OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [security-services] Minutes for Telecon, Tuesday 9 July 2002

Minutes for SSTC Telecon, Tuesday 9 July 2002
Dial in info: +1 334 262 0740 #856956
Minutes taken by Steve Anderson


>
> Agenda:
>
> 1. Roll call
>

- Attendance attached to bottom of these minutes
- Quorum achieved

>
> 2. Appointing Phillip Hallam-Baker as Chair pro tem
>

- no objections

>
> 3. Minutes and Action Items from previous meeting
>

- Phill: sure that no one said WS-Security is going anywhere just yet
- Hal: will correct in minutes
- Prateek: his main action was to revise current WS profile draft, which
  he hasn't done, and projects a week
- Phill: had action to speak to authors of WS-Sec, which he has done
  and informed them that SAML group is on board with them
    - Hal: Karl mentioned there could be an opportunity for a SAML
      quote around the formation of an OASIS TC for WS-Sec
    - discussion of how big a room will be required for first WS-Sec TC
      meeting
    - Hal: expects new TC to joint security JC
    - also expects formation of group to coordinate between OASIS and
      W3C
    - Phill: moves that quote that was worked on for WS-Sec be reworked
      in preparation for announcement of new OASIS TC
    - [VOTE] no objections

>
> 4. The OASIS Standardization Process and Errata Handling
>

- Hal: wasn't clear from last meeting how to notify reviewers that
  there is an errata
- Eve: looked into options for errata
- we cannot change the doc
- vote must be on SAML 1.0 without errata, so there would have to
  be a separate vote on SAML 1.1 that includes errata
- Hal: drives another 4-month schedule
- Maryann: joining late, asking about WS-Sec profile
    - Prateek: just a draft, touched up from old SOAP profile draft
    - soliciting input
    - available in list archive
- Phill: how serious are the errata/typos?
- Hal: suggests someone take action item to consult with Karl on how
  to handle errata
- [ACTION] Phill to consult with Karl on errata process

>
> 5. WS-Security  [Report]
>

- Phill: asking if Maryann will be the IBM person from WS-Sec
  working on interop with SAML
- Maryann: yes
- Phill: if WS-Sec work is done well, we'd expect lots of the pieces
  that might be in the SAML profile would actually be in the WS-Sec
  spec
- Maryann: considers herself a liaison between the two groups
- discussion about relationship between the two TCs
    - Prateek: will publish comment to list on his view
    - our goal here is to drive through basic use cases of how SAML
      objects are attached to SOAP messages
- Phill: would like to see SAML treated as a first class object in
  WS-Sec, so would like to see it defined in no less detail than
  Kerberos, PKIX, etc

>
> 6. XML Signature Issues [Canonicalization]
>
>    < http://lists.oasis-open.org/archives/security-services/
>      200207/msg00001.html >
>

- Scott: sorry this came so late
- Irving: got response from one of their XML DSig guys
- would be a good idea to switch to the exclusive c14n
- use of XPath discussed
- using ID method will be easier
- Phill: prefers simpler approach, which leads away from XPath and
  toward IDs
- Irving: some analysis shows exponential performance impacts of
  some XPath transforms
- Phill: this sounds like more than a typo change
- Scott: concurs
- Hal: DSig not used in Interop Demo
- Scott: Browser POST profile is the only place where signing is
  normative, but requirement is to sign the entire response, which
  is not encumbered by this issue (since the reference can be to the
  root element via ""), versus signing the assertion in the response
- so, this c14n issue doesn't affect any of the current profiles,
  but it will affect the WS-Sec profile
- discussion of how to make this change
- Hal: can SAML WS-Sec Profile just require exclusive c14n?
- Scott: thinks it would have more value to make a statement in the
  core standard on this, but it could be on a per-profile basis
- there's only 3 elements where these IDs would have to be introduced
- Irving: are we at risk for a negative vote over the fact that
  we've specified the use of XML signatures, but not enough to
  ensure interop?
- expect that only a few people recognize the issue
- Eve: we need a fresh issues list entry on this
- [ACTION] Hal will create new issues list entry
- discussion leading to feeling that the required 4-month schedule
  makes the choice of formal amendments to spec undesirable, so
  we would like some way to point to significant errata doc, which
  reflects an eye to SAML 1.1

>
> 7. Eve's issue on fragment identifiers
>
>    < http://lists.oasis-open.org/archives/security-services/
>      200206/msg00036.html >
>

- Eve: issue of fragment identifiers
    - picking up from discussion on list
    - suggests we just always use full URIs as a safe workaround until
      it can be improved in the future
    - This can be treated as an errata item
    - requires changes to values in section 7
    - in general we need to talk more about the use of URIs, as we are
      currently underspecified in this regard
    - Phill
    - agreement to use absolutes in short term
    - Eve: moves that we agree that absolute URIs are the correct use,
      and that wording be added to the interop document or some other
      non-normative document to indicate our intent for future versions
      of SAML
    - [VOTE] no objections

>
> 8. Other business
>

- Hal: soliciting input on FAQ
- Prateek: soliciting review and comment on WS-Sec draft

>
> 9. Adjourn
>

- Adjourned


-----------------------------------------------------------------------

Attendance of Voting Members:

  Allen Rogers Authentica
  Irving Reid Baltimore
  Krishna Sankar Cisco
  Ronald Jacobson Computer Associates
  Hal Lockhart Entegrity
  Carlisle Adams Entrust
  Robert Zuccherato Entrust
  Prateek Mishra Netegrity
  Charles Knouse Oblix
  Steve Anderson OpenNetwork
  Rob Philpott RSA Security
  Jahan Moreh Sigaba
  Bhavna Bhatnagar Sun
  Eve Maler Sun
  Emily Xu Sun
  Bob Morgan UWashington
  Phillip Hallam-Baker Verisign


Attendance of Observers or Prospective Members:

  Mingde Xu CrossLogix
  Maryann Hondo IBM
  Scott Cantor OSU

--
Steve

Attachment: sanderson.vcf
Description: Card for Steve Anderson

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC