Editor's Note:  Minutes received 8/5

CURRENT_MEETING_REPORT_

Reported by Mark Smith/AT&T

Minutes of the Trusted X Working Group (TXWG)

The current thinking on Secure X is divided into two separate
approaches:


  1. The establishment of a core security policy derived from prior
     vendor efforts.
     Vendors are still reluctant to publish their policies, although
     there are signs that some will soon be published.  Inasmuch as
     there are no current proposals in this area, no further discussion
     on this approach was offered at the meeting.

  2. The abstraction of the security policy via a policy-free protocol.
     The key here is the construction of a mechanism for
     security-cognizant applications to determine what the security
     policy is.  We briefly discussed the ``RequestPolicy'' proposal
     (distributed via email shortly before the meeting), which allows a
     client to probe specific points of the policy, and agreed that the
     approach is promising but that a proof of concept is needed.


The Boston TSIG X Working Group was not well attended.  For that reason
little progress was made other than the discussion on ``RequestPolicy''
above.  We need vendor support, especially in the form of new proposals
for (1) above, although more work in area (2) is very welcome also.

We need to have an idea of the attendees for the next TSIG meeting in
Minneapolis so that we can judge whether another ``cooling off period''
is required.  Please let me or Mark Christianson know fairly soon
whether you'll be attending the next meeting.  I would like to know
whether this low attendance was an aberration or not.

Attendees

Charles Blauner          chazx@ctt.bellcore.com
Edward Cande             cande@zk3.dec.com
Alton Hoover             hoover@ans.net
Richard Newton           rnewton@csd.harris.com
Mark Smith               mark@neptune.att.com



                                   1