WSAWG Telcon Minutes 2002-06-27

Scribe: Jens Meinkoehn

Agenda, Attendance, Action Items, IRC log, Resources

1. Roll call, scribes

2. Agenda review and AOB

- comments on agenda? hearing none agenda is approved
- AOB: Discussion of OASIS WS-Security TC in favour of Frank McCabe's proposals
on new CSFs, goals etc.
- encourage WG members to read proposals, discuss on WSAWG public mailing list
- Frank McCabe's proposals will be itemized on next TelCon (July 11) agenda
- no TelCon on July 4 due to US holiday

3. Review/approval of Paris F2F minutes [1]

- minutes have been posted, any comments?
- no comments/objections heard, minutes approved, will be made publicly available
  on WSAWG home page

4. Review action items [2]

- all action items done
- re AI#2, I have no minutes from June 20 call due to system crash

- I'll post them to you...

- I just remembered: we want to use XML schema as preferred technology
- recorded as action item (cf. IRC log)

5. Status WS-CG, Editing team, USTF, RTF


- had joint meeting
- discussed templates, will be prepared by end of July
- discussed Chris' status as WSAWG chair, currently regarded as temporary

- we also discussed last call for SOAP 1.2

- any volunteers for reviewing SOAP 1.2?
- Anne Thomas Manes, Hugo Haas, Yin Leng Husband will volunteer...thanks!
- recorded as action item (cf. IRC log)
- take into account short review period, all comments at XMLP WG by July 19
- our reviews should be done by July 17, post on WSAWG public mailing list
- discuss reviews, comments during TelCon July 18
- all comments forwarded to XMLP on evening of July 18

Editing team

- had meeting, discussed administrivia

Usage Scenarios Task Force

- short meeting, identified 2 volunteers for security usage scenario
- David Orchard on encryption usage scenario
- Hugo Haas on authentication usage scenario
- Zulah Eckert, Martin Chapman volunteer as editors for docs on OMA/WS-I
- call for editors for usage scenario docs

- Martin Chapman said he'd volunteer to co-edit usage scenario docs

- I volunteer to contribute to usage scenarios task force...

Reliability Task Force

- we progressed on AC0018
- discussed terminology, phrases etc.
- glossary defined
- discussion on scope required

- 2 issues submitted to RTF
- will be discussed/defined next week

6. WS Security Announcement

- this item replaces agenda item #6 "New TFs formed" of original agenda

- URL for announcement posted on IRC (cf. IRC log)

- recap: WS-Security spec submitted by Microsoft, IBM and VeriSign to OASIS
- will there be a new Technical Committee for this?
- what will be the impact on WSAWG work?

- any IPR issues related to submission?

- OASIS IPR policy
- CFP next week
- IPR royalty-free!
- URL to IPR statement posted to WSAWG public mailing list[3]
- will WSAWG co-operate with OASIS WS-Security TC?

- not clear yet...

- WS-Security TC will take pressure off WSAWG...

- we should be looking for cross-pollination...

- WSAWG must work on security issues as WS security spec scope is limited
  to messaging security only
- WSAWG security scope is more comprehensive

- I agree! Let's concentrate on issues not covered by WS security spec, cover the gaps

- keep in mind that differences should be reflected in our deliverables...
- avoid repeat of work effort in WSAWG, OASIS WS Sec TC
- as it's on our own charter: what new WGs should we charter?

- OASIS has process for "cross-pollination"
- individuals may participate, fee is approx. US$ 200,-
- OASIS has no interest in conflicts with W3C/WSAWG

- our architecture document will become more important
- serve as guidance for WS security TC
- we should make the architecture document visible ASAP
- liaison is important

- SOAP is W3C issue, why is security extension of SOAP done by OASIS?
- the spec looks very SOAP-specific...

- anyway, this'll take some pressure off WSAWG
- question to Darran: is the <??>Joint Committee more security-focussed or
  more focussed on web services?

- the JC ensures consistency between TCs
- no overarching architecture by OASIS...

- the OASIS WS security TC will have no more impact than WS-I
- the requirements are still the same...

- WSAWG should re-think role of output documents wrt OASIS and WS-I
- limited impact of WSAWG on other groups?

- question to Dave: will OASIS accept our driving role?

- I don't know, W3C cannot influence OASIS chartering...

- I see several ways to proceed with this issue:

1. ignore OASIS WS security TC
2. acknowledge their work but focus more on overall WS architecture
3. co-operate with OASIS by e.g. supplying requirments, suggestions etc.
4. focus on more important areas of architecture than security
4a. pick other high-priority areas
4b. not focus on other high-priority areas but on general architecture document
4c. [DanielA] formal liaison with OASIS

- extra option: widen scope of planned(??) WSAWG WS security WG as opposed to OASIS
  WS security TC
- should liaise...

- consider the timing of announcement, CFP etc.!
- no OASIS WS security TC meeting until 45 days
- enough time for liaison set-up

- what do WSAWG members think of our options on this?
- consensus seems to be 2. + 3.

- I have two extra points:

1. endorse the fact that WSAWG plays no authoritative role
2. view this as wake-up call for WSAWG, our "time-to-market" is maybe not fast enough...

- so is there consensus within WSAWG that we will charter no new security WG?

[DanielA], [SureshD]
- don't agree!
- sub-team should look at security requirements

- I think it's too early to decide on whether WSAWG should work on security...

- maybe we shouldn't work on security at all?

- we should consider whether we should charter other groups at all...
- can we actually identify other important issues necessitating new WGs?
- maybe I do support option #4 after all...

- OK, so it's options #2 and #3, and look where #4 might fit in!
- Agreed!

- what about overlap between OASIS WS Security TC and WSAWG?

- let's deal with it when we get there...

- in case we set up a security sub-team, are there enough qualified people in
  this WG for this?

- there are many aspects of security that need to be addressed
- the planned W3C WS security WG would have much wider scope
- why not finish what we started...?

- I would agree with Joe, Suresh and Waqar
- we should suggest a formal charter for W3C WS security WG after publication
  of OASIS WS security TC charter

- again, options #2 and #3 are agreed, let's wait and see what we'll do about #4
- let's use the output of security sub-team to influence OASIS sec TC via liaison
- security requiremenst should be submitted to OASIS sec TC

- I'm afraid we're running out of time
- everybody consider these issues
- focus on harvesting effort
- no priority scope statement for security sub-team
- what are our priorities/what's next on our priority list?
- lead to new WGs chartered by November...

- again, no TelCon next week July 4
- agenda items 7., 8. and 9. must be deferred to public mailing list, next TelCon



Action Items:

ACTION: Editors to include AC010.1 as decided during the f2f meeting [1]
recorded in

ACTION: Anne, Hugo and Yin-Leng to review the SOAP specs by July 17 [2]
recorded in



AT&T Ayse Dilber
AT&T Mark Jones
BEA Systems David Orchard
Cisco Systems Inc Sandeep Kumar
Computer Associates Igor Sedukhin
Contivo Dave Hollander
DaimlerChrysler Research Hans-Peter Steiert
EDS Mike Ballantyne
EDS Waqar Sadiq
Exodus/Digital Island Joseph Hui
Fujitsu Frank McCabe
Hewlett-Packard Company Yin-Leng Husband
IBM Heather Kreger
Intel Corporation Joel Munter
IONA Steve Vinoski
MartSoft Corp. Jin Yu
Microsoft Corporation Allen Brown
Microsoft Corporation Henrik Nielsen
Nokia Michael Mahan
Planetfred, Inc. Mark Baker
SeeBeyond Technology Corp Ugo Corda
Software AG Michael Champion
Sterling Commerce(SBC) Suresh Damodaran
IBM Chris Ferris
Sun Microsystems, Inc. Doug Bunting
Sun Microsystems, Inc. Mark Hapner
Sybase, Inc. Himagiri Mukkamala
Systinet Anne Thomas Manes
T-Nova Deutsche Telekom Jens Meinkoehn
W. W. Grainger, Inc. Daniel Austin
W3C David Booth
W3C Hugo Haas
Waveset Technologies Darran Rolls
webMethods, Inc. Prasad Yendluri


Boeing Company Gerald Edgar
Carnegie Mellon University Katia Sycara
ChevronTexaco Roger Cutler
CrossWeave, Inc. Timothy Jones
DISA Marcel Jemio
Documentum Don Robertson
Intalio Inc Bob Lojek
Intel Corporation Sharad Garg
Ipedo Alex Cheng
Ipedo Srinivas Pandrangi
Macromedia Glen Daniels
MITRE Corporation Paul Denning
Nortel Networks Abbie Barbir
Oracle Corporation Jeff Mischkinsky
Rogue Wave Software David Noor
SAP Sinisa Zimek
SeeBeyond Technology Corp Alan Davies
W. W. Grainger, Inc. Tom Carroll


Apple Mike Brumbelow
Artesia Technologies Dipto Chakravarty
DaimlerChrysler Research Mario Jeckle
Ericsson Nilo Mitra
France Telecom Shishir Garg
Hewlett-Packard Company Zulah Eckert
IBM Jim Knutson
IONA Eric Newcomer
Macromedia Tom Jordahl
MartSoft Corp. Jun Chen
MITRE Corporation James Davenport
Oracle Corporation Martin Chapman
Rogue Wave Software Patrick Thompson
Software AG Nigel Hutchison
The Thomson Corporation Hao He
TIBCO Software, Inc. Scott Vorthmann
VeriSign, Inc. Michael Mealling
XQRL Inc. Daniela Florescu
XQRL Inc. Tom Bradford