Minutes of Focus subgroup 9-Oct-2001 concall

[Jeff Hodges <jhodges@oblix.com>]

> 
> Focus subgroup Agenda
> 
> 1 - Roll Call

Calisle A.
Hal L.
Marlena E.
Scott C.
Phill HB
Irving R.
Prateek M.
Tim M.
Simon G.
Gil P.
Chris M.
Krishna S.
Darren P.
Jason R.
Alan  (Authntica)
Dave O.
Eve M.
Joe P. 
JeffH


> 2 - Agenda review (discussion items after Action Items review)
> 
> Items that're explicitly on the list per last SSTC/Focus concall of 2-Oct...
> 
>   Don F. -- Smart Client Profile
> 
>   Prateek: Should the Bindings Group select either the HTTP or SOAP
>            protocol bindings for inclusion in the final spec?
> 
>   Prateek: Should the SOAP binding address the issue of intermediaries
>            - generate proposal for how
> 
> Items not (yet) explicitly on the list are any of the 5 "NEW ACTION"s listed
> below.
> 
> Any other items from the ACTION list or elsewhere?

One other mentioned on list was saml profile of xmldsig.

3 items above to be disc. in open disc.


> 3 - Face to face #5
>     [discussion; date decision?]


whoops, we didn't discuss this. Will have to do on the list this week, and on
next concall if nec. 


> ============
> ACTION items
> ============
> 
> ACTION: Prateek to start traceability review before the next TC telecon
> using discussion-01 docs and going back to use cases"
> 
> Status: Action Item (AI) remains open in wait state.

no change in status. 

> ------
> ACTION: Marlena to champion DS-1-02, Anonymity Technique
> 
> Status: AI still open. Marlena will write up issue by October 9, 2001.

Notes sent to list 8-Oct Mon. 
Marlena not wanting to champion this anymore. 
prateek: need to extract some terminology out of this.
Marlena asserts that there needs to be some tagging of the subject name
 as a pseudonym
Hal: 2 more things
 reserved anon name "anonymous"
 gening up a tmp name on the fly

me: lets close this

scott: rather than simply close this item, we should try to address the lack of
semantic explanation. 


NEW ACTION: scott will propose text that documents the detailed semantics of
NameIdentifier.


> ------
> ACTION: Krishna to drive SAML profile of xmldsig.
> 
> Status: in progress. First draft doc sent to list.

still open. 

doc calls out list of open issues. 

will work towards scoping the issues over next week. check back nxt week. 



> ------
> ACTION: Don: to elaborate the number of 1-1 relationships and propose how to
> fix the resulting scaling issues.
> 
> Status: AI still open. to be sent out to list by October 8, 2001.

Don not here - no discussion. 

status: still open.




> ------
> ACTION: Gil: [DS-6-01:Nested Attributes] Not sure how SAML could address
> this [revisit at next call]
> 
> Status: AI still open.

somewhat related to "generic data slots" thread, actually entitled 

"options for change"
http://lists.oasis-open.org/archives/security-services/200110/msg00021.html


Hal: this is somewhat related to "nested groups", is what we have today good
enuff?

phb: we should leave interp of attrs as groups/roles to XACML

Gil: reason he kept this open at last f2f, was acting as proxy for Dave

Dave: issue is whether a) attrs are arbitrary xml "docs", or b) constrained
name=value pairs

phb: there's a need for open ended schema, but those needs are in minority, many
are going to be name=stringvalue. then we have the "any" mech for more general
extension. 


Status: AI closed: on gil's recommend. becase schema has "any" mech. 



> ------
> ACTION: Irving: Multiple NameIdentifiers are dangerous - Irving to write up
> proposal.
> 
> Status: AI still open.  material to appear by October 8, 2001.

"mult subjs in saml assertions"

some disc. on list.

AI closed

phb: core-16 wording tossed at f2f-4. new wording by phb in thread on list and
in core-19(?).

chris: doesn't understand where there's one nameident that's bound to 3 subj
confs. 

the salient issue here:
subj elem that contains mult confs vs. one that contains mult nameidents


NEW ACTION: Gil to write up background semantics and background assumptions on
relationships btwn NameIdentifier(s) and subjectConfirmation(s) within Subject
elements. 


> ------
> ACTION: Prateek: "Security properties of Assertion Handle"
> 
> Status: in progress. Will make progress by October 10, 2001.

no change in status. 


> ------
> ACTION: Prateek: Should the Bindings Group select either the HTTP or SOAP
> protocol bindings for inclusion in the final spec?
> 
> Status: This AI closed, in discussion on mailing list. Resolve by October 10.
> (discussion in focus meeting Oct 9, vote to follow)

<detailed discussion below in open discussion section>



> ------
> ACTION: Prateek: Should the SOAP binding address the issue of intermediaries
> - generate proposal for how
> 
> Status: This AI closed, in discussion on mailing list. Resolve by October 10.
> (discussion in focus meeting Oct 9, vote to follow)

<detailed discussion below in open discussion section>



> ------
> ACTION: prateek: pseudonym or somewhat anonymous subject identifiers
> 
> Status: in progress. will issue message before next focus call, October 9.

closed.
subsummed by Scott's NEW ACTION noted above.



> ------
> NEW ACTION: Tim, Simon, Prateek (champions): compose complete recommendation for
> "Relying Party tailors assertion in browser artifact profile"
> 
> Status: new item from 2-Oct SSTC/Focus concall.

Text has been proposed on the list, for both core and bindings docs. 

have some work to do to align. 

should stay open till we see a protocol schema that accoomodates the requrement.

still open.


> ------
> NEW ACTION: Marlena, Scott: to champion the "context info in attr query" issue.
> 
> Status: new item from 2-Oct SSTC/Focus concall.
> 
> This is item #2 from (yes?):
> Scott Cantor -- Shib schema quibbles/questions
> http://lists.oasis-open.org/archives/security-services/200109/msg00052.html

yes. 

simon - arguing that this is perhaps subsumed in his authz query poposal...

another attempt at azn query refinment 
http://lists.oasis-open.org/archives/security-services/200110/msg00042.html

suggested change is to add target to attr query. 

can "live" without this change -- will extend schema in shibb's use if have to. 

context is attempt to give the user some control about what info gets released. 


NEXT STEP: Scott: will propose explicit text & schema

Still open. 


> ------
> NEW ACTION: Scott, Marlena: to champion "attribute scope"
> 
> Status: thread started on the list.
> 
> http://lists.oasis-open.org/archives/security-services/200109/msg00059.html
> 
> see also:
> http://lists.oasis-open.org/archives/security-services/200109/msg00047.html

still open. 

phill: this is one incarnation of a more general mech that is needed. this
particular msg# 59 is subsumed by the "generic attr slot" proposal.


NEXT STEP: scott will post followup folded into Phill's thread (subject of
thread will change to something more enlightening hopefully). the thread..  

"options for change"
http://lists.oasis-open.org/archives/security-services/200110/msg00021.html


> ------
> NEW ACTION: Simon: to champion "Query refinement proposal"
> 
> Status: thread started on the list.
> 
> http://lists.oasis-open.org/archives/security-services/200109/msg00055.html

simon's posted a followup. 

has received one response that "we don't need". Simon indicated that he can live
without it. 

still open. we'll see if this proposal garners any support. If not, we will
enter into Issues list with a disposition of "deferred". 



> ------
> NEW ACTION: Phill: Generic attribute Slot
> 
> entitled "options for change"
> http://lists.oasis-open.org/archives/security-services/200110/msg00021.html


We will fold this ACTION in with the "attribute scope" AI listed above. 



> ===================
> End of Action Items
> ===================
> 
> ========================
> Focus Group Discussion:
> 
> <adapt list from above>
> 
> =========================


>   Prateek: Should the Bindings Group select either the HTTP or SOAP
>            protocol bindings for inclusion in the final spec?

prateek summarized msg on list

eve asserts that ipr issue might not be that big an issue. will send note to the
list with info she's garnered since bringing up the IPR issue last week. 

NEXT STEP: simon and prateek are requesting a formal vote on this next week on
the SSTC/Focus concall.

scott: requesting that there be research to assure, or not, that "yes it will be
very simple to impl saml soap binding using freely/commonly available soap
tools"


>   Prateek: Should the SOAP binding address the issue of intermediaries
>            - generate proposal for how

proposal not on the list yet. 

prateek propose that binding not support itermediaries, will gen a ballot and we
can vote on it. 


>   Don F. -- Smart Client Profile
> 

Don not on call.

> XML signature

No time to discuss. Everyone encouraged to review this doc and supply input that
will help Krishna satisfy the issues list documented therein. 


---
end