W3C home > Mailing lists > Public > www-ws-arch@w3.org > July 2002

[STF] STF Concall Minutes 7/29/02

From: Joseph Hui <Joseph.Hui@exodus.net>
Date: Tue, 30 Jul 2002 15:25:37 -0700
Message-ID: <45258A4365C6B24A9832BFE224837D551D1CF0@SJDCEX01.int.exodus.net>
To: <www-ws-arch@w3.org>

<TF Meeting Minutes 7/29/2002>

Meeting Date    07/29/2002
Meeting Time    12:00-13:20 PDT (US Pacific Day-light Time)
Duration        1 Hour
Chair           Joe Hui
Scribe          Joe Hui

(AB) Abbie Barbir, Nortel Networks
(AD) Ayse Dilber, AT&T
(HH) Hugo Haas, W3G
(JH) Joe Hui, Exodus
(HL) Hal Lockhart, Entegrity Solutions (OASIS Liaising Rep)
(SM) Steven Monetti, AT&T

From (DR) Darran Rolls, Waveset, due to travel.

Agendas & Minutes

 Are we sufficiently ready to recommend to the WG co-chairs to make
 last call on AG004's closure for the requirements doc?

  Pending Darran's elaboration on the management aspect of security
  and in light that the WG is going into recess later this week,
  this agenda item was put off.

  However, we did manage to address the need for Privacy requirements
  (in the WG's reqs doc) and reach a consensus that Hugo would turn
  the current Privacy sub-CSFs that actually read more like requirements
  into Privacy requirements, thus filling a previous void in the
  Privacy section of the reqs doc.

  It was also by consensus that the current wording being solidified in the
  public list for the glossary definition for Auditing was satisfactory.

 STF Deliverables this week

  On the "Scoping the requirements for the security working group" deliverable:
  The rough consensus was that the web services security work would
  be accomplished in phases:

     Phase 1: the layers 1 and 2 of the "Onion Model," namely:
              Confidentiality; Integrity; Authentication; Authorization.

     Phase 2: Non-repudiation

     Phase 3: Accessibility

     Phase 4: Auditing and (Security) Management

  It was perceived that there would be overlapping between phases, allowing
  for improvement and/or enhancement of work done in a previous phase.

  No resolution was reached whether Privacy would be a part of Security.
  Even if in the future a positive resolution can be reached,
  it's reasonable to assume now that the Privacy work will likely
  done in a Privacy track, (the traditional security classificaiton
  being the other track under Security,) where the phases will be
  determined by Privacy experts.  The STF would provide to the WG a
  succinct summary, with recommendations where appropriate.

  members do not have the chance to exchange notes in private, there
  is no point in doing colaborative writing.)

  On the "Security technologies tolLook at" deliverable:
  The team augmented the list that Darran initiated two weeks ago
  with few more items, and resolved that the delivery format would
  be to compile a list and to provide a terse description and
  reference pointer(s) to source(s) for each list item.

  On the "Security Usage Scenarios" deliverable:
  Hugo sent out to www-ws-arch a message pertaining to the latest
  integration efforts with Steve in security usage scenarios.
  Among the most note-worthy are the addition of Privacy scenarios,
  the need for ACL and Auditing scenarios (to be added).
  It is understood that the security usage scenarios will continue
  to be an on-going effort for sometime.

 Preliminary Discussion on the security workshop/BOF idea

  Whether Privacy is part of Security remains an open issue.
  There was the opinion that the security frame work should include
  privacy.  There was also the opposite opinion.
  This would be a good topic for a security workshop to work out.

  Abbie briefly made a case for holding a security workshop
  (as opposed to BOF or no-go) and would repeat the
  appeal in more details to the WG at large via www-ws-arch.

 Action Items:

 * Joe to draft a succinct summary for the STF's rough
   consensus on "scoping the requirements for the Web
   Services Security working group."

 * Abbie to compile the following list, which was initiated
   by Darran and subsequently augmented with additions per
   STF teamwork, by providing a terse description and reference
   pointer(s) to source(s) for each technology named.
   (The STF's assignment was to identified relevant security
   technologies "to look at, (i.e. no "to investigate" or "to
   harvest," so terse description will serfice.  In-depth
   discourse may be conducted over the publie forum on demand.

   [Darran couldn't join the concall due to travel, but in
    postmortem graciously volunteered to pitch in to do
    the OASIS portion.]

OASIS WS-Security

          - Spec

OASIS Security TC

          - SAML 1.0


          - XCBF

OASIS Provisioning TC

          - SPML

OASIS Access Control TC

          - XACML

OASIS Rights Language TC



          - Various security relevant elements

W3C XML Digital Signatures

          - XML-DSIG

W3C XML Encryption

          - XML Encryption


-        XKISS

-        XRISS

W3C SOAP 1.2

          - Security stuff


-        Security stuff in CIM










 * Abbie to make a case in the public list for holding a Web Services
   Security Workshop (as opposed to a BOF (or no-go)).

 * Hugo and Steve to continue the on-going efforts in security
   usage scenarios.  Much has been produced so far towards the
   usage scenarios document's end.  Due to the nature of the work
   where new usage scenarios or the needs for such arise during
   the progression of the work of the WSAWG, the STF, or the usage
   scenarios work itself, this has been recogized to be a protracted
   engagement.  Hence, status updates on usage scenarios in the future
   may switch to event based (i.e. consolidated reporting as situations
   warrant) instead of the time base.

</TF Meeting Minutes 7/29/2002>
Received on Tuesday, 30 July 2002 18:24:43 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:40:57 UTC