, Microsoft Corporation* Vijay Gajjala, Microsoft Corporation* Marc Goodner, Microsoft Corporation* Martin Gudgin, Microsoft Corporation* Jonathan Marsh, Microsoft Corporation* Asir Vedamuthu, Microsoft Corporation* Norman Brickman, Mitre Corporation* Jeff Hodges, Neustar, Inc.* Frederick Hirsch, Nokia Corporation* Abbie Barbir, Nortel Networks Limited* Paul Knight, Nortel Networks Limited* Lloyd Burch, Novell* Steve Carter, Novell* Howard Bae, Oracle Corporation* Ashok Malhotra, Oracle Corporation* Prateek Mishra, Oracle Corporation* Alex Hristov, Otecia Incorporated* Martin Raepple, SAP AG* Werner Dittmann, Siemens AG* Tony Gullotta, SOA Software Inc.* Jiandong Guo, Sun Microsystems* Hans Granqvist, VeriSign * 2. Reading/Approving minutes of last meeting (Mar 22) http://lists.oasis-open.org/archives/ws-sx/200603/msg00091.html Adopted unanimously. 3. TC Logistics (10 minutes or less) - Proposal that this meeting be 1 hour to allow WS-I BSP to meet Agreed unanimously. - F2F need to confirm one last time attendance/dietary needs See information provided in for F2F logistics: http://lists.oasis-open.org/archives/ws-sx/200602/msg00131.html Please vote on the whether or not you will attend so there is an accurate count for catering etc. There were no questions about the F2F arrangements. 4. Issues list http://docs.oasis-open.org/ws-sx/issues/Issues.xml a) Review of action items ai-09 - Editors to check that XPath examples in WS-SecurityPolicy are fully namespace qualified. See: http://lists.oasis-open.org/archives/ws-sx/200603/msg00093.html Leave open until can be investigated further. AI-2006-02-15-04 - Prateek to propose resolution to Issue 20 before F2F Ongoing AI-2006-02-15-07 - TC members to come to the April F2F with data on when they would be ready to carry out SC/Trust interop. Ongoing. AI-2006-03-08-02 - Mike to provide better description(s) and a complete proposal(s) for issue 016 and issue 017 by the F2F meeting. Ongoing, will be done by then. AI-2006-03-08-05 - Frederick to provide alternative proposal for Issue 36 for the Mar 15 meeting. DONE. See resolution from March 22nd minutes: http://lists.oasis-open.org/archives/ws-sx/200603/msg00091.html AI-2006-03-15-01 - Gudge and Prateek to draft a new section "Guidance on creating New Token Assertions and Token Assertion Extensibility" for review by the TC (for issue 30). In progress. AI-2006-03-22-01 - Tony Nadalin to provide information on where the UML generated schema might be more restrictive than the SP schema. Ongoing. AI-2006-03-22-02 - Prateek Mishra to expand his additional scenarios to define the message RSTR's for the Bearer Assertion and HoK Assertions and to show where they are actually different. Ongoing. Follow up discussion on the list. b) Issues in Review status i003 Use of term "binding" in specs i009 Support for different key pairs for sign and encrypt in SP i010 Proof of possesion for security intermediaries i023 Properties for Algorithm Suite missing or wrong i025 Chap. 6.5 [Token protection] conflicts with chapter 8.3 and 8.4 i026 Chapter 6.7 [Security Header Layout] i027 When to include a token? i029 Which token to use to encrypt/sign in case of multiple tokens defined in a supporting token assertion? i032 WS-SP should permit Policy to specify the use of keys derived from passwords i034 Editorial comments on WS-Trust i036 Clarify term pre-authentication i037 Add element extensibility to RequestSecurityTokenResponseCollection/IssuedTokens i038 Clarify that ComputedKey optional i040 What values can be carried in a /wst:RequestSecurityToken/wst:Claims element? i045 Duplicate Id attribute values in Security Context example i049 Clarify that [Algorithm Suite] applies to message level cryptography and NOT transport-level cryptography i050 Clarify scope of Protection assertions TC agreed to add review to the F2F agenda. c) New issues i051 sp:RequireDerivedKeys is underspecified http://lists.oasis-open.org/archives/ws-sx/200603/msg00101.html There is a proposal, TC members should be prepared to discuss at F2F. d) Active issues i004 Paul Cotton Transitive closure spec dependencies Pending. Due before F2F. i008 Editors Need well formed XML examples Pending. Should be done by the F2F. i016 Michael McIntosh sp:SignedParts mechanism ACTION 2006-03-08-02 Mike to provide better description(s) and a complete proposal(s) for issue 016 and issue 017 by the F2F meeting. Pending. i018 Michael McIntosh absolute XPath expressions ACTION 2006-03-08-02 Mike to provide better description(s) and a complete proposal(s) for issue 016 and issue 017 by the F2F meeting. Pending. i020 Describe minimum acceptable lengths for P_SHA1 inputs AI-2006-02-15-04 - Prateek to propose resolution to Issue 20 before F2F Pending. i028 Werner Dittmann Multiple supporting tokens of the same type? See: http://lists.oasis-open.org/archives/ws-sx/200603/msg00079.html AI-2006-03-22-01 - Tony Nadalin to provide information on where the UML generated schema might be more restrictive than the SP schema. i030 Need a mechanism to identify token assertions Should be covered by Gudge and Prateek's action item: AI-2006-03-15-01 - Gudge and Prateek to draft a new section "Guidance on creating New Token Assertions and Token Assertion Extensibility" for review by the TC (for issue 30). i031 Clarification for UsernameToken assertion Pending on Issue 30. i033 Identify security header components that are encrypted No discussion by email has occurred since last week's meeting. AI-2006-03-29-01 Gudge owes Prateek a response (to message 82) for issue 33. Unlikely to be done before F2F. i044 What is an authorization token? See Tony's message (url not available yet) Authorization Token - Security token indicating a claimaint's entitlement. i048 Binding Assertions should support Operation subjects AI-2006-03-29-02 Tony Gullota to provide further examples illustrating issue 48 in time for the F2F. http://lists.oasis-open.org/archives/ws-sx/200603/msg00085.html Tony Gullota's proposal: http://lists.oasis-open.org/archives/ws-sx/200603/msg00065.html e) Pending Issues i041 Clarification on token propagation of SCT required ws-sc design AI-2006-03-29-03 Martin Raepple will provide text for new section from issue 41 before the F2F. i043 Missing enumeration for validate request type in the RequestTypeEnumdefinition i047 Does IssuedTokenOverTransport require client-side digital signature? AI-2006-03-29-04 Marc Goodner to update interop doc with resolution of issue 47 before F2F. 5. Other business a) F2F agenda discussion. Need time for interop scenarios discussion. No other requests for items on the agenda. b) Discussion of Prateek's interop scenarios. Mail discussion: http://lists.oasis-open.org/archives/ws-sx/200603/msg00092.html http://lists.oasis-open.org/archives/ws-sx/200603/msg00099.html Tony would like to see a case of an unsigned bearer token. Some disagreement as to how common or not this is. Clarification, Tony sees the message being signed which covers the token. Chris wants clarification on differences between message flows, not the message payloads. Greg is concerned that SP needs ability to indicate signing of bearer tokens. Discussion of difference between modeling uses of the protocol from message flows. Discussion of need for a single interop doc and agreement of selected scenarios. Discussion will continue at the F2F. 6. Adjournment The meeting adjourned at about 10:00am EST. Marc Goodner Technical Diplomat Microsoft Corporation Tel: (425) 703-1903 Blog: http://spaces.msn.com/mrgoodner/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]