[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] Consolidated action item list and agenda for Dec 4focus meeting
I pulled together the action items from the face-to-face and some of the discussion on the list. I suspect I missed a few, so please update the list at the teleconference tomorrow.
Jeff will be chairing the meeting - I am triple booked at noon.
- joe
Agenda:
1. Review status of milestones
2. Review status of action items - and move to resolution
3. Additional items?
Outreach status
4. Adjourn
Issues and action items arising from F2F#5 - does not include editorial issues which are found in the minutes of the meeting
Milestones to accomplish:
Publication and Review:
[M1 - Prateek] - publish bindings-07 during week of Dec 3.
[M2 - Tim, Simon, Irving] - detailed reviews: Tim - section 4.1; Simon - section 3.1; Irving - section 4.2
[M3 - Prateek] - publish bindings-08 during week of Dec 17.
Open Action Items:
[A2: Prateek] - Section 3.1.9.2, need to capture SSL version, cipher suites, etc
Status: thread on direction: < http://lists.oasis-open.org/archives/security-services/200111/msg00025.html >
[A3: Prateek] - Section 3.1.5, need to further define error cases
[A4: Prateek] - Section 4.1.1, create a diagram for this section
[A5: BobB] - Section 4.1.3 472-473, text to clarify construction of ID (w.r.t. uniqueness)
[A6: Prateek] - Line 565, capture the threat (leading to requiring a <saml:audience>, then decide to leave it, change it, or strike it
[A7: Simon] - text for "things you might do in step 6"
[A9: Irving] - line 788-791, provide clarifying language for application level error handling. Tied to Scott's status code proposal
< http://lists.oasis-open.org/archives/security-services/200111/msg00049.html >
[A11: Irving] - line 824-829, Irving to research and propose language to weaken requirement on signing over entire message (body and headers). The proposal is to require signing over assertion headers and body only. Other components are to be signed by agreement between sender and receiver (out of scope for us).
[A12: Irving] - line 847-848, change "subject" to "sender"
[A13: Prateek] - add text on threat model and security counter measures
[A14: Phill] - will post to list to try to recover original intent for AssertionSpecifier as subject
[A15: Chris] - Write up advice on how to use current approach to generic slots for attributes
[A16: RLBob] - adding context to attribute query; provide text for core document including recommendations for minimum behavior.
[A17: Charles] - to complete proposal for adding failure "reason" for SAML response.
Status: < http://lists.oasis-open.org/archives/security-services/200111/msg00037.html >
[A18: Phill] - completion of error code specification for core
[A19: Chris] - eliminate <assertion> and rename <MultipleAssertion> Assertion. Draft text to deal with multiple assertions that are contradictory or cannot be reconciled.
[A20: Prateek] - Need for additional ConfirmationMethod identifiers (Prateek and Phil)
Bindings-06 uses two identifiers not found in core: HolderOfKey and SenderVouches. It is important to understand that no change in schema is being proposed, only new text and constants for Section 5 of core. Prateek to send Phil necessary text.
[A21: Simon] - Section 3.1, SAML SOAP binding. Simon to review and add text to reflect F2F#4 discussion.
[A22: Irving] - core line 752, return code for completeness specifier:
< http://lists.oasis-open.org/archives/security-services/200111/msg00031.html >
[A23: Chris] - explain use of xsi:type attribute to introduce element of basic XML schema type to avoid the need to introduce new schemas for the sole purpose of specifying a string attribute value.
[A24: Phill] - Bring together Tim's etc. text for the Authentication mechanism section.
[In progress]
[A25: Phill & Eve] - Eve's reorganization of preamble
[A26: Phill] - text on the <RespondWith> option voted for at F2F#5
Closed Issues:
[A1: RLBob] - section 2.4, Bindings/profile registry; Prateek will work with Eve to see if OASIS could serve
< http://lists.oasis-open.org/archives/security-services/200111/msg00044.html >
[Resolution - approved by vote at SSTC telecon Nov. 27]
[A8: RLBob] - Section 4.1.6.1 732-733, provide text for new "for your eyes only" condition element
The FORM Post architecture should not rely on the <Audience> element for target information. A <ForYourEyesOnly> tag is to be included
within core. Bob will provide needed text to Phil.
[Resolution: renamed
targetRestrictions, text submitted to Phill, item closed]
[A10: N/A]
Joe
Pato
HP Labs Cambridge
Principal
Scientist
1 Main Street, 10th Floor
Trust, Security &
Privacy
Cambridge, MA 02142
Trusted E-Services Lab - HP
Labs Phone: (617) 679-9376
<http://www.hpl.hp.com>
Fax 1: (617) 679-9330
<http://www.hp.com/security>
Fax 2: (781) 674-0142
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC