[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Minutes of 20 February 2001 Security Services TC telecon
Minutes of the OASIS Security Services Technical Committee telecon
20 February 2001
Administrative
==============
- Membership report: new/removed members (Heather)
10 new members (effective at this meeting):
Bill Perry (Aventail)
Tim Winston (Aventail)
Marc Fastiggi (Crosslogix)
Ken Yagen (Crosslogix)
Gilbert Pilz (Jamcracker)
David McNeely (Netscape)
Adam Prishtina (Netscape)
Evan Prodromou (Outlook)
Herb Erickson (SilverStream)
Alan Byrne (Vordel)
5 removed members (effective after this meeting's roll call):
Norbert Mikula (DataChannel)
Britta Glade (Securant)
Arny Epstein (SilverStream)
Sai Allavarpu (Sun)
Brian Schussler (Sun)
- Roll call (Heather)
Attendance list appears at the end of these minutes. Quorum reached.
- Approval of minutes for the last telecon
Original minutes:
http://lists.oasis-open.org/archives/security-services/200102/msg00012.html
Dave Orchard's suggested corrections:
http://lists.oasis-open.org/archives/security-services/200102/msg00024.html
No objections to David's modifications. Eve will update minutes
and will post "merged" minutes to TC list. [DONE]
- Approval of/additions to this agenda
No additions; current agenda approved.
- What do we think about creation of a new TC on an access control
language?
Simon Blackwell's proposal:
http://lists.oasis-open.org/archives/security-services/200102/msg00023.html
Bob expressed concern that this will overload the current work effort
and the participants, in part because these are the people that will
want to be involved in any access control efforts.
Eve reviewed OASIS rules, including the 45-60 day wait time to set up
a new TC.
Jeremy asked for clarification of what their access control policy is
doing: Is it putting AC on an XML document, or is it attempting to use
XML to describe access control requirements for other resources?
Simon and Ernesto described their approach, which is to provide access
control roles to the content in an XML document.
Suggestion was made to start the 45-60 day countdown period and run
discussions of the "role" of this proposal in parallel with TC work.
Ideally we can provide a way to work in parallel with liaison between
the groups.
Question: Is this the right place for this work (over, say, W3C). Many
want to be involved in this work but would like to overload our
individual workloads.
- Naming of our specification suite
Results of the Evite poll were roughly as follows:
SAML 22
A2ML 14
XCES 5
Sussex 3
AXCES 2
Motion to "Accept SAML (Security Assertion Markup Language) as the
name of this working group" passed. Numbers provided below attendance
list.
- Collecting contact info for everybody
Bob suggested putting message on list asking people to volunteer their
personal information (including time zones) and mark this information
as for the chair's use or for the web site (and therefore public
consumption).
ACTION: Eve to ask people to send her private mail with their phone
numbers and preferences, and collate and distribute it as appropriate.
[DONE]
- Considering the date for our next F2F(s)
OASIS has a meeting in Chicago 14-17 May; do we want to consider
holding a F2F at it?
http://lists.oasis-open.org/archives/security-services/200102/msg00021.html
The OASIS May dates conflict with the Oakland IEEE Security and
Privacy event, but maybe we can tack a meeting onto the end of that.
(See ieee- security.org.)
ACTION: F2F #1 attendees to bring up-to-date calendars with them so we
can plan F2F #2 and beyond.
ACTION: Eve to ask for lists of "no go" dates for those people who are
not attending F2F #1.
F2F #1
======
- Any questions on administrative stuff?
- I'm looking for volunteers for recording secretary
ACTION: Interested parties to contact Eve with their willingness to
take minutes and roll at the F2F.
- Goals and mode of working at the F2F
Much discussion on role of subcommittees and their role in making
recommendations to the TC. Subcommittee should be able to make
recommendations, including what is in and out of scope, and the whole
TC has the option of accepting this work as is, modifying and then
accepting, or referring the work back to the subcommittee. We decided
to let subgroups pick their own means of voting on recommendations.
ACTION: Bob B. to distribute a document that describes the process,
the Robert's Rules surrounding it, and his expectations on how to send
back and forth between TC and subcommittees. TC members should
respond to this with their comments.
Subgroup reports
================
- Use Cases and Requirements (security-use) (Darren Platt)
Strawman #2 distributed last Friday. Will roll in comments/revisions
by this Friday. There are about 8 detailed scenarios. Majority of work
is on issues list. Trying to come up with resolutions for these
issues. Trying to create a process to define requirements so can make
clear decision on whether to include in document or not. Focusing on
single- sign-on, session management.
- Core Assertions (security-core) (Phil Hallam-Baker)
Either do revocation properly or not at all. Biggest problem with
X.509 is that CRLs were intended to be simple and this had other mind-
boggling consequences. Phil was hoping to use a lot of the X-TASS text
as a framework for this group, but we will probably have to consider
it as an individual submission until the subgroup can meet on it.
- Protocols (security-protocol) (Tim Moses)
First draft prepared. Has received no comments on the document.
<sniff> It is roughly consistent with use cases. Will make amendments
and get a new draft to Bob by Monday.
- Bindings (security-bindings) (Prateek Mishra)
Have put together a strawman document (several weeks ago) with
discussion since then. Would like to have a con-call with bindings
group and get revised document by Monday.
- Conformance Suite (security-conform) (Krishna Sankar)
They are still dormant. Bob B suggested that they review sections of
the spec with an eye towards clarifying which parts are normative.
- Security Considerations (security-consider) (Jeremy Epstein)
Have added Privacy Considerations to the scope of this subgroup.
- Coordinating editor (Bob Blakley)
Bob will try to put together an initial draft of the entire document;
he needs drafts from the relevant subcommittees by COB Monday so that
he can put together a complete document for distribution to the TC
prior to the F2F.
Jeff gets a free dinner for being the only person submitting a report
(glossary) in HTML! Everything has been PDF or Word.
Document guidelines are progressing well and getting close to done. We
will have consistent IETF-type naming standards for the documents.
There will be requirements inside the documents for metadata that must
be there. Documents will be posted by sending to
mailto:security-editors@lists.oasis-open.org; one of the "publishing
editors" will lick the document into shape and put it on the website.
Liaison reports
===============
No report requests sent to Eve.
Encryption (Eve): has touched base with Joseph Reagle of W3C, who is
chairing the new Encryption WG. We have an arrangement to review each
other's requirements documents.
ebXML (Brian Eisenberg): SOAP and EBMLX TRP message headers are now
working together.
XKMS Encryption (Phil): There is a developers' meeting immediately
following the XKMS meeting on March 1.
Next meeting
============
There will be a short "subgroup leaders" telecon on 27 February, but our
next official meeting will be 2 March.
ACTION: All to respond to Evite invitation for F2F #1.
ACTION: Heather to set up a call-in number for the informal telecon next
Tuesday.
Adjourned at 2pm ET.
Attendees
=========
Tim Winston Aventail
John Baker Axent
Stephen Farrell Baltimore
Patrick McLaughlin Baltimore
Irving Reid Baltimore
Greg Wilson Baltimore
Krishna Sankar Cisco
Zahid Ahmed CommerceOne
Carlisle Adams Entrust
Alex Berson Entrust
Robert Griffin Entrust
Tim Moses Entrust
Nigel Edwards HP
Joe Pato HP
Maryann Hondo IBM
Kelly Emo Jamcracker
David Orchard Jamcracker
Sumner Blount Netegrity
Dave Jablon Netegrity
Prateek Mishra Netegrity
Adam Prishtina Netscape
Jeff Hodges Oblix
Charles Knouse Oblix
Steve Anderson OpenNetwork
Duane Hamilton OpenNetwork
Michael Lyons OpenNetwork
Evan Prodromou Outlook
Eric Olden Securant
Darren Platt Securant
Eve Maler Sun
Paul Ashley Tivoli
Bob Blakley Tivoli
Marlena Erdos Tivoli
Heather Hinton Tivoli
Sridhar Muppidi Tivoli
Mark Vandenwauver Tivoli
Philip Baker Verisign
Alan Byrne Vordel
Tony Palmer Vordel
Jeremy Epstein webMethods
Vote on Naming Results: (yes: 33, no: 2, abstain: 4)
Carlisle Adams Y
Zahid Ahmed Y
Steve Anderson Y
John Baker Y
Philip Baker Y
Alex Berson Y
Bob Blakley Y
Alan Byrne Y
Nigel Edwards Y
Kelly Emo Y
Marlena Erdos Y
Stephen Farrell Y
Robert Griffin Y
Duane Hamilton Y
Jeff Hodges Y
Maryann Hondo Y
Dave Jablon Y
Charles Knouse Y
Michael Lyons Y
Patrick McLaughlin Y
Prateek Mishra Y
Tim Moses Y
Sridhar Muppidi Y
Eric Olden Y
David Orchard Y
Tony Palmer Y
Joe Pato Y
Darren Platt Y
Adam Prishtina Y
Irving Reid Y
Krishna Sankar Y
Mark Vandenwauver Y
Tim Winston Y
Sumner Blount N
Evan Prodromou N
Jeremy Epstein A
Heather Hinton A
Eve Maler A
Greg Wilson A
--
Eve Maler +1 781 442 3190
Sun Microsystems XML Technology Center eve.maler @ east.sun.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC