6th September 2002 XKMS F2F - Minutes
Chairs: Stephen Farrell, Shivaram Mysore
Note Takers: Mike Just, Blake Dournaee
$Revision: 1.3 $ $Date: 2002/09/13 16:52:22 $
Attendance
- Shivaram Mysore, Sun Microsystems Inc
- Yassir Elley, Sun Microsystems Inc
- Slava Galperin, Sun Microsystems Inc
- Phill Hallam-Baker, Verisign
- Merlin Hughes, Baltimore Technologies
- Mike Just, Entrust
- Brian LaMacchia, Microsoft
- David Cross, Microsoft
- Joseph Reagle, W3C
- Michael Helm, ESnet
- Peter Rostin, RSA Security
- Blake Dournaee RSA Security
- Eric Cohen, PWC
Via Telephone
- Ed Simon, XMLsec Inc.
- Stephen Farrell, Baltimore Technologies
- Frederick Hirsch, self
Agenda
Welcome & Agenda Bashing: Chairs
- Mike Just and Blake Douranaee taking minutes (thanks).
Status Update
- All previous action items as per the July 2002 telecon have been
resolved.
WS-Security Meeting Update - Phill Hallam-Baker, Yassir Elley
- The innagural ws-sec meeting was held the two days prior to the XKMS
meeting.
- Relationship of WS-Security to XKMS. Scope of WS-Security is one step
towards web services security. Time scale between 3 months and 6 months
for WS-Security. Four input documents, adendum. One core document and
four profile documents (X.509 certs, SAML tokens, XRML tokens, Kerberos
Tokens). Confidentiality requirements for XKMS should be fulfilled by
WS-Security; should we wait until WS-Security SOAP extensions to finish?
XKMS WG may generate a document that shows how to use XKMS with
WS-Security.
- It was decided that the information pertaining to ws-sec should be
split from part II of the XKMS specification (see Issues List - Issue1).
- There was discussion as to whether a profile document for an XKMS token
made sense, though there was no consensus on what an "XKMS token"
is.
- It was decided/confirmed that Yassir Elley would be the bidirectional
liaison between ws-sec and XKMS.
- There was some discussion regarding XKMS reliance on ws-sec for
authenticity and confidentiality. For example, Brian question
whether we should pull the nonces and replay out of XKMS and move them to
the transport layer. It was felt that we must be able to support a
multitude of transports which may or may not provide this support
securely. Also, the "super-encryption" of requests and responses was
considered. It was decided that they should "play well together", but we
don't want to have a normative reference to SOAP/XMLP. Therefore,
we should have independent support for authenticity and confidentiality.
There didn't appear to be clear consensus on whether some form of
payload encryption must be described (remembering that the private key
data will be encrypted anyway) though it doesn't seem harmful to
include.
- Regarding licensing, Yassir indicated there are 3 Parts to the IPR
statement: 1. Copyright 2. License Terms. 3. Non-revenue generating,
Royalty free
- There was some discussion regarding the "ownership" of any
submission/e-mail/"cut-and-paste" we make to ws-sec (cf. the document
mentioned above describing the relationship between XKMS and ws-sec).
Joseph and Yassir will investigate further though it was felt that
allowing ws-sec to refernce relevant parts of our documents would be
sufficient.
XKMS Specification - Phill Hallam-Baker
- The presentation slides are available here
- Phill went through the outstanding issues that he had gathered.
In particular, there were numerous issues corresponding to emails
from Frederick, Blake and Joseph. There were also some additional
outstanding issues.
- A complete list of issues raised at this meeting and their proposed
resolution is captured in the Issues List. Issues
discussed at this F2F meeting will cite these meeting minutes as part of
their proposed resolution details.
X-BULK Profile - Merlin Hughes
- Merlin didn't present on X-BULK as it was decided to include relevant
X-BULK material in the main specification (though an X-BULK profile
document will still exist), and the related issues were already discussed
by Phill during his presentation.
Group Overview - Shivaram Mysore
- The presentation slides are available here.
- Shivaram gave an overview of the current deliverables within the
working group. In particular, there will be a
deployment/implementation blueprint/guideline that needs to be prepared.
Shivaram volunteered to prepare this document.
Action Items
- Phill, Joseph: Information pertaining to ws-sec should be split from
part II of the XKMS specification and a separate document created (see Issues
List - Issue1).
- Joseph and Yassir will investigate the implications (e.g. IPR) of
submitting anything to ws-sec, i.e. perhaps they can just reference it.
In response to Joseph's email,
Chairs to work with Phillip to see what exactly needs to be done and then
propose to the WG.
- Numerous action items related to specific changes in the specification
are listed and more thoroughly described in the Issues List and are not
repeated here. Actions taken at this F2F meeting will cite these
meeting minutes as part of their proposed resolution details.
- Mike Just will compile the issues and produce an Issues List capturing
outstanding issues and their proposed resolution.
- Joseph will investigate what is required in preparation for interop
testing once the XKMS becomes a Candidate Recommendation (which should be
on or about December 2002). Joseph
suggests looking into interop work done by dsig and xenc. Also in
the suggestion is to look at the Quality
Assurance document which includes guidelines and techniques for
conformance.
- Stephen and Shivaram will re-work the charter to update the deliverable
dates and some other small changes.
- Meeting minutes and the Issues List are to be published the middle of
next week..
Summary/Close: Chairs
- SM: The next telecon will be on October 1, 2002.
- Our goal should be to have stable specs by the end of October so that
we can move to Candidate Rec by year-end.