Minutes of the PASC security working group, 10-14th January 1994, Irvine, California Sederunt Lynne Ambuel, DoD, in the chair Attendance has significantly improved since Bethesda meeting. Ballot issues The 1003.6 ballot has not been issued and is with Jon Spencer awaiting finalisation. This is expected to arrive during the Irvine session. All active personnel within 1003.6 are in the revised ballot group. There are a total of 78 personnel in the new ballot group. 35 open ballot issues are awaiting resolution. Mid-February has been selected as a possible ballot window. The proposal to reform the ballot resolution group in parallel with ballot group reformation is open for discussion. It was suggested that serious contributors to previous ballots may be invited to join ballot resolution group. Noted that 5 meeting of the ballot resolution group are held, which will require a high level of commitment. Members present at the meeting were invited to contribute either to the ballot resolution group or to the security framework document. Status of security framework The appointment of liaisons from the security working group to other organisations to support security framework development work was considered. Agreed that Piers McMahon will act as liaison with IETF, Tom Parker as ECMA liaison. ISO SC27 have appointed Ted Humphries as liaison to the security framework group. Noted that David Rogers is liasing closely with X/Open to maintain a single source document. Document status: after October meeting X/Open has funded production of a X/Open Distributed Security Framework (DSF). X/Open security working group has reviewed the document in December. Document posted to .22 ftp site for review. Updates have been made to correct typos and punctuation errors. Crypto and key distribution sections are awaiting completion, while the access control section needs updated. Additional work is also required to restructure and merge back text, and to extend the mapping of security services to POSIX functional areas. The aim to include work in next draft of XDSF in February. The next X/Open security working group will meet in March 15- 17th. Agreed that the aim will be to turn the X/Open DSF into a POSIX document at the April PASC meeting. X/Open is aiming to evolve XDSF via corporate review, to publish a snapshot later in the year. We need to consider timescales for balloting of the security framework. The original intention being to have a ballotable document by end of this meeting. Subgroup activities User I&A Awaiting Piers McMahon to review status of I&A proposals, and means to carry these issues forward. Portable audit trail formats Audit trail interchangeability discussions were held at Bethesda, awaiting tabling of a possible audit trail format for consideration. Report from logistics 1003.22 have requested sufficient space for 10 people, 1003.6 for 15-20 people. Suggestions for possible venues have been requested. Report from JTC1 Noted that a national ballot has been received from Denmark requesting that I&A should be incorporated in the 1003.6 ballot prior to integration into the 1003.1 standard. Noted that this will require a significant revision of the ballot document. Report from SEC No actions from SEC. Noted that the institutional representatives from UI/OSF have been removed from SEC. Noted that there have been changes in IEEE and computer society liaison officers. The SIC is considering types of name space collisions for reserved words. POSIX .1 and .2 stated that non-conforming implementations with identical named calls should behave in the same manner as the .1/.2 standard, or should return an error code. The SIC is also producing guidelines on the consistency of errno return codes. Report back from security framework subgroup on Friday plenary Restructuring of document continues. Attendance has returned to previous levels. Aim to produce a new draft for X/Open by end January to be placed on ftp site and X/Open document server. Comments will be welcomed for the X/Open review round. X/Open will meet in March to consolidate corporate review. Lorraine Kevra has suggested that the ballot group should be formed in April, to go to ballot in July. Aimed to send a heads up on electronic mail list to ask people to join the balloting pool if interested in participating in the security framework ballot group. OIW and NUIF contacts have been traced for liaison reasons in accordance with PAR. Any other business Agreed to publicise document register and archive for 1003.6/1003.22 - action chair and secretary. Agreed that the chair will send a directed letter to major groups/vendors requesting specific proposals to form the basis of new work, such as I&A functionality and possible formats for application interchange (audit). Noted that the snitch report into Uniforum provides additional publicity for group activities. Meeting adjourned at 10.40am, Friday.