W3C home > Mailing lists > Public > www-ws-arch@w3.org > July 2002

[STF] Meeting minutes 7/10/2002

From: Darran Rolls <Darran.Rolls@waveset.com>
Date: Wed, 10 Jul 2002 17:28:39 -0500
Message-ID: <6244FCD1F88EC14BACDD2A319FD338242DC709@hawaii.waveset.com>
To: <www-ws-arch@w3.org>

The following summarizes today's initial SFT con-call.  

Meeting Date 	07/10/2002 
Meeting Time 	09:00-10:00 PDT (US Pacific Day-light Time) 
Location 		Dial-in Number: 613-765-0160 passcode: 3935229 #
Duration 		1 Hour 
Chair 		Joseph Hui 
Scribe 		Darran Rolls 

(AB) Abbie Barbir, Nortel Networks
(JH) Joe Hui, Exodus
(HL) Hal Lockhart, Entegrity Solutions 
(SM) Steven Monetti, ATnT
(KS) Krishna Sankar, Cisco
(DR) Darran Rolls, Waveset 

Agenda Item: Set-up & Context
(JH) After the WSA-WG F2F2, there was consensus for the urgent formation
of the STF.  Obvious concern about how to balance time to market and
starting this activity whilst the general architecture is not defined.  

(JH) Security requirements have moved from draft status [1][2].

(JH) Formation of task force has three goals: 1 scope requirements for
new groups charter.  2 recommend technologies for investigation
(harvesting).  3 develop use cases and subsequent scenarios for
security, extending from work of USTF. Consensus that security UC's
should be harvested, extended where necessary and includes as an
extension of the USTF work. (DR) to champion how this would be

Agenda Item: Resolve all Qs arising from the briefing
(JH) Question on privacy.  Is in or out of the STF scope?  Hugo is
championing privacy (not on this call) will have to further consult with
him.  (KS) It should be included in STF.  (HL) +1.  (JH) Note consensus
of this group that it's going to be very hard to separate privacy from
security.  This will need to be reviewed by the wider WG.

(AB) Propose holding a workshop on security to better help set the
charter requirements.  Solicit input from app dev, equipment
manufacturers and general WS community. (KS) +1. (JH) To raise this
question at WSA telecon tomorrow.

(JH) Deliverables for STF phased/prioritized based on a proposed
layering model.  The model comprises, in descending priority:

1) Confidentiality, (Data) Integrity, Authentication;
2) Authorization;
3) Non-repudiation;
4) Accessibility
5) The remainder of the WSAWG sec requirements, including Auditing.

(HL) Don't see it's possible to separate AuthN from AuthZ in this
context. (JH) Need to consider this on list. (KS) This is our chance to
get this right.

(DR) Need to understand how WSS@OASIS effects timing/planning.  (KS) Job
of this group to help work this out.  (AB) This model needs to be
discussion in the proposed workshop.

(JH) Consensus that STF would try and get the three deliverables ready
for 7/29/2002.

Action Items
- (STF) Clarify levels of security model in glossary.
- (JH) Discuss an STF workshop prior to next F2F #3.
- (DR) Notify/liaise with USTF to establish structure for security use
cases/scenarios as part of general USTF docs.
- (JH) Send an updated "security onion" model to the WSA list

[1] http://www.w3.org/TR/2002/WD-wsa-reqs-20020429#AC006
[2] http://www.w3.org/TR/2002/WD-wsa-reqs-20020429#AC020
Received on Wednesday, 10 July 2002 18:29:10 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:40:57 UTC