[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] Minutes for SSTC Focus Group, Tuesday Oct 16
Minutes for SSTC Focus Group, Tuesday Oct 16 Dial in info: +1 334 262 0740 #856956 Minutes taken by Steve Anderson >> Focus subgroup Agenda >> >> 1 - Agenda review (discussion items after Action Items review) >> - Issue addition by Irving: single/multiple assertion question - Issue addition by Prateek: senderVouches security model >> ============ >> ACTION items >> ============ >> >> ACTION: Prateek to start traceability review before the next TC >> telecon using discussion-01 docs and going back to use cases" >> >> Status: Action Item (AI) remains open in wait state. >> - Prateek: once we’ve met at F2F, good point to drive discussion - Deferred until after F2F >> ------ >> ACTION: Scott will propose text that documents the detailed >> semantics of NameIdentifier. >> >> Status: >> http://lists.oasis-open.org/archives/security-services/200110/msg00067.html >> - Scott is not on call - Deferred to next call >> ------ >> ACTION: Krishna to drive SAML profile of xmldsig. >> >> Status: in progress. First draft doc sent to list. >> - Krishna - Little response to messages posted on list - Asking Phill directly about changes proposed in message on list - Phill: Makes sense to add XMLDSig element - Question of cardinality of assertions within a signature - Eve: Having multiples not part of SAML proper - Chris McLaren: what’s the problem? Can’t signature assertion semantics just extend to multiple statements? - Irving: no way for requestor to express ability to handle multiples versus singles - Most likely only used for Attribute Assertions - Chris: Semantic problems are the same for one assertion w/ multiple statements as for multiple assertions each w/ one statement - Multiple statements under one assertion header is already in Core 19 - Gil: implementing the former is easier than latter - Chris: just did it, not that different - Irving: issues is adding another layer of multiplicity, but semantics issues are the same - Dave O: at F2F#3, had recommended XMLAny approach - Chris: we did that, just worded differently - We have strongly typed assertions - Can still send more than one assertion in a response -- not forced to lump all into one with single set of validity data, etc. - No intended semantics among statements that are lumped into one signed package, but some implementer will invariably assume some semantic meaning - Bob B: Is it reasonable to provide optimizations that are potentially problematic in advance of measured performance issues? - Gil doesn’t want to take something that is potentially bad and make it worse - Irving wants one or other: assertions always have multiple statements or multiple assertions always have one statement each - Eve warns against allowing semantic holes in our spec, and this situation causes nervousness - Enough discussion for now >> ------ >> ACTION: Don: to elaborate the number of 1-1 relationships and >> propose how to fix the resulting scaling issues. >> >> Status: AI still open. to be sent out to list by October 8, 2001. >> - Don not on call - Deferred to next call >> ------ >> ACTION: Gil to write up background semantics and background >> assumptions on relationships btwn NameIdentifier(s) and >> subjectConfirmation(s) within Subject elements. >> - Sent to list. Includes proposal to modify Core19 - Irving: going in circles with Core16 and Core19. Irving wants just one identifier, which aligns closely with Gil’s proposal - Gil: Multiple subject specifiers not necessary - Read and comment on list - Closed >> ------ >> ACTION: Prateek: "Security properties of Assertion Handle" >> >> Status: in progress. Will make progress by October 10, 2001. >> - Prateek: Will move on this this week - Still open >> ------ >> ACTION: Tim, Simon, Prateek (champions): compose complete >> recommendation for "Relying Party tailors assertion in browser >> artifact profile" >> >> Status: Text has been proposed on the list, for both core and >> bindings docs. have some work to do to align. should stay open >> till we see a protocol schema that accoomodates the requrement. >> >> still open. >> - Text has been delivered to Prateek. Must be integrated into doc. - Still open >> ------ >> ACTION: Marlena, Scott: to champion the "context info in attr >> query" issue. >> >> Status: Scott: will propose explicit text & schema >> - Write-up sent out to list - Read and comment on list - Closed >> ------ >> ACTION: Scott, Marlena: to champion "attribute scope" >> >> NEXT STEP: Scott will post followup folded into Phill's thread >> (subject of thread will change to something more enlightening >> hopefully). the thread.. >> >> "options for change" >> http://lists.oasis-open.org/archives/security-services/200110/msg00021.html >> - Scott not on call - Marlena has nothing to add to Scott’s messages on list - Still open >> ------ >> ACTION: Simon: to champion "Query refinement proposal" >> >> still open. we'll see if this proposal garners any support. If >> not, we will enter into Issues list with a disposition of >> "deferred". >> - Deferred to F2F#5 ------ New Discussion Item: single/multiple assertion question (Irving) - Topic handled earlier. Withdrawn ------ New Discussion Item: senderVouches security model (Prateek) - Originated in Bindings subgroup - Prateek has written up proposal message, and suggests everyone read and comment - Message not on list yet, but will be - BobB: Is scenario useful to anyone? - Prateek believes so. Just a question of how to architect it. -- Steve Anderson OpenNetwork Technologies sanderson@opennetwork.com 727-561-9500 x241
begin:vcard n:Anderson;Steve tel;fax:727-561-0303 tel;work:727-561-9500 x241 x-mozilla-html:FALSE url:www.opennetwork.com org:OpenNetwork Technologies version:2.1 email;internet:sanderson@opennetwork.com title:Product Architect adr;quoted-printable:;;13577 Feather Sound Drive=0D=0ASuite 330;Clearwater;Florida;33762;USA x-mozilla-cpt:;-15216 fn:Steve Anderson end:vcard
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC