Minutes for Focus subgroup 3 Jul 2001 telecon

[Jeff Hodges <jhodges@oblix.com>]

Jeff Hodges wrote:
> 
> Meeting date: Tuesday, 19 June 2000
> Meeting time (see also http://www.timezoneconverter.com/cgi-bin/tzc.tzc):
>            Europe/Dublin  5-7pm
>            US/Eastern     12noon-2pm
>            US/Central     11am-1pm
>            US/Pacific     9am-11am
> 
> Call-in information (good through end of Sept):
>           Call-in number: +1 334 262 0740
>           Participant code #856956

SSTC Members on the call..
--------------------------
Krishna S.
Marc C.
Prateek M.
Marlena E.
Gil P.
Don F.
Tim M.
Dave O.
Steve Anderson
Darren P.
Evan P.
Thomas H.
Carlisle A.

observers
---------
Don Flinn 
Chris McLaren (Netegrity)

> 
> Running list of ACTION items
> ============================
> ACTION: Bob Blakley to develop and circulate a Word template for all
> specification contributors to use.
> - Target date ?
> 
> ACTION: Prateek to do traceability review before the next TC telecon.
> [in wait-state]

definitely in wait-state, gated by consensus draft from F2F #3.


> ACTION: Jeff Hodges to update the Glossary to reflect F2F #2 decisions.
> [now have detailed comments to work from. ]
> - target date 13 Jul 01

will attack this after F2F #3 minutes are completed. 

>
> ACTION: Eve to create master bibliography and provide bibliography section
> for document guidelines.
> [Eve has sent to JeffH draft bib section guidelines for comment, otherwise this
> is in wait-state as she's on vacation for much of Jul]

no discussion.

> ACTION: Marlena to champion DS-1-02, Anonymity Technique, and confer with
> BobB and Phill. [in progress]

In Gil's notes of the 26th, noticed mention of non


> ACTION: Prateek to champion DS-3-03, ValidityDependsUpon.
> [in wait-state]

Have made some progress, chatted with Marlena & others. Has to do with
traceability & reference between assertions. In wait-state. Will be another
couple of weeks to get out doc discussing the overall set of issues here. 


> ACTION: JeffH to champion DS-4-02, XML Terminology, aka Messages and
> Packaging.
> [in wait-state]

in queue after Glossary.

> ACTION: Phill to write up notion of "Authorization Claims", which are putatively
> represented via attributes.

[in wait-state]




> Open discussion
> ===============

Prateek: <below claims by JeffH on the process for arriving at a consensus-based
doc basically held, plus Prateek is on the list of signees, he offered Marc &
Chris as helpers>

> Precise agenda to be decided on-the-call.
> 
> Prateek asked: "The main issue of interest to me is the creation of a document
> that represents the "two whiteboards" consensus draft and how we can achieve
> that goal with some speed."
> 
> A nominal answer is that Phill and DaveO signed up at the end of the second day
> of F2F #3 to work together to produce such a document.
> 
> Phill noted prior to that particular signing-up action, that progress on
> producing a doc incorporating consensus from the F2F #3 is gated by the
> appearance of the F2F #3 minutes. Hence I've been trying to: (a) get the minutes
> out as quickly as possible, (2) ensure they are as complete and accurate as
> possible, (3) release information as I get it together, rather than wait until
> the entire monolithic chunk is "done".
> 
> Thus I hope that having at least..
> 
> http://www.oasis-open.org/committees/security/minutes/SSTC-F2F-3-Notes-Hodges-WhiteboardTranscription.pdf
> 
> ..plus the raw notes (located in that same directory) be available means that
> they can "get started" (hint, hint).
> 
> In anycase, I'm on-track to get the consolodated minutes document completed by
> end of the day Tue 3-Jul (the shorter this focus concall is, the more it will
> help me complete that goal).


Gil brought up point of whether we can use technology (e.g. shared "whiteboard")
on the concalls such that they are more "productive".

JeffH - has some practical experience in this area and such technology is not
ready for prime time where interactive, collaborative-design meetings are
concerned. (is afraid that we'd spend too much effort messing with the
technology and not get a return for the time invested)

Evan - noted that (IHHO) trying to use such tech would likely get in the way of
the calls.

JeffH - empahsized that the way to make progress on this stuff (i.e. crafting
protocol specifications) is to methodically write stuff down and methodically
read & comment on what others write. Having the "consensus doc subgroup" (Dave,
Phill, Prateek (Prateek mentioned that Netegrity co-workers might be signed up
to help)) working to produce such a doc is a huge step forward. 

  To move that doc (and our others) to a higher states of maturity, folks should
methodically write down their comments/issues, preferrably in the form of
explict proposed document sections (rewrites of existing sections and/or new
sections), and we can discuss/revise them to the point of being included in the
doc. 

Dave - seconded this modus operandi.


Evan brought up the current list thread about XML encryption. Do we want to make
use of the XML 

Evan's going to take Prateek's write-up of how we'd sign assertions and flesh it
out. 

JeffH noted that dig sig of assn's might need to be designed as a component of
assertions themselves. 

Prateek isn't sure, but could be convinced. In anycase, we need to specify how
assertions are signed. Then we can see where in our specification documents it
belongs. 


Prateek brought up notion of "common vocabulary" items. thinks this will be
important to get nailed down. specific examples were a vocab of actions, a vocab
of authntypes. 

JeffH noted that there IS an existing registry of what are effectively
"authentication types". This is the IANA-based registry of SASL mechanisms
located here..

  http://www.iana.org/assignments/sasl-mechanisms

There was a question about whether SASL authn mechanisms can be mapped to URI.
JeffH noted that this certainly could be done, one just needs to decide on the
form of the URI and what the mapping transformation is. Whether or not it is
~appropriate~ for authn mechanisms, aka AuthnTypes, to be expressed as URI is
separarte question. 
  

some discussion about action types. It was noted that there's an interplay
between XACML and SAML in terms of action types. JeffH noted that what SAML
needs to ensure is that SAML action types are mappable to action types expressed
in XACML (or whatever policy repository schema is being used) -- this is a
mapping that PDPs will have to make and we shouldn't make it too hard or
impossible for them. 

No other bisness to discuss, so the call was adjourned. 

The below were not discussed.


> Overall Issues and concerns
> ===========================
> 
> Item: How to prioritize issues resolution?
> 
> Current issues list is -04:
> http://www.oasis-open.org/committees/security/docs/draft-sstc-saml-issues-04.doc
> 
> Open issues (plus any waiting to be added by Hal; how current is this list?):
> 
> UC-1-05: FirstContact (p. 13)
> UC-2-05: EMarketplace (p. 29)
> UC-7-01: Enveloping (p. 56)
> UC-7-02: Enveloped (p. 56)
> UC-8-02: IntermediaryAdd (p. 58)
> UC-8-03: IntermediaryDelete (p. 61)
> UC-8-04: IntermediaryEdit (p. 63)
> UC-8-05: AtomicAssertion (p. 65)
> UC-9-01: RuntimePrivacy (p. 67)
> UC-9-02: PrivacyStatement (p. 67)
> UC-13-07: Hailstorm Interoperability (p. 85)
> DS-1-01: Referring to Subject (p. 86) BobB?
> DS-1-01: Anonymity Technique (p. 86) Marlena
> DS-3-01: DoNotCache (p. 88) Hal
> DS-3-02: ClockSkew (p. 88) Hal
> DS-3-03: ValidityDependsUpon (p. 88) Prateek
> DS-4-01: Top or Bottom Typing (p. 89) Dave
> DS-4-02: XML Terminology (p. 89) Jeff
> DS-4-03: Assertion Request Template (p. 89) (Tim/Dave initially)
> DS-4-04: URIs for Assertion IDs (p. 89) (Jeff initially)
> 
> [others to add?]
> 
> ---
> end

---
end