14th November 2001 XKMS Teleconference Minutes
Chairs: Stephen Farrell, Shivaram Mysore
Note Takers: Shivaram Mysore, Stephen Farrell & Jean Pawluk
Participants
- Shivaram Mysore, Sun Microsystems
- Frederick Hirsch, Zolera
- Stephen Farrell, Baltimore Technologies
- Mike Just, Entrust
- Phill Hallam-Baker, Verisign
- Yassir Elley, Sun Microsystems
- Rich Salz, Zolera
- Ed Simon, XMLSec
- Donald Eastlake, Motorola
- JP Morgenthal, IKimbo
- Blair Dillaway, Microsoft
- Mack Hicks, Bank Of America
- Jermey Epstein, webMethods
- Gareth Richards, RSA Security
- Joe Pato, HP
- Jean Pawluk, Conclusive Logic
Regrets
Charter & Proposal
- Shivaram: Does everyone understand this and do you see any problems
with it? For Charter and Proposal docs, see attachments in this
email.
- Frederick:
- Mission Statement: "for public key" in 2nd para. May want to
include symm key info? possibly delete public key?
- Mission Statement: instead of "underlying pki" use "possible
underlying pki"
- Mike Just:
- Charter: Requirements - item 2 - "Evaluate XML Query ..." make a
note of it in the requirements document and we may possibly have to
say "it may not be usable at this time as the specs are still
unclear"
- Charter: Coordination with other groups - WAP Forum - xkms profile,
nothing happening now as XKMS spec is not defined.
- Farrell: "everyone ok with charter given that we can't modify it when
its before the AC?" Answer - "OK for now"
Status Update
- 23rd Nov is the last date for your AC rep to vote. Remind them.
- To find your AC Rep, see Joseph's email
- Shivaram went over the scope as per the charter. No alarms were
raised.
Face to Face details
- Date: Sun, December 9th, 2001
- Venue: Salt Lake City, UT in conjunction with IETF meeting (see http://www.ietf.org/meetings/IETF-52.html)
- Time: Noon - 5PM (probably)
- XKMS Tutorial presentation for first ½ hour or so
- Main topic of discussion - Requirements document
- Time to discuss specifications near the end
- IETF participants are welcome to attend and announcement will be sent
to the IETF security area list
Requirements Document
- Mike J: Sources for the requirements were:
- Position papers from workshop
- Yahoo xml-trust mailing list
- Activity Proposal
- Charter
- Earlier F2F meeting on July 19 in Redwood City, CA
- Templates were obtained from XML Encryption WG
(Frederick H mostly lead the discussion of specific issues)
- Message Integrity for XKMS key registration Issue
- Phill: If you use TLS you need X509 certificates
- The requirements document should reference mechanisms (e.g.
TLS/XMLDSIG) that could be used for transcation security and then the
specification can state which are rerquired and which optional.
- Privacy Issue
- Do we need to address and fetch privacy policy from Trust server
for Key Registrations. Should this be a requirement?
- Mack: internal cases don't need it
- Things could get ugly if we combine Key Management and Privacy
Policy
- Defer to P3P for most cases. Blair mentioned that HTTP contact
headers could be used also, we should acknowledge and refrence
P3P
- Shivaram: May be we should document how to use P3P with XKMS
- Asynchronous Communication Issue
- Most registrations are asynchronous in some part and hence this
will be required - X-KRSSS
- X-BULK will need it. Since there is no guarantee on how long
process will take to process registration request
- No obvious cases for asychronous X-KISS were raised
- Private Keys, Key Escrow & Recovery Issue
- Key Escrow: The scenario for roaming needs to be modeled and
presented to group
- Key Recovery: Phill: desktop enc requires key recovery, but could
argue that requiring central key gen is the way to do this
- Blair: probably ok for this version, maybe some folks would be
concerned
- Centralized key generation & not distributing key in xkms.
Frederick to describe a use case
- In delegated model of signing or services would you always want the
key to be passed? - Cases for Smartcards and WAP phones are handled
by X-BULK.
- Trust Issue
- Security of XKMS should not depend on SOAP Security (there is
none!!)
- Don't have dependency on XTAML. See what is required for XKMS and
include it in this spec.
- Phill: Regarding XTAML, draft exists, not proposed anywhere -
waiting for soap security & saml to advance more, no IPR as far
as I know
- W3C states you can't put dependency on standards that aren't
finished yet.
Contributor / Participant policy
Same as encryption/signature: will need folks to send a mail saying
they'll be "good" when WG is offiical if they want to be listed as
contributors/participants, details later.
No one had a problem with that.
Action Items
- Blair, Phill, Jeremy to check with their AC Reps regarding Copyright
info
- Everyone: remind your AC Reps to vote
- Shivaram, Stephen - Send reminder to the list setting the deadline for
feedback on this version of the requirements document
- Stephen - Send email to IETF saag list announcing F2F
- Everyone: send comments on requirements to the list by
close-of-business Friday 16th (which really means before Monday
morning:-)
- Frederick: send a mail to list regarding Privacy & P3P issue
- Mike, Frederick: Produce another version of the requirements document
by Friday 23rd Nov
- Phill: Produce another version of the base specification by Friday 23rd
Nov