XML Key Management Services WG

DRAFT 14th November 2001 XKMS Teleconference Minutes
Chairs: Stephen Farrell, Shivaram Mysore
Note Takers: Shivaram Mysore, Stephen Farrell & Jean Pawluk

Participants

• Shivaram Mysore, Sun Microsystems
• Frederick Hirsch, Zolera
• Stephen Farrell, Baltimore Technologies
• Mike Just, Entrust
• Phill Hallam-Baker, Verisign
• Yassir Elley, Sun Microsystems
• Rich Salz, Zolera
• Ed Simon, XML Security
• Donald Eastlake, Motorola
• JP Morgenthal, IKimbo
• Blair Dillaway, Microsoft
• Mack Hicks, Bank Of America
• Jermey Epstein, webMethods
• Gareth Richards, RSA Security
• Joe Pato, HP
• Jean Pawluk, Conclusive Logic

Regrets

• Joseph Reagle, W3C

Charter & Proposal

• Shivaram: Does everyone understand this and do you see any problems
  with it? For Charter and Proposal docs, see attachments in this email.
• Frederick:
  
  • Mission Statement: "for public key" in 2nd para. May want to include symm key info? possibly delete public key?
  • Mission Statement: instead of "underlying pki" use "possible underlying pki"
• Mike Just:
  
  • Charter: Requirements - item 2 - "Evaluate XML Query ..." make a note of it in the requirements document and we may possibly have to say "it may not be usable at this time as the specs are still unclear"
  • Charter: Coordination with other groups - WAP Forum - xkms profile, nothing happening now as XKMS spec is not defined.
• Farrell: "everyone ok with charter given that we can't modify it when its before the AC?" Answer - "OK for now"

Status Update

• 23rd Nov is the last date for your AC rep to vote. Remind them.
• To find your AC Rep, see Joseph's email
• Shivaram went over the scope as per the charter. No alarms were raised.

Face to Face details

• Date: Sun, December 9th, 2001
• Venue: Salt Lake City, UT in conjunction with IETF meeting (see http://www.ietf.org/meetings/IETF-52.html)
• Time: Noon - 5PM (probably)
• XKMS Tutorial presentation for first ½ hour or so
• Main topic of discussion - Requirements document
• Time to discuss specifications near the end
• IETF participants are welcome to attend and announcement will be sent to the IETF security area list

Requirements Document

1. Mike J: Sources for the requirements were:
   
   • Position papers from workshop
   • Yahoo xml-trust mailing list
   • Activity Proposal
   • Charter
   • Earlier F2F meeting on July 19 in Redwood City, CA
   • Templates were obtained from XML Encryption WG

   (Frederick H mostly lead the discussion of specific issues)

2. Message Integrity for XKMS key registration Issue
   
   • Phill: If you use TLS you need X509 certificates
   • The requirements document should reference mechanisms (e.g. TLS/XMLDSIG) that could be used for transcation security and then the specification can state which are rerquired and which optional.
3. Privacy Issue
   • Do we need to address and fetch privacy policy from Trust server for Key Registrations. Should this be a requirement?
   • Mack: internal cases don't need it
   • Things could get ugly if we combine Key Management and Privacy Policy
   • Defer to P3P for most cases. Blair mentioned that HTTP contact headers could be used also, we should acknowledge and refrence P3P
   • Shivaram: May be we should document how to use P3P with XKMS
4. Asynchronous Communication Issue
   
   • Most registrations are asynchronous in some part and hence this will be required - X-KRSSS
   • X-BULK will need it. Since there is no guarantee on how long process will take to process registration request
   • No obvious cases for asychronous X-KISS were raised
5. Private Keys, Key Escrow & Recovery Issue
   
   • Key Escrow: The scenario for roaming needs to be modeled and presented to group
   • Key Recovery: Phill: desktop enc requires key recovery, but could argue that requiring central key gen is the way to do this
   • Blair: probably ok for this version, maybe some folks would be concerned
   • Centralized key generation & not distributing key in xkms. Frederick to describe a use case
   • In delegated model of signing or services would you always want the key to be passed? - Cases for Smartcards and WAP phones are handled by X-BULK.
6. Trust Issue
   
   • Security of XKMS should not depend on SOAP Security (there is none!!)
   • Don't have dependency on XTAML. See what is required for XKMS and include it in this spec.
   • Phill: Regarding XTAML, draft exists, not proposed anywhere - waiting for soap security & saml to advance more, no IPR as far as I know
   • W3C states you can't put dependency on standards that aren't finished yet.

Contributor / Participant policy

Same as encryption/signature: will need folks to send a mail saying they'll be "good" when WG is offiical if they want to be listed as contributors/participants, details later.
No one had a problem with that.

Action Items

1. Blair, Phill, Jeremy to check with their AC Reps regarding Copyright info
2. Everyone: remind your AC Reps to vote
3. Shivaram, Stephen - Send reminder to the list setting the deadline for feedback on this version of the requirements document
4. Stephen - Send email to IETF saag list announcing F2F
5. Everyone: send comments on requirements to the list by close-of-business Friday 16th (which really means before Monday morning:-)
6. Frederick: send a mail to list regarding Privacy & P3P issue
7. Mike, Frederick: Produce another version of the requirements document by Friday 23rd Nov
8. Phill: Produce another version of the base specification by Friday 23rd Nov