[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] Minutes for Telecon, Tuesday 23 July 2002
Minutes for SSTC Telecon, Tuesday 23 July 2002 Dial in info: +1 334 262 0740 #856956 Minutes taken by Steve Anderson > > Agenda: > > 1. Roll call > - Attendance attached to bottom of these minutes - Quorum achieved > > 2. Accept Phill as Chair Pro Tem > - [VOTE] no objections, accepted > > 3. Minutes of last meeting > - No comments - motion to approve - [VOTE] no objections, accepted > > 4. Action items from last meeting > - either nothing to report, or will be covered later in call > > 5. Errata to TC Document > 5.1 Pure typos > 5.2 XML Signatures > 5.3 Fragment identifiers > 5.4 Other errata > - Phill spoke to Karl Best - he didn't see any problem having errata, provided it came early in the approval process, which we are in - OASIS is considering changing the process wrt errata - if we put out errata agreed to in this meeting, it would be acceptable - Eve: so if we produce SAML v02 today, it will be accepted? - Phill: yes - discussion of what errata is, which isn't specified by OASIS - gravitating toward what we previously discussed as "purely editorial" changes, such as typos and contradictory statements where the intent was fairly clear - Eve: couple of points - if we are to entertain the notion of doing this by end of month, we are at the end of the month and she will not have cycles to contribute - was concerned that SAML might fail vote if it had obvious interop issues, however, we've had a very successful couple of weeks, so there shouldn't be any serious negative votes - so, level of comfort has increased releasing spec as is - we can proceed, with issues clearly identified - Phill also will be too busy to work on errata immediately - Phill: how did we inadvertently force the use of XPath in the signatures rather than XPointer? - Eve: XPointer is not a recommendation yet - discussion of suitability of making this normative - Rob: can we just provide guidance to implementors rather than change the spec - discussion goes back to XPointer - Phill: sounds like this goes beyond errata, and should be taken up in v.next - discussion returning to Rob's suggestion of guidance doc - Prateek: so we are deferring this whole signature discussion to a "best practices" doc? - Phill: yes - motion to treat all errata as advice to implementors, in a separate doc, rather than attempt to amend SAML 1.0 at all - i.e., we don't produce an errata doc, and that interop advice be produced in a separate doc - [VOTE] no objections, accepted > > 6. WS Security Report > - Prateek: on the hook to provide an 02 version of the doc, and will do so today - will not have substantial changes - still looking for comments - Maryann: possible to get you comments after today? - Prateek: absolutely, this is a work in progress, and will be modified further beyond the 02 version - Hal: we'll need to liaise with the new TC once it's formed to see how we want to divide work - this may not become a spec of this TC - Prateek: this is a question of whether we feel this upcoming doc accurately represents our view of adding SAML to WS-Sec, which is important to determine before the new TC forms - Hal: throwing out suggestion of adding a new header that addresses the "purpose" of the assertion - left as something to consider in later discussions - Hal: asking Prateek if his document discusses roles or actors - Prateek: stayed with SOAP terminology, so uses "actors" - Hal: recent work on SOAP now uses "roles", yet another meaning of the term - Eve: hasn't heard any discussion of who will own this profile - Hal: thinks it can't be decided on until new TC is formed - Maryann: indicates IBM will support it being owned by new TC - Rob: will SJC take this discussion up any time soon? - Hal: until new TC is formed, it's moot - and it's not so much "them vs. us", since "them" will be made up of a lot of us - Phill: side note that XKMS F2F will be going on day after WSS F2F in same area - Hal: does anyone here care to speak strongly in favor of this new profile being handled in this TC? - Eve: just wants to see it done properly, as a first-class citizen in WS-Sec > > 7. AOB (Any Other Business) > - Eve: other documents - hasn't looked at interop docs used for the demo, but we had previously discussed such a doc for implementors - wondering if we should elevate this interop doc - Hal: there have been discussions of striping out a few things that were specific to the event, adding in a few other things, and publishing it, obviously non-normative - mainly need a volunteer - Eve: cites need for new website maintainer, and the one page FAQ being accessible from the SSTC site - Hal: working on a FAQ doc - (not getting a site maintainer volunteer ...) - Eve: Discuss WSDL for SAML - has been talking with her folks about a normative WSDL doc - she's asking her folks to make concrete improvement proposals - hopes to have those by next meeting - discussion of how to make normative, and what it should be tied to, e.g. binding, profile, etc - Irving: recalling that current WSDL was intended to describe the SOAP binding - binding-specific WSDL seems to have consensus - Irving: perfectly happy to pass ownership of that doc to someone more fluent in WSDL - Eve: comments from her folks have been on the level of granularity - just wants to get people thinking about it, so that someone will be leaning toward taking ownership of this - how does this relate to JSR155? - not clear, as JSR155 work had stalled, but is alleged to be getting back on track shortly - the most interesting thing JSR155 could do is take a SAML assertion apart and to semantically interesting things - the least interesting thing JSR155 could do is the actual sending and receiving of SAML protocol messages, which should come easily from a WSDL doc - stalling within JSR155 could have been from all early proposals being centered on the exchange of samlp messages, which doesn't offer as much value - Phill: soliciting volunteer to take ownership of WSDL - no takers - Eve: suggests we bounce it (and the update suggestions) around first - Prateek: offers to provide review - leaving it at that for now - Date of next meeting: 6 Aug - should have one or both chairs back - Hal: OASIS and W3C are jointly sponsoring one-day symposium on web services (around 26 Aug) as part of XML Web Services One conference < http://www.oasis-open.org/committees/security-jc/#Events > > > 8. Adjourn > - Adjourned ----------------------------------------------------------------------- Attendance of Voting Members: Allen Rogers Authentica Irving Reid Baltimore Krishna Sankar Cisco Hal Lockhart Entegrity Don Flinn Hitachi Jason Rouault HP Prateek Mishra Netegrity Charles Knouse Oblix Steve Anderson OpenNetwork Rob Philpott RSA Security Jahan Moreh Sigaba Eve Maler Sun Aravindan Ranganathan Sun Bob Morgan UWashington Phillip Hallam-Baker Verisign Attendance of Observers or Prospective Members: Mingde Xu CrossLogix Maryann Hondo IBM Scott Cantor OSU Membership Status Changes: Marc Chanliau Netegrity - lost voting status due to inactivity -- Steve
Attachment:
sanderson.vcf
Description: Card for Steve Anderson
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC