Call - November 30 - 2009

1) Roll

Paul Madsen

Jonas Hogberg
Fulup Ar Foll
Scott Cantor
Peter Davis
Hubert Le Van Gong

2) Segue from #1 into need for quorum management

Chairs will send msg to list wrt need for managing quorum by distinguishing between active & observer participants

3) Improbably approve minutes from Vegas

    http://kantarainitiative.org/confluence/display/idwsf/Las+Vegas%2C+Sept+15%2C+2009
    No quorum
   

4) Possible work items

    a) ID-WSF submission to OASIS for WS-* harmonization

   
Hubert agrees that there is little appetite
Jonas, desirable but quite impracitcal
Scott notes as a data point, Nokia-Siemens request to SSTC for attribute management. Oracle proposing expanded work item.
Some overlap with DST,
Touches on discovery, securing messages, etc - all these things overlap with ID-WSF.
Scott favours concept of profiling down ID-WSF. Sees a push back on complexity. Argues better to profile down something that exists
What can an OASIS spec reference? Must ID-WSF be submitted, normative specs probably restricted.
Peter points out that WS-* has referenced W3C specs
Peter believes that OASIS could be convinced to think of LAP as SDO. Is ID-FF a counter example?
Scott points out that here we are talking only about profiling, likely different.
AI: Paul to ask Oracle to come and discuss WSF option?
If WSF submission doesnt happen, SSTC may need to step around IP issues?
May not go anywhere, without vendor commitment to implement ....

    b) drive ID-WSF functionality as extensions to OAuth

   
Hubert updates, Oauth IETF WG finalizing on new version of 1.0 RFC - at draft 7/8, currently stable
Current discussion is whether to move from 1.1 to 2.0 for OAuth next. Will include WRAP
 
What do people feel? Hubert interested in working, but no immediate Sun need.
Scott in wait and see mode. - see where Oauth goes.
Hubert points out SWT proposal. Can we imagine a simpler version of SAML as a token within HTTP?
Scott- as soon as you sign something, wont fit in the header.
Continue to track OAuth
Peter updates on discovery. XRD on OASIS CD03, by end of January will have a CS vote. LRDD & Host meta work proceeding. DNS may
play a bigger role for host-meta. LRDD mostly done.

    c) Consent Service

   
Wait and see, pending eGov doing MRD exercise

    d) AS/SSOS into SSTC

   
Scott, one piece of ID-WSF that had come up within SSTC was AS. Occasional attempts to explain why the SOAP bit wasnt needed and you could
strip it out. Scott suggesting the possible attractiveness of more piece meal submission of WSF to SSTC rather than the whole hog.
I2 has beginning implementation based on LAP specs, may lessen demand.
Admittedly, topic hasn't come up lately.

5) AOB

Scott has long wanted to see a profile for use of signatures that reduces implentation hassles. Get rid of Xpath as
complication for signing SOAP messages.
Related, the XML Signature 2.0 work going on.
Comes down to figuring out rules for signing SOAP not so dependent on XPath
Peter, agrees that it is a classical adoption impediment.
Scott predicts middle to late 2010 is earliest to expect anything from DSig.
Peter, one other work item might be UMA driving a RESTful version of the interaction service? Consistent with other work item
of driving WSF functionality into Oauth.

Ongoing call schedule?

Thursday, bi-weekly 10 am EST
Next call Dec 10,