[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] minutes for Focus teleconf, Tuesday March 5 2002
The resolutions on some of the items below weren't clear, I hope I haven't
misrepresented them.
- RL "Bob"
---
SAML focus meeting
2002/03/05
----------
reviewing SAP comments submitted to comments list 28 Feb
http://lists.oasis-open.org/archives/security-services-comment/200202/msg00008.html
SAP-1. why "indeterminate" value?
Hal: this has come up before, and is arguable. Question is whether
model is that a PDP is always authoritative, or can say "I don't
know".
Irving: wouldn't that better be an error response?
Hal: XACML has 4-state model, could argue 3 vs 2 forever
Rob: have to give more explanation if we keep 3
Phill: have to distinguish "no" from "I don't know" or "no comment"
if ask 2 PDPs, one says "yes", one says "don't know", that might
add up to "yes", as opposed to "yes" and "no" responses
Scott: but seems weird to have "assertion" of "don't know"
but it's a style thing
Hal: need someone to propose language one way or the other
Phill: will produce text with both indeterminate and error code
Simon: please coordinate since want to make sure is XACML is in
sync
Jeff: let's jump to comment 14 (confirmationMethod vs
authenticationMethod)
Hal: proposed text on this
Jeff: but it's not in the doc, sent minor mods in recent msg to list
Prateek: thread started on list, "query-processing rules" ?
SAP-2: AssertionID element naming
Eve: had suggested a while ago to get rid of AssertionSpecifier as
wrapper element, and just make choice in those places where it's
used
Scott: SAP-proposed change doesn't work
Hal: still have AssertionIDReference, right?
Irving: difference between "address of" and "pointer to"
Prateek: move on to resolution?
Eve: made this suggestion several times ...
Joe: but have to do it again
Hal: SAP-3 is very similar
Eve: bug on line 366
Hal: seems like this is "agreed to but unimplemented"
Eve: OK, will resubmit
SAP-4: confusion in use of "authentication assertion"
Hal: obviously reflects undone changes based on move to Statements
need to look everywhere we say "assertion" to see if we mean
"statement"
SAP-5: audience vs target
Hal: should be cleared up by moving target to Response, right?
Bob: yes, as applied to its use in Response it's more clear
Hal: only defined in context of POST?
Scott: only narrowly defined there, would always be http(s) URL
Hal: so undefined for other uses?
Bob: language proposed, I'll send to list
SAP-6: target minoccurs
Bob: obsolete now that Target is not a condition
SAP-7: securitydomain
Prateek: addressed in nameidentifier fixup
SAP-8: locality confusing
Hal: yeah, brought up before
Irving: so AuthenticationSubjectLocality ?
Scott: can we get rid of "Authentication" ?
Prateek: so "SubjectLocality"
Hal: OK
SAP-9: can't authorize for range
Hal: misunderstanding, we ruled out wildcards and ruled out
passing along policy like ranges
so is more normative text needed? or advice?
view adding more non-normative text with suspicion
Irving: implies clarification needed
Hal: OK, text suggestions solicited
SAP-10: attrnamespace and name optional
Scott: just a bug, isn't it, didn't we decide they're required?
Irving: hmm, not sure
SAP-11: attrvalue is anyNumber
Eve: just a typo, isn't it?
Simon: schema tool doesn't like "anyType" when imported into another
schema
Scott: schema tools are broken
SAP-12: zero-statement assertion as "ping" using RespondWith
Irving: seems like obscure use, likely to confuse
Scott: status of RespondWith QName?
Irving: sort of muddy, since semantics slightly different
Hal: isn't it easy enough to use RespondWith and get zero response?
if it's a trick, then not justified.
Polar Humenn's request more reasonable.
Prateek: I'll take SAP comments 24-30, suggestion resolution
Hal: I'll take 13-23
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC