[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] minutes for Focus teleconf, Tuesday March 5 2002
The resolutions on some of the items below weren't clear, I hope I haven't misrepresented them. - RL "Bob" --- SAML focus meeting 2002/03/05 ---------- reviewing SAP comments submitted to comments list 28 Feb http://lists.oasis-open.org/archives/security-services-comment/200202/msg00008.html SAP-1. why "indeterminate" value? Hal: this has come up before, and is arguable. Question is whether model is that a PDP is always authoritative, or can say "I don't know". Irving: wouldn't that better be an error response? Hal: XACML has 4-state model, could argue 3 vs 2 forever Rob: have to give more explanation if we keep 3 Phill: have to distinguish "no" from "I don't know" or "no comment" if ask 2 PDPs, one says "yes", one says "don't know", that might add up to "yes", as opposed to "yes" and "no" responses Scott: but seems weird to have "assertion" of "don't know" but it's a style thing Hal: need someone to propose language one way or the other Phill: will produce text with both indeterminate and error code Simon: please coordinate since want to make sure is XACML is in sync Jeff: let's jump to comment 14 (confirmationMethod vs authenticationMethod) Hal: proposed text on this Jeff: but it's not in the doc, sent minor mods in recent msg to list Prateek: thread started on list, "query-processing rules" ? SAP-2: AssertionID element naming Eve: had suggested a while ago to get rid of AssertionSpecifier as wrapper element, and just make choice in those places where it's used Scott: SAP-proposed change doesn't work Hal: still have AssertionIDReference, right? Irving: difference between "address of" and "pointer to" Prateek: move on to resolution? Eve: made this suggestion several times ... Joe: but have to do it again Hal: SAP-3 is very similar Eve: bug on line 366 Hal: seems like this is "agreed to but unimplemented" Eve: OK, will resubmit SAP-4: confusion in use of "authentication assertion" Hal: obviously reflects undone changes based on move to Statements need to look everywhere we say "assertion" to see if we mean "statement" SAP-5: audience vs target Hal: should be cleared up by moving target to Response, right? Bob: yes, as applied to its use in Response it's more clear Hal: only defined in context of POST? Scott: only narrowly defined there, would always be http(s) URL Hal: so undefined for other uses? Bob: language proposed, I'll send to list SAP-6: target minoccurs Bob: obsolete now that Target is not a condition SAP-7: securitydomain Prateek: addressed in nameidentifier fixup SAP-8: locality confusing Hal: yeah, brought up before Irving: so AuthenticationSubjectLocality ? Scott: can we get rid of "Authentication" ? Prateek: so "SubjectLocality" Hal: OK SAP-9: can't authorize for range Hal: misunderstanding, we ruled out wildcards and ruled out passing along policy like ranges so is more normative text needed? or advice? view adding more non-normative text with suspicion Irving: implies clarification needed Hal: OK, text suggestions solicited SAP-10: attrnamespace and name optional Scott: just a bug, isn't it, didn't we decide they're required? Irving: hmm, not sure SAP-11: attrvalue is anyNumber Eve: just a typo, isn't it? Simon: schema tool doesn't like "anyType" when imported into another schema Scott: schema tools are broken SAP-12: zero-statement assertion as "ping" using RespondWith Irving: seems like obscure use, likely to confuse Scott: status of RespondWith QName? Irving: sort of muddy, since semantics slightly different Hal: isn't it easy enough to use RespondWith and get zero response? if it's a trick, then not justified. Polar Humenn's request more reasonable. Prateek: I'll take SAP comments 24-30, suggestion resolution Hal: I'll take 13-23
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC