WSAWG Minutes 09-May-2002
Scribe: Shishir Garg, France Telcom
1. Roll call, scribes for minutes/action items (15.30 + 5)
2. Agenda review, and AOB (15.35 + 5)
3. Approval of 2 May telcon minutes  (15.40 + 5)
4. Review action items  (15.45 + 5)
Action 1: Completed
Action 2: Chris: Notofication of Desc WG: Done
Action 3: David Booth: Post f2f registration page: Pending. Keep eye on
Action 4: Mike and Daniel: Generate a report on WSD Requirement: Pending
5. Status (15.50 + 10)
Chris: registration page still needs to be posted
Daniel: Moving ahead, correcting issues, collecting ballots, no plan to publish
until the balloting cycle ends.
Dave Hollander: Use Cases: Complete, except for teleconf confirmation for
Hugo: Too little time, the message was only for this week, too little time
Katia: Not recieved message.
Hugo: Was sent only to Mike and Chris.
Chris: USTF may have a 1/2 hour teleconf, if everyone is up to it.
Most can't make it, so it will be rescheduled.
Hugo: Not sure what to do.
Chris: Try to get a weekly slot for this group.
Use case team to start weekly meetings next week.
DaveH: None reported
6. Review of Requirements WD balloting results (16.00 + 15)
Proposals stemming from ballots: Security and interop ballot has closed.
Both got more than a super majority of yes votes.
Chris: Any concerns :
Daniel: Not voting as does not get the system. Surprised with the return
on the ballot, nit figured that it was over already. Surprised to the number
of replies with the notion of conformance. Not sure where this is going?
Chris: Purpose of the poll was to determine, based on current WD of Req.
doc, whether or not we're comfortable with the text, or generally agree but
require some word tweaks, or whether the item needs some serious modifications.
Daniel: Agrees to that. What are the results.
Chris: That's exactly what I'm doing. The balloting had 3 working days for
closing. For the results, anything that was greater than a certain level
are ready for removal of draft status. The question is that based on this
result, and also since there were some disagreements, it is useful to ask
the question about
Aisha : Found balloting extremely overwhelming, plus had e-mail problems.
Not in the position to accept or reject what you're saying, as not seen it
yet. Also, when you say we can live with, what does it mean?
Chris: What live with means, you might have worded it differently, but are
ready to move on to areas that need more discussion. Trying to find where
the consesus is in the WG. If its more than 66% as is, plus a lot more said
maybe. So even if you've not voted yet, it's not important yet.
Dave Hollander: It's not making a decision, helping Chris make a decision.
Mark B: OK with the process, going a bit fast for me since he's travelling.
SO he missed the deadline. Couple of days extra would be good.
DaveO: would like to second.
Hugo: W3C also having e-mail trouble, you might not be getting any e-mail
Chris: Willing to do an extension, but wants to avoid dragging the process
on, need to get closure, want to focus on other things like use cases etc.
Want to use the requirements doc as a guide to the future, to get some normalization
to our views.
Mark : It's a good indication of what everyone wants
Chris: Willing to postpone this for review.
Dave H: Got lot of e-mail from Chris about some discussion points, lost the
context for those, need to narrow the ballot down.
Chris: The process needs you to put your concerns into the e-mail in case
there is some disagreement. Chris sent e-mails on topics to stimulate some
discussions on the topic, to get additional feedback.
DaveH: Understands the process better now.
Chris: It's already going to take 2-3 weeks to complete this process, extending
it further may impede our progress before the next f2f
DaveO: Maybe the issue is that there are too many line items to vote on,
we overdid ourselves in coming up with a number of these.
Chris: This was supposed to be in line with time-to-market issues, etc.
DaveO: Not raising a concern about the process, but raises a lack of pruning
of the content, leaving the group with a lot of stuff to do.
Chris: This is
Mark: What if we just validate that at the rather than a requirement level.
A CSF will apply to all the requirements under that.
Mark: If we ballot at the CSF level, we don't ahve to look at each requirement,
but look at them collectively
Doug: Understands, but interprets the suggestion to cut off the tree at a
depth of 3 rather than 5
Mark: DOes not matter if depth of 5 is important or not,
Chris: For the voting, does this mean that we look at
Daniel: Maybe once we got through the CSFs, and anything that's remaining
can be tackled later.
Chris: There's no later on our agenda.
Mike: Seems like we're pushing off the work then.
Mike: Agrees with the pushing off of work.
Chris: Hotspots can be anywhere... heartburn seems to exist regardless
Daniel: How long for the schedule for requirements gathering?
Chris: Should come from the use case process too. The requirement gathering
should be ongoing, this process should help us either agree or disagree with
the entries we already have. What to get the existing doc to supplement future
work going forward.
Daniel: Sounds like you were pushing the gathering process to some end goal
Chris: Want to put the phase that we're in past us. Want to clean the existing
doc up, it's not acceptable to many, but this process has not stimulated
the required discussions that are needed to clean things up. If time is an
issue, we can change it to 5 days, and will leave us with time for nothing
else before the next f2f. Need to have cross referencing with use cases,
CSFs, what is the scoping for the requirements that we need to have before
we can end up proposing things like a WS Security WG?
John: Maybe more complex, but to have these activities to go in parallel.
Chris: We've tried that with Security as the main concern. We all know we
need a Security WG, what is the documentation that we need to substantiate
John: Want to remove Draft status on all or some?
Chris: Some, not all. Where there is a lot of disagreement, those need to
be hamemered out, and will go on for a while. Want to get some out
Mike Mahon: Agrees that there are so many of these, it's not
Chris: What's the recommendation?
Mike Mahon: Want Out of Scope as a new option for the balloting.
Chris: Yes, live with, discussion, out of scope as a fourth option.
Mike Mahon: That would be good.
Chris: Ok, this can be done, I don't know how else this should be done.
Daniel: Likes the idea of concurrency.
Chris: 6 needs to be reopened. But want to avoid re-reopening over and over
Daniel: Once the draft status is completed, we need to have concurrent discussions
on closed ballots.
Chris: Absolutely. this is not that hard, and needs to take up less time
than it seems to be taking right now.
Suresh: Agrees with a lot of the comments, takes some efforts to vote, but
also helps in looking at issues more closely. Would like some areas to be
clustered more closely, propose to put Security behind us before moving on
to something else.
Joe: Not against reopening any ballots, else there'll be no end to it.
Heather: Thinks its an unfortunate timing, this will probably be the one
time when the ballot is reopened.
Joe: Remember Florida?
Daniel: Supreme court probably needs to be brought in ;-).
Chris: Opening up the Security ballot for voting until EOD Monday night.
I mean it this time. It's taking me 4 hours a day, so it's not trivial. Vote
when you can, but EOD Monday is final for Security
Action: Chris to send out a new scope for voting adding the new option
Chris: We need to focus our attention to areas that we differ our views on
Suresh: Will you be summarizing the final wording?
Chris: If the wording has to change, I want the champions (or others) to
propose alternate draft wordings, and we vote on that.
Suresh: I see things happening, but I don't see an established pattern.
Chris: The discussion will go on forever. We will close those things one
at a time, but at this point, we want to close some of the things that have
minimum or no disagreement.
Suresh: Report for each ballot?
Chris: Been doing reports for every single ballot.
Suresh: Expecting one consolidated report.
Joe: That is doable too.
Chris: That's not a good idea, as it will be an ongoing discussion.
Joe: SO no summary?
Chris: Summaries for only the results of the ballot?
Suresh: Yes, you did that.
Chris: How is that not a summary? The discussions are coming out of the ones
that people have some disagreement. This will result in reworded proposals,
Suresh: I would like to vote on reworded proposals already. It will make
it easier for some folks.
Chris: That will be the report.
Chris: They've not seen it as we've not done #6 yet. I was hoping to walk
out of this meeting and tell the editors to remove the D- from the
DaveO: Seems that when we come to a understanding, we have more questions.
We should take a small subset and vote on them to understand the process
DaveO: Concern: How confident are you at having a sufficient group in Paris
to meet the goals of the meeting.
Daniel: seconds the concern for oversees F2Fs.
DaveO: Does it cover 6 & 7?
Chris: No, only 6 and 8.
7. Review and consideration of proposals stemming from balloting (16.15
8. Discussion of thread on drafting WS Sec WG charter (16.35 + 20)
DaveO: We're pretty sure security is atleast one of the high priorities.
I think that there's enough proposals to build an iterative process to go
down the requirements , coarse to medium grtained requirements, and take
off charters to tackle these requirements. Since waterfall approach is missing
in getting a list of requirements, the WG will end up redoing
DaveO: Proposal: If we are comfortable with this process, what are the things
we could do with Security. I made a proposal for 4
auth, confidentiality, trust models, ... Is that good enough to kick off
a WG quickly.
I was also involved in SAML, but don't consider myself a security expert.
In general, most of the memebers are generalists, though some are experts
in some areas.
DaveO: Gist of the proposal: Pick the low hanging fruit for security.
Mark Jones: Concern about the grand RF debate. Don't think it's going to
help if groups have loose charters. Suggest
Daniel: It's too coarse grained to distinguish between RF and
Mark Jones: Under RF, charters have to be very precise.
Chris: Charter a group that goes off and do some general things, but feedback
suggests that we can put in the charter that requirments may be developed
in the architecture that may require fine-tuning of the charter. That will
go through the normal charter, when you work on this, anticipate the change
of the charter from the architecture group. The initial charter need not
Joe: About DaveO's proposal. Very much in favor of Would like to have DaveO
add the points mentioned into the original proposal. Still in agreement with
Mark Baker's proposal, its too early to launch a WG. From IETF experience,
some times the charter is too loose.
Daniel: Questions the way the group intends to work, and how we intend to
work this this group. Base the charter around the existing requirements for
DaveO: I thought these requirements were good for phase 1 of the security
group. In my thought and my company's thought, these requirements would hit
the 80/20 balance for security.
Daniel: We'll hopefully get experts on the security group. Won't they want
to write their own charters?
DaveO: Things the general issues outlined are general enough to ... In these
broad areas, it's probably safe to say that these are the things for this
group to work on first. Maybe we need to go through this once again, one
level deeper, to understand the scope of the requirement. In general, we
will take the requirements to a certain point from where the WG can take
Chris: Don't want to flesh the requirements in complete detail. Tell them
what needs to be done at a high level, and let the subject experts take it
Suresh: What is the threshold that decides on the formation of a WG? DaveO,
what is the criteria in your document that warrants a new WG?
DaveO: I don't mind, in this group, to say that based on our knowledge in
our jobs, for us to say that these areas have high priority. While it's nice
ot have a repeatable process, this is art to some extent. For a number of
reasons, my judgement says that atleast this topic is of high priority.
Hugo: W3C chartered this WG to spin off WGs. It's good if the WG thinks we
should work on security. It may be early to spawn a new WG, we should get
a subset of this group of 70+ to start digging down on security. If by July
end we have a good view of security, then it would be good to
Mark Baker: Agrees with Mark Jones on loose charters, RAND and RF etc. Agree
with the concern around opening up charters due to IPR concerns.
Doug: Its unclear that that is exactly what this group is going to plan to
charter just yet. We need to work more on the architecture before we start
to propose new WGs.
Abbie: I proposed a Task Force down the line, but before we do that, we need
to set up a workshop.
Hugo: If we feel we're missing experts, and we know some other experts, we
can bring them in as invited experts.
Abbie: Atleast one workshop per BOF.
Sandeep: Agree with Daniel, why thrash out a detailed model for each WG.
We need the workshop before we can .
Chris: Out of time. Feel free to fill out all ballots, and also #1 if you
feel necessary. Will give 5 days for all ballots going forward. I do want
to get this over with at the earliest.
ACTION: Chris to send schedule proposal: COMPLETE
ACTION: Chris, to notity Description group of Nov. dates: COMPLETE 
ACTION: David both to post logisticts and registration to SysReq, PARTIALLY
COMPLETE (logistics only) 
ACTION: ACTION: Mike and Daniel to generate report on Description requirements,
due next week: PENDING 
ACTION: Group members to register early and often once that page is made
ACTION: Use case team to start next week with a weekly meeting, after this
meeting preferred. Hugo will pursue / persuade. 
ACTION: Chris to extend Security ballot deadline to COB on 13 May. 
ACTION: All members who have not voted on Security ballot should do so by
new deadline 
ACTION: Chris to forward updated deadlines for other ballots. 
|Carnegie Mellon University
|Cisco Systems Inc
|Rogue Wave Software
|Rogue Wave Software
|Sun Microsystems, Inc.
|Sun Microsystems, Inc.
|Sun Microsystems, Inc.
||Anne Thomas Manes
|W. W. Grainger, Inc.
|W. W. Grainger, Inc.
an d Technology
|SeeBeyond Technology Corp
|TIBCO Software, Inc.
|T-Nova Deutsche Telekom
|Cisco Systems Inc
|The Thomson Corporation