- From: Darran Rolls <Darran.Rolls@waveset.com>
- Date: Wed, 10 Jul 2002 17:28:39 -0500
- To: <www-ws-arch@w3.org>
The following summarizes today's initial SFT con-call. Logistics ========= Meeting Date 07/10/2002 Meeting Time 09:00-10:00 PDT (US Pacific Day-light Time) Location Dial-in Number: 613-765-0160 passcode: 3935229 # Duration 1 Hour Chair Joseph Hui Scribe Darran Rolls Present ======= (AB) Abbie Barbir, Nortel Networks (JH) Joe Hui, Exodus (HL) Hal Lockhart, Entegrity Solutions (SM) Steven Monetti, ATnT (KS) Krishna Sankar, Cisco (DR) Darran Rolls, Waveset Agenda Item: Set-up & Context ============================= (JH) After the WSA-WG F2F2, there was consensus for the urgent formation of the STF. Obvious concern about how to balance time to market and starting this activity whilst the general architecture is not defined. (JH) Security requirements have moved from draft status [1][2]. (JH) Formation of task force has three goals: 1 scope requirements for new groups charter. 2 recommend technologies for investigation (harvesting). 3 develop use cases and subsequent scenarios for security, extending from work of USTF. Consensus that security UC's should be harvested, extended where necessary and includes as an extension of the USTF work. (DR) to champion how this would be structured. Agenda Item: Resolve all Qs arising from the briefing ===================================================== (JH) Question on privacy. Is in or out of the STF scope? Hugo is championing privacy (not on this call) will have to further consult with him. (KS) It should be included in STF. (HL) +1. (JH) Note consensus of this group that it's going to be very hard to separate privacy from security. This will need to be reviewed by the wider WG. (AB) Propose holding a workshop on security to better help set the charter requirements. Solicit input from app dev, equipment manufacturers and general WS community. (KS) +1. (JH) To raise this question at WSA telecon tomorrow. Planning ======== (JH) Deliverables for STF phased/prioritized based on a proposed layering model. The model comprises, in descending priority: 1) Confidentiality, (Data) Integrity, Authentication; 2) Authorization; 3) Non-repudiation; 4) Accessibility 5) The remainder of the WSAWG sec requirements, including Auditing. (HL) Don't see it's possible to separate AuthN from AuthZ in this context. (JH) Need to consider this on list. (KS) This is our chance to get this right. (DR) Need to understand how WSS@OASIS effects timing/planning. (KS) Job of this group to help work this out. (AB) This model needs to be discussion in the proposed workshop. (JH) Consensus that STF would try and get the three deliverables ready for 7/29/2002. Action Items ============ - (STF) Clarify levels of security model in glossary. - (JH) Discuss an STF workshop prior to next F2F #3. - (DR) Notify/liaise with USTF to establish structure for security use cases/scenarios as part of general USTF docs. - (JH) Send an updated "security onion" model to the WSA list References ========== [1] http://www.w3.org/TR/2002/WD-wsa-reqs-20020429#AC006 [2] http://www.w3.org/TR/2002/WD-wsa-reqs-20020429#AC020
Received on Wednesday, 10 July 2002 18:29:10 UTC