OGSA Teleconference - 30 July 2007 - Security ============================================= * Participants Duane Merrill Mark Morgan Chris Kantarjiev (note taker) Zack Blair Dillaway Andreas Savva Hiro Kishimoto - General/early discussion We submitted 5 sessions for OGF21, expecting to have to approve one extra, but Chris got 3 approval requests. Not sure why. Chris will ask Joel what the actual policy is. If there is no room left in OGF21, we will move a session or two to the associated Friday F2F. UVa group isn't yet clear if they will attend OGF21. Expectation is that at least either Mark or Duane will attend. Chris Jordan can't make today's Roadmap session, so we will cancel the second session and move Roadmap discussion to next Monday instead of a Glossary session. - Housekeeping Minutes July 2 Security - approved. - Express Auth Profile (Duane) Most recent work is based on the trackers, let's review. Blair is happy with the changes for the ones he has reviewed. Use of MUST in the documents was not intended to define a lowest common denominator (mentioned in several trackers). Duane added comments to indicate that these docs aren't sufficient to guarantee interop. No one has a problem with this. artf5901: Added URI for conformance to WS Secure Addressing Secure SOAP: Requirement for integrity/confidentiality has been relaxed to be recommendation in order to not overburden all the use cases with encryption requirements. Others were old/deprecated from before WS Security Policy, and just required cleanup. Action: move trackers from resolved to closed. Requires someone to read the docs and mark them as reviewed... Hiro will do so. This was called "Express" to indicate that we would like to get this through the process quickly. Duane is pushing for an internal last call, and try to use the August F2F to resolve any remaining issues. Some concern expressed that no potential users have read the doc. How do we get them involved? We would like to encourage users to read the docs, but don't want to hold up the process. Duane will send targetted emails to the likely suspects. It is likely that UVa will implement this. Who will be the second implementation team? What are the plans for publishing the use case document? Blair will take the lead on figuring this out. Duane will draft a document about dealing with Kerberos to leverage the WS Security Kerberos profile. It would be nice to have a signature over the EPR documents - how to achieve that? Blair suggests an optional signature over the entire structure. Want some mechanism to ensure the trust of the embedded security parameters. This is probably more useful than the Kerberos work... this will go into Secure Addressing. Don't expect to need another telecon for this topic before the August F2F. -AOB? No other business.