DRAFT 05 July 2005 XKMS Teleconference Minutes
Chairs: Stephen Farrell
Note Taker: Jose Kahan
Last revised by $Author: kahan $ $Date:
Tuesday 05 July 2005 - 19:40:25$
Participants
- Stephen Farrell, Trinity College
- Jose Kahan, W3C
- Tommy Lindberg
- Vamsi Motukuru, Oracle
- Rich Salz, DataPower
- Yunhao Zhang, SQLData.
Regrets
- Shivaram Mysore, Microsoft
Agenda
- XKMS Recommendation debriefing
- Complementary W3C notes for XKMS
Minutes
Notes from today's meeting
- XKMS Recommendation debriefing
The spec was published last week (congratulations to everyone). The WG
has a charter extension until end of September for doing life after
recommendation activities such as errata maintenance. Jose owns the
editing of the errata document. If the WG decides that no further
activity is needed for XKMS at this point of time, the WG will disband.
The mailing list will stay open. If the WG wants to do further work, it
will need to draft a new charter and this charter will need to be
approved. We fulfilled the goals of the current charter. The mailing list
of the WG will stay open for discussion on the XKMS spec.
- Complementary W3C notes for XKMS
As part of the life after Rec, we can publish some notes that will
enhance the use of XKMS before our charter expires. The following are
candidates:
- XKMS WSDL profile. Editor: Rich. Salz.
- XKMS as a Kerberos gateway. Editors: Stephen Farrell, Rich Salz,
and potentially someone else working on GRID
- Using XKMS with PGP. Editors: Tommy Lindberg and Jose Kahan.
- SF: Presents his XKMS as a Kerberos server ideas.
- YZ: There is a similar, but more generalized initiative in the US. gov.
for translating authentication tokens. The service can convert from one
custom token to something appropriate for an application. It could also
convert from a standard token into a custom one. This could open the door
foor a real trusted service.
- RS: Having an XML-based protocol to convert these tokens sounds good.
If the Kerberos convention can be generalized, we can then obtain a
public-key based single sign-on.
- JK: There is a service in the WS-Trust suite that proposes token
convertion.
- TL: Talks about the PGP lacks in XML-DSIG: ambiguous wording. Doesn't
say how to code the PGP trust packets.
- SF: Our note should say how to use XKMS with PGP and signal the
problems in XML-SIG and give solutions to them. If the XML-Dsig group
recharters, they could use this work as a basis.
- JK: Any other XKMS implementations that support PGP? (Only TL's)
- SF: Suggests to bring the OpenPGP WG (if they still exist) into the
loop to get their feedback.
- TL: Another intrastandard interoperability item. RFC3767 (SACRED)
(PKCS#15 based). Sec. 2 mentions that they define SACRED elements that
are compatible with elements used in XKMS and XMLDSIG so that an
implementation of this protocol can easily also support XKMS and
viceversa . Would like to have the same format supported in XKMS.
- SF: Let's wait to see if the SACRED WG is reactivsted before deciding
what to do (some IPR problems)
New Action Items
- AI Stephen: Send a call to the WG's mailing list asking for other ideas
for XKMS complementary notes
Next Telecon
- Next
Telecon(s)
- Date: August 9, 2005; Time - 4:30pm GMT/Dublin (if you're unlucky
enough not to live in Dublin, you can check time for your local area here:-)
- Zakim Bridge (617) 761-6200 Code: "XKMS"
- Agenda: TBD