[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Agenda for Focus subgroup 25-Sep-2001 concall
Meeting date: Tuesday, 25 Sep 2001 Meeting time ( see also http://www.timezoneconverter.com ): Europe/Dublin 5-7pm US/Eastern 12noon-2pm US/Central 11am-1pm US/Pacific 9am-11am Call-in information (good through end of December): Call-in number: (334) 262-0740 Participant code #856956 ACTION items ============ ACTION: Prateek to start traceability review before the next TC telecon using discussion-01 docs and going back to use cases" (previous disposition: wait state) ------ ACTION: Jeff to send to the list Eve's proposed bibliography section for document guidelines with his comments. ------ ------ ACTION: Marlena to champion DS-1-02, Anonymity Technique - status after discussion thread of 20-aug? ------ ACTION: Prateek to champion DS-3-03, ValidityDependsUpon [21-Aug: Prateek will send out message within the next week to close out issue but call out questions.] ------ ACTION: Jeff to champion DS-4-02, XML Terminology, aka Messages and Packaging. ------ ACTION: Krishna to drive SAML profile of xmldsig. [has sent msg to the list soliciting input.. http://lists.oasis-open.org/archives/security-services/200109/msg00046.html ] ------ ACTION: Bob B & Marlena: <Subject> in Core doc to correspond to Artifact. [status msg to list slated for Mon 24-Sep] ------ ACTION: Bob B: Return of not current valid assertions to RP (e.g. post dated) [text in Bob's powerpoint, and in e-mail to the list. Done. See.. http://lists.oasis-open.org/archives/security-services/200109/msg00041.html ] ------ ACTION: JeffH to transfer sec consideration work to Chris [in progress]. ------ ACTION: Don: Smart client profile - develop a proposal. [to be sent out to list by Mon 24-Sep] ------ ACTION: Don: to elaborate the number of 1-1 relationships and propose how to fix the resulting scaling issues. [to be sent out to list by Mon 24-Sep] ------ ACTION: Gil: [DS-6-01:Nested Attributes] Not sure how SAML could address this [revisit at next call] ------ ACTION: Prateek: To make a proposal on the mandatory use of HTTPS [was Gil's; Report back by Fri 28-Sep] ------ ACTION: Hal & Bob B: Artifacts are bearer instruments, Assertions are not. [Done/closed. See.. http://lists.oasis-open.org/archives/security-services/200109/msg00041.html ] ------ ACTION: Hal: to write scenarios (and / or provide definitions) for how NameIdentifier is used (e.g., when it is in SubjectConfirmation to identify an assertion vs. when it is used to represent the assertion referent) [done. See.. http://lists.oasis-open.org/archives/security-services/200109/msg00041.html ] ------ ACTION: Irving: Multiple NameIdentifiers are dangerous - Irving to write up proposal. ------ ACTION: Irving: to investigate and write up WAP limits [done. see.. http://lists.oasis-open.org/archives/security-services/200109/msg00040.html ] ------ ACTION: Jeff: threat model discussions to be removed from the bindings doc - but rationale preserved somewhere in SAML documents. [Will handoff to Chris as part of sec consider work; Prateek to be consulted. This item should be closed.] ------ ACTION: Marlena: SHIB desires 00-02 artifact type (anonymous user & attribute assertions - non personal identifiable info) core design issue. [ Marlena reconsidering need for this. status?] ------ ACTION: Marlena: to write a proposal to create another Web Browser profile that retrieves an Attribute Assertion rather than an Authentication Assertion. [ Marlena reconsidering need for this. status?] ------ ACTION: Marlena: to write up use of artifacts for queries [from 18-Sep call: Query handle in request for assertion - anonymous subject discussion will resolve this. Status?] ------ ACTION: Phill: Will produce a core-16 that just contains the notional and twiddles before any major changes to schema and protocols. [from 18-Sep call: processing comments from eve, looking at choice groups. end of week next. 28-Sep] ------ ACTION: Prateek: "Security properties of Assertion Handle" (Bob Blakley to act as reviewer). [from 18-Sep call: One more cycle through bindings con-call - at least through mid next week. Bob - may linger in review process] ------ ACTION: Prateek: Lookup by artifact: Agreed that he should submit a detailed proposal to the Core outlining specific changes to specific sections. Includes new request-response protocol not currently defined in HTTP binding. [from 18-Sep call: In part addressed in core-16. status by 9/20?] ------ ACTION: Prateek: Oracle attacks WRT SOAP Profile [from 18-Sep call: BobB to send references to the list by 21-Sep. Status?] ------ ACTION: Prateek: Push profile / use case to be dropped from document (Paul Leach's claim that this would assist SAML/Kerberos integration was never developed - Paul to present this case if he wishes to re-instate this profile) out for now". Drop from Actions list?] ------ ACTION: Prateek: Should the Bindings Group select either the HTTP or SOAP protocol bindings for inclusion in the final spec? [from 18-Sep call: open - reasons for inclusion of both profiles or elimination of 1 should be sent to the list (by 9/25)] ------ ACTION: Prateek: Should the SOAP binding address the issue of intermediaries - generate proposal for how [from 18-Sep call: SOAP Bindings will include discussion of intermediary, but need to discuss during Focus portion (wasn't discussed on 9/18)] ------ ACTION: Prateek]: This is an editorial issue about the names of profiles. Prateek to revise current document. [from 18-Sep call: single sign on terminology to be included in next version. Status?] ------ ACTION: Simon: write a concrete proposal that outlines the change to the nature of the authorization query. ------ ACTION: Tim: First Contact - will write up what can be done with the current design. [from 18-Sep call:to be included in next rev (-06) of bindings doc] ------ ACTION: prateek: pseudonym or somewhat anonymous subject identifiers =============== Open discussion =============== 1. Call for items to discuss during this time. 2. Suggested topics.. 2.1. Is there a concise consensus decision we can articulate for the "Substitution Groups Reconsidered" thread, and do we need such? This msg starts off the thread.. http://lists.oasis-open.org/archives/security-services/200109/msg00028.html Eve's msg here seems to conclude it.. http://lists.oasis-open.org/archives/security-services/200109/msg00038.html I interpret this portion of Eve's msg.. > the TC apparently agreed that substitution > groups are important in extension schemas because if you're extending a > "null assertion statement" (the head of the chain of assertion types, which > has nothing particular specified in it), xsi:type gives you no more > information than a substituted element would. ..as effectively saying "we won't use 'block' in the SAML schema." Is that a correct concise summary? 2.2 Attribute scoping (Scott Cantor). see.. http://lists.oasis-open.org/archives/security-services/200109/msg00047.html 2.3 Relying party tailors assertion in browser artifact profile (Tim Moses). See.. http://lists.oasis-open.org/archives/security-bindings/200109/msg00018.html --- end
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC