KEYPROV Meeting Minutes
-----------------------

Note taker: Sean Turner

Agenda Bashing: No new additions to agenda but the last item "WSDL 2.0 Usage for DSKPP" was removed.

Adoption of DSKPP draft as WG item: The list response was positive.  There were no negative responses.

Timeframe: Original time scale was a little agressive so we're a little behind.  Promised to the get the main protocol out by the next IETF.  Believe that the phone conferences are very helpful and will be needed to hurry the process along. Note that the meeting minutes will be posted to the mailing list and the mailing list is still used to discuss the issues. 

DSKPP (Andrea Doherty): 
-----------------------

2nd draft has been published.  The two protocol proposals were similar and supported slightly different use cases.  The most recent submission merges the two drafts.  Builds on CTKIP from RFC4758 and will support the two and one pass variants and dskpp.  Renamed the whole thing to DSKPP. Supports different number of passes, key transport, XML and ASN.1.  DSKPP primer was provided (see slides). The DSKPP Object Model was added for clarity. The reason for the different variants were discussed. The protocol flows were discussed, cryptographic properties and the bindings.  With respect to the bindings it was a conscious decision to not require TLS/SSL. Going to ask APPs area for review of HTTP binding to get input early on.  There are a number of open issues in the issue tracker.

Issue #1 - Do we care about changing the XML element names to include "keyprov".  The group believe we should move to explicit naming

Issue #4 - KeyIdentifier issuer?  Ensure that DSKPP and PSKC make available all of the key medata required to an application. 

Phil - we can stop people from encoding information in the structure, but we can stop our protocol from getting into the identifier.  

Hannes - Usually the identifiers come from another namespace so it would be a good idea to know where they came from.  

Andrea - thinks if give the identifiers we'll be helpful. 

Phil - maybe we have to push on issuer and universal key id more. 

Phil/Andrea - don't want to be compliance point - others will do that job.

Who believes they understand the issue - a few.
Among those, who wants to use an attribute indicating the namespace/scheme - the same.

Issue #6, 8, 9: DSKPP relies as default container format and between the two specifications is desired. Recommended that we algin the two.

Issue #7: Use case is included but Andrea doesn't believe we should go forward with this case. Is 3G going to use this use case?  If they don't care then this is not very useful.  If somebody really really cares about this - then they should write an extension.  

Tim P - breaking this is to another document is a good strategy.  

Straw Poll result - remove it.

Issue #11: Is there a guide for defining HTTP binding? 

Hannes: Going to pass document to APP area for review.

Hannes: Who understands the HTTP bindings issue - very few.

Issue #12: Representing "ANY" type for allowing extensibility.  Any time "ANY" is used a processContents="strict" is used to mitigate this concern. Recommended keeping it. May take this to the APPs area for comment. 

Phil - Many XML folks don't like "ANY" because it costs more to validate.

Hannes: Who understands this issue - very few.

Next Steps: 
 Publish DSKPP as WG item.
 Get guidance on bindings.
 Revise/resubmit drafts.

Symmetric Key Format Content Type (Sean Turner)
----------------------------------------------

Hannes: Hum whether the group wants the "Symmetric Key Format Content Type" draft as WG item.
 
Outcome: The group willing to adopt it as an optional container type. 
Question will be confirmed on the list. 

PSKP (Ming)
-----------

Changes since other draft: name space (now uses urn), use key to replace secret, support non-HOTP OTP key types.

Future work: address unresolved issues tracker, consistency update with DSKPP, revise key algorithm identifier approach vs. enumeration.


Hannes: Hum whether the group wants the "PSKP" draft as WG item.
 
Outcome: The group willing to adopt it as an mandatory container type. 
Question will be confirmed on the list. 



This draft was accepted as a WG item.

Open Mic:
---------

Paul Hoffman - he has no idea how you're going to reconcile uri/oid? This may be directed at Tim.

Andrea -  On PSKC, document focus on OTP and allueds to others.  When will it become more generic for OTP type devices.  Suggested that this happen at the next version.