OGSA Teleconference - 21 April 2008 - Security ============================================== * Participants Blair Dillaway Hiro Kishimoto Duane Merrill Andreas Savva Minutes: Andreas Savva * Summary of New Actions ACTION: Duane will reply to the Secure Addressing public comments on the forum and then post a final call for the revised document to the list ACTION: Duane will reply to the Secure Communication public comments on the forum and then post a final call for the revised document to the list * April 7 minutes approved with no changes * Action item review ** [artf6072] Security use case document handover - There is no active security group at the moment that would be interested in this use case document. The more general problem is that it is difficult to get people to work on a general use case document that is not related to a specification they are developing. - It would be good to have a use case document for the security profiles, but this document discusses a broader set of use cases. - The GFSG does not require a use case document when publishing a recommendation track document - Doing nothing is an option but it would mean that this document disappears. - CLOSED: Duane volunteered to re-start working on security use case document and get it to publication shape. The plan is to publish this document as an OGSA-WG document. * Public comment review for security profiles - List of revisions was posted by Duane shortly before the call. Participants have not reviewed the revisions in detail. - General note on process: - Reply to the PC forum comments (accept/reject & reason). Replies can be fairly brief. - Prepare final revision and once ready do final call on the list ** Review of Secure Addressing - Duane's email to the list describes changes to the document - After a short document walkthrough agreed that changes are minor and that they do seem to have addressed the public comments. ACTION: Duane will reply to the Secure Addressing public comments on the forum and then post a final call for the revised document to the list ** Review of Secure Communication - Short document walkthrough and explanation of some of the more substantial changes: - Sec. 4.2.2: added timing information to policy documents - Sec. 7.2: added sp:signedencryptedsupportingtokens per WS-Policy 1.2 - Sec. 7.3: paragraph at line 780 notes possibility of replay attack - Paragraph at line 595: Changed compliance statement to a note about FIPS-equivalent ciphersuites - Other minor nits - Some changes need a more detailed review but agreed that the review can be done as part of the final call. ACTION: Duane will reply to the Secure Communication public comments on the forum and then post a final call for the revised document to the list