[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] Minutes for Telecon, Tuesday 9 July 2002
Minutes for SSTC Telecon, Tuesday 9 July 2002 Dial in info: +1 334 262 0740 #856956 Minutes taken by Steve Anderson > > Agenda: > > 1. Roll call > - Attendance attached to bottom of these minutes - Quorum achieved > > 2. Appointing Phillip Hallam-Baker as Chair pro tem > - no objections > > 3. Minutes and Action Items from previous meeting > - Phill: sure that no one said WS-Security is going anywhere just yet - Hal: will correct in minutes - Prateek: his main action was to revise current WS profile draft, which he hasn't done, and projects a week - Phill: had action to speak to authors of WS-Sec, which he has done and informed them that SAML group is on board with them - Hal: Karl mentioned there could be an opportunity for a SAML quote around the formation of an OASIS TC for WS-Sec - discussion of how big a room will be required for first WS-Sec TC meeting - Hal: expects new TC to joint security JC - also expects formation of group to coordinate between OASIS and W3C - Phill: moves that quote that was worked on for WS-Sec be reworked in preparation for announcement of new OASIS TC - [VOTE] no objections > > 4. The OASIS Standardization Process and Errata Handling > - Hal: wasn't clear from last meeting how to notify reviewers that there is an errata - Eve: looked into options for errata - we cannot change the doc - vote must be on SAML 1.0 without errata, so there would have to be a separate vote on SAML 1.1 that includes errata - Hal: drives another 4-month schedule - Maryann: joining late, asking about WS-Sec profile - Prateek: just a draft, touched up from old SOAP profile draft - soliciting input - available in list archive - Phill: how serious are the errata/typos? - Hal: suggests someone take action item to consult with Karl on how to handle errata - [ACTION] Phill to consult with Karl on errata process > > 5. WS-Security [Report] > - Phill: asking if Maryann will be the IBM person from WS-Sec working on interop with SAML - Maryann: yes - Phill: if WS-Sec work is done well, we'd expect lots of the pieces that might be in the SAML profile would actually be in the WS-Sec spec - Maryann: considers herself a liaison between the two groups - discussion about relationship between the two TCs - Prateek: will publish comment to list on his view - our goal here is to drive through basic use cases of how SAML objects are attached to SOAP messages - Phill: would like to see SAML treated as a first class object in WS-Sec, so would like to see it defined in no less detail than Kerberos, PKIX, etc > > 6. XML Signature Issues [Canonicalization] > > < http://lists.oasis-open.org/archives/security-services/ > 200207/msg00001.html > > - Scott: sorry this came so late - Irving: got response from one of their XML DSig guys - would be a good idea to switch to the exclusive c14n - use of XPath discussed - using ID method will be easier - Phill: prefers simpler approach, which leads away from XPath and toward IDs - Irving: some analysis shows exponential performance impacts of some XPath transforms - Phill: this sounds like more than a typo change - Scott: concurs - Hal: DSig not used in Interop Demo - Scott: Browser POST profile is the only place where signing is normative, but requirement is to sign the entire response, which is not encumbered by this issue (since the reference can be to the root element via ""), versus signing the assertion in the response - so, this c14n issue doesn't affect any of the current profiles, but it will affect the WS-Sec profile - discussion of how to make this change - Hal: can SAML WS-Sec Profile just require exclusive c14n? - Scott: thinks it would have more value to make a statement in the core standard on this, but it could be on a per-profile basis - there's only 3 elements where these IDs would have to be introduced - Irving: are we at risk for a negative vote over the fact that we've specified the use of XML signatures, but not enough to ensure interop? - expect that only a few people recognize the issue - Eve: we need a fresh issues list entry on this - [ACTION] Hal will create new issues list entry - discussion leading to feeling that the required 4-month schedule makes the choice of formal amendments to spec undesirable, so we would like some way to point to significant errata doc, which reflects an eye to SAML 1.1 > > 7. Eve's issue on fragment identifiers > > < http://lists.oasis-open.org/archives/security-services/ > 200206/msg00036.html > > - Eve: issue of fragment identifiers - picking up from discussion on list - suggests we just always use full URIs as a safe workaround until it can be improved in the future - This can be treated as an errata item - requires changes to values in section 7 - in general we need to talk more about the use of URIs, as we are currently underspecified in this regard - Phill - agreement to use absolutes in short term - Eve: moves that we agree that absolute URIs are the correct use, and that wording be added to the interop document or some other non-normative document to indicate our intent for future versions of SAML - [VOTE] no objections > > 8. Other business > - Hal: soliciting input on FAQ - Prateek: soliciting review and comment on WS-Sec draft > > 9. Adjourn > - Adjourned ----------------------------------------------------------------------- Attendance of Voting Members: Allen Rogers Authentica Irving Reid Baltimore Krishna Sankar Cisco Ronald Jacobson Computer Associates Hal Lockhart Entegrity Carlisle Adams Entrust Robert Zuccherato Entrust Prateek Mishra Netegrity Charles Knouse Oblix Steve Anderson OpenNetwork Rob Philpott RSA Security Jahan Moreh Sigaba Bhavna Bhatnagar Sun Eve Maler Sun Emily Xu Sun Bob Morgan UWashington Phillip Hallam-Baker Verisign Attendance of Observers or Prospective Members: Mingde Xu CrossLogix Maryann Hondo IBM Scott Cantor OSU -- Steve
Attachment:
sanderson.vcf
Description: Card for Steve Anderson
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC