Meeting Minutes 25 October 2018

Meeting commenced 17:00 PM US-EST

• Roll Call (Tony C)

• Quorum Achieved

Proposed Agenda

• Roll Call

• Approve Agenda

• Approve Previous Meeting Minutes (October 18, 2018 )

• Interop for RSA 2019

• KMIP 2.0

  • Protection Storage Mask Update (Bruce R)
  • PKCS#11 Encapsulation Update (Anthony B.)
  • Cryptographic Usage Mask - Revisit (Tony C)
  • Result Reason Code -- Spec Edit Update (Tony C)
  • Client Reprovisioning - Revisit Proposal (Chuck W & John L)
  • KMIP v2.0 Content Items Review
  • KMIP v2.0 Action Items Discussion

• List comment from Conrado Gouv�a

• New Business

• Next Meeting

• Call for Additional Attendees

• Adjourn Meeting

Motion to approve Agenda

• Tim H moves, Chuck W and Tim C second, No objections, abstentions, or comments. Agenda approved

Motion to approve previous meeting minutes from October 18, 2018

• Tim C moves, Jerry S seconds, No objections, abstentions, or comments. Minutes for the October 18, 2018 meeting approved.

RSA 2019 Interop

• Two interop spots are still open in the booth for RSA 2019. Please contact Jane, Dee or Tony if you are interested in participating in the OASIS booth.

KMIP 2.0

Protection Storage Mask Update (Bruce R)

• Bruce R took the TC through the updated proposal which addressed the comments raised by Mark J and Chuck W last week. See https://www.oasis-open.org/apps/org/workgroup/kmip/document.php?document_id=64124
• Now able to query the server and understand what it could do for you and which features are optional.

Motion to include the changes to the KMIP 2.0 Spec as noted in the updated Protection Storage Mask Update

• Mark J moves, Chuck W seconds, No objections, abstentions, or comments. Motion approved.

PKCS#11 Encapsulation Update (Anthony B)

• Anthony B reviewed the an update to the proposal that he posted to address comments received last week. See https://www.oasis-open.org/apps/org/workgroup/kmip/document.php?document_id=64144
• In additon, a profile to show the PKCS#11 encapsulation was also posted (see https://www.oasis-open.org/apps/org/workgroup/kmip/document.php?document_id=64145) and presented by Anthony B.
• Mark P noted the proposal was much improved.

Motion to accept the changes to the KMIP 2.0 Spec and the KMIP 2.0 Profiles to support PKCS#11 Encapsulation

• Chuck W moves, Mark J seconds, No objections, abstentions, or comments. Motion approved.

Cryptographic Usage Mask - Revisit (Tony C)

• Tony C appologized for the late posting of the update (see https://www.oasis-open.org/apps/org/workgroup/kmip/document.php?document_id=64147), but the content was included in WD4 of the Spec posted last week.
• Discussion around the Unrestricted usage mask and how it could be used to allow for adopting support of new technologies or uses of cryptography

Motion to include the Cryptographic Usage Mask changes to the KMIP 2.0 Spec

• Tim C moves, Tim H seconds, No objections, abstentions, or comments. Motion approved.

Result Reason Code -- Spec Edit Update (Tony C)

• Tony C noticed some inconsistencies in the definitions/result reason codes while trying to incorporate this proposal into the KMIP 2.0 Spec.
• Tony recommended that the changes be streamlined and similar/common codes be brought together.
• Tony C will publish a Spec delta to show how to bring this all together. Chuck W offered to help Tony C with the delta.

Client Reprovisioning Revisted (Chuck W)

• Chuck summarized the original proposal to the TC and noted that some polymorphisms needed to be introduced into to proposal based on when the client credentials are created.
• The proposal assumed the server is in complete control of the credentials for the client. But there are two other variants the need to be considered where the client presents a PKCS#10 CSR or a current X.509 Certificate as part of the reprovisioning request. In the second case, there is a added question as to whether the server should accept the certifiate or do a path validation on the certificate which means the trust chain needs to be imported into the server.
• Tim H asked if all approaches assumed that that the client has a valid credential? Chuck W answered yes. Chuck W went on to note that if the client tried to reprovision with an expired creential, the request would be rejected and the client would need to follow the process for obtaining a new credential from scratch.
• Proposal was further discussed by the TC with agreement that for this round of changes that only reprovisioning with a currently valid credential will be supported and that Reprovisioning will be kept as a seperate operation.
• Anthony B, Tim H, Chuck W and Mark J agreed to take their detailed discussion off line.
• Chuck W will post an updated proposal which will be discussed by the TC at next week's meeting.

KMIP 2.0 Review

• Tony C noted that with the revisit of the Client Reprovisioning we have bottomed out the list of KMIP 2.0 items.
• Plan to close on the KMIP 2.0 content at next week's meeting.
• Tony C noted that there is a lot of missing Usage Guide text and asked that those who have submitted Spec changes to review the action item list to see if they need to contribute to the other KMIP documents.

KMIP 2.0 Profiles

• Tony C noted that that the TC needed to take a vote to accept the new structure of the KMIP 2.0 Profiles which aligns with that of the KMIP 2.0 Spec so that Tim H could proceed with updating the rest of the Profiles document in the same manner.

Motion to approve the new approach/structure for the KMIP profiles taken in KMIP 2.0 Profiles WD2

• Tim C moves, Mark J seconds, No objections, abstentions, or comments. Motion approved.

List comment from Conrado Gouv�a

• Co-Chairs sent email to Conrado requesting additional information

New Business

• None

Next Meeting

• Next Meeting: 1 November 2018

Call for Additional Attendees (Tony C)

• Indra F (Micro Focus)

Motion to Adjourn

• Tim C moves, Tim H seconds, No objections, abstentions, or comments. Meeting adjourned

Meeting Adjourned at 17:59 US-EST