OGSA Teleconference - 6 December 2007 - Security ================================================ * Attendance Mark Morgan Dave Snelling Andreas Savva Donal Fellows Duane Merrill Andrew Grimshaw Minutes: Dave Snelling * Summary of New Actions ACTION: Duane to mail Sven telling him the action and that he can raise it again in PC. ACTION: Duane to ask Blair if 256 is really a problem. * Minutes Review Approved for November 19th Approved for November 26th * Action Items: artf6072 still pending artf6006 closed as obsolete * Review Comments: Secure Addressing Minor edits from Blair will be addressed as suggested. artf6093 Resolved Comment from Sven on SHOULD vs. MUST question on securing EPRs. Postpone action until PC. ACTION: Duane to mail Sven telling him the action and that he can raise it again in PC. * Review Comments: Secure Communication - Lines 152, 99, and 307 are just edits - will be done. - Cypher suites: Agree with the comment and will clarify the text and change the names of the policy documents to include the SSL. - AES_128 Issue: Preference for only one case in the document. ACTION: Duane to ask Blair if 256 is really a problem. Password AuthN Issues: - Agree with the comment and make it a MUST use secure channel in Usn/Pwd case = Change to a MUST. - Allow both SSL and digested Pwds together = do nothing to the document. Sven's Comment: Certificate in the document Issue: The issue seems to be a corner case and it is up to the client to check the chain. The technology in this space is relatively mature and the area of the spec is not so central that legislating against poor implementation is necessary. No action on the document. Host name verification issue: Change the wording to "server identity verification". Typo will be fixed. * Wrap-up Docs to be sent to the editor as this was the last call. Only the ASE_128 choice will be decided based on conversation with Blair. No further review needed. Need another call or F2F time for OGSA BSP 2.0. AOB: None