Subject: RE: Meeting Notes 02/15/2001
Meeting Notes for 02/15/2001 Attendance: Joe Dalman- TIE Commerce Sally Fuger- AIAG Farrukh Najmi- Sun Kunio Mizoguchi- ECOM Bruno Fifs- CSTB Jim Martin- Data-Tronics Scott Hinkelman- IBM Ken Tamura- Infoteria Mike Yatchman- Avaya Kathryn Breininger- Boeing Lisa Carnahan- NIST Eugene Van Roessel- WTCM Chaemee Kim- KTNET Brian Young- Boeing Yutaka Yoshida- Sun Nic-La Stojanovic- Excoda George Weng- FISC JP Morgenthal- XML Solutions Paul Jan Chiang- ICBC Prasaad Yendluri- Webmethods Gary Crough- Cyclone Al Boseman- ATPCO Meeting started at 9:00 am Farrukh started by discussing RIM model and the security view on page 33 of the version 0.55 with the security workgroup. The security group stated it is trying to help the different groups identified any risks around security in their specifications. Yutaka went on to explain that the repository and registry are separate and there isn't security defined between the two. The discussion went on to look at how we are focusing on authorization in the registry specifications. Next we went through the specification on how an object is submitted and how security is defined in the specification. Once the object is in a discussion was about what type of roles are there for access to the object. Scott Hinkelman raised a concern that current specification forces the user of the registry to do an authorization request for each request and it should be more like a session authorization. Farrukh went to page 39 of the Registry Service Specification to discus role-based AcessControlPolicy. The summary was that the specification took the minimal requirements with security with the thoughts that additional security can be added in additional releases. 10:45 am Looked at the requirements document and started to identify any changes that maybe needed to the document that have change since it was created. 11:30 am The group discussed the to do list and decided to focus on the following: *Object versioning *Keyword search *Custom security policy *Audit trail(P1) *Publish subscribe *CPA negotiation service *Internationalization(P1) *Distributed Registry *Link to external coding mechanism(P1) 1:00 pm Group worked on Glossary for TA group 3:00 pm Group started to review the Registry Services Specification. The discussion was around a use case that JP defined and how it would be handled based on the current specification. It was decided after finding some errors in the dtd that JP and Farrukh would look at the dtd off line. It was also identified that we need an example on how to submit Content.
Powered by
eList eXpress LLC