[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Minutes of SSTC/Focus 10 July 2001 telecon
Thanks to Heather Hinton for taking the notes! Minutes of the OASIS Security Services Technical Committee telecon and the Focus Subcommittee telecon 10 July 2001 Please note the ACTION items below. If you see anything that needs correction, please reply to this message. > Administrative > ============== > - Membership report: new/removed members (Heather) Included below. > > - Roll call (Heather) > - quorum? Attendance list included below, quorum met. > > - Approval of/additions to this agenda Added discussion of SAML-related talks at 2002 RSA Conference to Open Mike section. > Solicitation of new recording secretary Gavenraj Sodhi volunteered; many thanks; will take effect for meeting (August 14) after next (24-Jul). > > F2F #3 Minutes approval > ======================= > > The minutes of the SSTC F2F #3 meeting, which was essentially an informal > Focus group meeting due to lack of official F2F #3 quorum are here.. > > Minutes of OASIS Security Services Technical Committee F2F #3 > > http://www.oasis-open.org/committees/security/minutes/SSTC-F2F-3-Minutes-00.txt > > Are there additions/corrections to these minutes? > > Is there a motion to approve the minutes from F2F #3 and accept the > decisions and issues therein as being decisions and issues formally of > the SSTC? > > [If folks subsequently come up with corrections/additions to the approved > minutes, the minutes can be ammended at a future SSTC meeting (telecon or > F2F), so we shouldn't necessarily let that concern balk us.] Motion to table this until next TC meeting; seconded (Hal, Phill HB) Discussion: Group recommended for stable spec on 1 Dec 2001, shoot for submission to OASIS as a whole by 1 March 2002. Motion passed; We can figure out what to do with the F2F #3 minutes and discuss them over the next couple of weeks. > ACTION items > ============ > ACTION: Bob Blakley to develop and circulate a Word template for all > specification contributors to use. > > - Target date? Should someone else take this on? BobB noted at F2F #3 that if > someone else takes this on, please subsum the word template embedded in the > draft-sstc-ftf3-* docs (that were sent to the list, see.. > > http://lists.oasis-open.org/archives/security-services/200106/msg00150.html > http://lists.oasis-open.org/archives/security-services/200106/msg00151.html > http://lists.oasis-open.org/archives/security-services/200106/msg00141.html > ) Bob has a template that he will circulate as soon as his mail starts working > ACTION: Prateek to do traceability review before the next TC telecon. > - definitely in wait-state, gated by consensus draft from F2F #3. Discussed last week, stil in wait state; no further discussion. > ACTION: Jeff Hodges to update the Glossary to reflect F2F #2 decisions. > - Target date 20-Jul Jeff will attempt to complete by end of week (tho 20-Jul is more realistic). > ACTION: Eve to create master bibliography and provide bibliography section > for document guidelines. > - In wait-state. Eve has sent to JeffH draft bib section guidelines for comment, > otherwise this is in wait-state as she's on vacation for much of Jul] Jeff will intersperse his comments and send to group and Eve. > ACTION: Marlena to champion DS-1-02, Anonymity Technique, and confer with > BobB and Phill. > - In progress. Marlena feels we are missing a form for anonymous subjects; will confer with Phill and Bob and get a draft out. > ACTION: Prateek to champion DS-3-03, ValidityDependsUpon. > - In wait-state. Will be another couple of weeks to get out doc discussing the > overall set of issues here. As soon as a draft incorporating the F2F #3 white board proposal (known as "the consensus draft") is published, Prateek will work on this. > ACTION: Jeff to champion DS-4-02, XML Terminology, aka Messages and > Packaging. > - in queue after Glossary. no discussion. > ACTION: Phill to write up notion of "Authorization Claims", which are putatively > represented via attributes. > - in wait-state Phill feels authz claims got "killed" at F2F. It will be possible to resurrect them in future versions, which Phill is happy with. > Subcommittee reports > ==================== > - Issues list (Hal) Nothing to report, should get new issues list this week; Any new issues should be reported to Hal > - Focus (Jeff for now) Minutes of F2F comprise the state of the focus group; big item is for consensus draft based on F2F. There are some detailed items based on XML encryption and Dsig that need to be discussed in detail. Until consensus draft surfaces, not much more to say. > - Bindings (Prateek) Con call last Thurs; Minutes of which are availabe in the list archives.. http://lists.oasis-open.org/archives/security-services/200107/msg00020.html worked through submission from Tim Moses as well as review of web browser profile. Focused on standard web browser client for inter-domain single-sign-on. Couple of issues that are already on agenda. For preview, issue "uc-1-05" ? user approaches destination site first and is redirected to AP: does SAML need to formalize a specific protocol for this space? Issue "saml artifact", something like a ticket: should this be located in bindings group, what is its relationship to a ticket proposal that Phill gave in an earlier document? > - Conformance (Robert Griffin) No report; Bob on vacation; there is a con call some time next week. > - Considerations (Jeff for now) Nothing new to report; most info in minutes of F2F #3. > - Sessions (Hal) Nothing new to report. > - Pass-through (Stephen) No report; Stephen on vacation. > Liaison reports > =============== > XKMS, XML Encryption, XML Protocol, BEEP, Shibboleth, DSML, XACML... Do we want to formally respond to their latest draft? Might be tough to get a TC report in the short term, but individual reports from members may be more effective (and will be faster) Deadline for comments is Friday, July 13 2001 We don't have time to get a TC response For those individuals who do provide a response, please cross post to SSTC as well as XML Encryption Evan P is looking at this; he will try and post his comments to the list to solicit other comments and put together a report that is signed by individual members of the SSTC but is not a formal SSTC reponse > <new> Doc Editor/Repository report > ================================== > > Are there some docs that were sent only to Security-services that need to go > into the Doc repository? Please re-send to security-editors. If you sent a document to "security-services" without copying "security-editors", and were hoping to get it into the repository, please check the repository to make sure that it is in fact there. If it isn't, please resend to security-editors. > Schedule for a new, consolidated Core Assertions & Protocols spec > ================================================================= > > What's the outlook for issuance of the first cut of a consolidated Core > Assertions & Protocols spec (aka the "consensus draft") as a result of F2F #3 as > represented in the minutes thereof?] Outlook deadline is Friday, July 20 If there are comments, based on the F2F minutes, please send them to the list. > Open mike (new issues) > ====================== > > Prateek: revival of (ISSUE:[UC-1-05:FirstContact]) Model assumes that user is at site of Asserting Party (AP) and the goes to the Relying Party (RP). What happens if user goes to destination site/RP FIRST? Do we need a protocol? An extension of this is "daisy chaining" of information from one RP to another? Core issue: do we want to call out a protocol that describes how redirection works. Gil: Dasiy chaining is a use case that falls under sessions Darren: Kept this open to make sure didn't fall off table; if bindings group considers this, Darren is happy to let it drop Phill: This may lead to a requirement for a new message pair Tim: Will call out some details from Tim's document to facilitate discussion > Prateek: "SAML artifact architecture", in.. > > http://www.oasis-open.org/committees/security/docs/draft-sstc-bindings-model-04.pdf > > ..as opposed to "ticket" in.. > > http://www.oasis-open.org/committees/security/docs/draft-sstc-core-phill-07.pdf Prateek wanted to make people aware that there is a formal proposal for a SAML artifact, a small piece of info that can be moved, via browser, from one security domain to another. This facilitates cross-domain work. Note that there are differences with this and Phill's previous ticket proposal. There is also a binding issue: should this mechanism be supported in other (non-web browser) environments? IT seems reasonable to put into bindings doco now, and them move it to other documents later if this turns out to be generally applicable. Phill's document is not formally part of SAML spec (there are no competing documents/specs); it is a high level proof of concept/examples document to show that a ticket/artifact is possible and necessary. The ticket "def/spec" is non-normative. Phill and Prateek will work together to refine the SAML artifact. > SAML-related talks at 2002 RSA Conference Jeremy Epstein pointed out that lots of individual submissions may be a sub-optimal approach; it may be more efficient (for SAML, at least) to have one or two "group" submissions. A standards track submission with several individuals and companies might be more attractive/taken more seriously. People who have submissions in progress should try and work together to get a heavy weight talk/presentation (for standards and development track) for submission. We might also want to try and get an XML-alphabet soup panel on what the different, but related standards (SAML, XACML, XML Encryption, etc) are each trying to accomplish, where they overlap, where they don't, etc > Adjourn > ======= > (Next meeting: 24 July 2001 Focus telecon; +1 334 262 0740 participant code > #856956) Meeting Adjourned. > Focus subcommittee agenda > ========================= > > Any specific issues with how our rough consensus at F2F #3 was documented in.. > > Minutes of OASIS Security Services Technical Committee F2F #3 > > http://www.oasis-open.org/committees/security/minutes/SSTC-F2F-3-Minutes-00.txt > > ? > > Discussion of specific issues raised in the F2F #3 minutes? Hal: Important open issue is "what would identifiers look like" We need a discussion of how we are going to settle this issue. Jeff: we don't have just one type of identifier ? there are several types. We need to make a decision about how to use identifiers/classes of identifiers Jeff had been waiting to see what turned up in the consensus draft Hal: Trying to call out these types of issues in the consensus draft without identifying what they are/look like Useful first step: summarize categories of identifiers (eg identifiers that need to be unique) Jeff asserts that there are at least 4 categories of identifiers: issuer, assertion id, plus XML specific stuff (schema names, element names), Jeff's summary message is on the list "URI as general purpose identifiers", here.. URIs as general-purpose identifiers, and identifiers in general http://lists.oasis-open.org/archives/security-services/200106/msg00074.html Initial messages beginning two threads on the list about AssertionIDs and Issuer IDs... composition of AssertionID (Issue: DS-4-04: URIs for Assertion IDs) http://lists.oasis-open.org/archives/security-services/200106/msg00025.html composition of Issuer identifier (also: "dns-date" URN NID) http://lists.oasis-open.org/archives/security-services/200106/msg00082.html Present summary messages in those threads... Re: composition of AssertionID (Issue: DS-4-04: URIs for Assertio nIDs) http://lists.oasis-open.org/archives/security-services/200106/msg00158.html Re: composition of Issuer identifier (also: "dns-date" URN NID) http://lists.oasis-open.org/archives/security-services/200106/msg00159.html Hal volunteered to take Jeff's work (pointed to above) and the Church of Identifier syntax" list from the F2F #3 whiteboard discussion and take it a step further. The latter is captured in the F2F #3 minutes (http://www.oasis-open.org/committees/security/minutes/SSTC-F2F-3-Minutes-00.txt), and was.. the "church of identifier syntax" URI, string, OID, type/value pairs, XML doc, DNS domain name, other? Adjourn at 12:30 Central Time > Attendance & Membership report... SSTC Meeting Attendance Kelvin Beeck TalkingBlocks Bob Blakley Tivoli Steve Anderson OpenNetwork Irving Reid Baltimore Ken Yagen Crosslogix Hal Lockhart Entegrity Carlisle Adams Entrust Kelly Emo Jamcracker David Orchard Jamcracker Gilbert Pilz Jamcracker Prateek Mishra Netegrity Adam Prishtina Netscape Jeff Hodges Oblix Charles Knouse Oblix Darren Platt Securant Jahan Moreh Sigaba Eve Maler Sun Aravindan Ranganathan Sun Bob Morgan UWashington Phillip Hallam-Baker Verisign Soke Wan Chua Access360 Mark Griesi OpenNetwork Michael Lyons OpenNetwork Jeremy Epstein webMethods Gavenraj Sodhi Access360 Fred Moses Entitlenet Alex Berson Entrust Tim Moses Entrust Marc Chanliau Netegrity Ron Monzillo Sun Paul Ashley Tivoli Marlena Erdos Tivoli Heather Hinton Tivoli Mark O'Neill Vordel Tony Palmer Vordel New Members None Removed Members Michah Lerner AT&T Emmy Chen NetFish Frank Paynter SandHill Technology > --- > end
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC