[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] Minutes for Telecon, Tuesday 20 August 2002
Minutes for SSTC Telecon, Tuesday 20 August 2002 Dial in info: +1 334 262 0740 #856956 Minutes taken by Steve Anderson > > Agenda: > > 1. Roll call > - Attendance attached to bottom of these minutes - Quorum achieved > > 2. Approve minutes for: > 6 August meeting > < http://lists.oasis-open.org/archives/security-services/ > 200208/msg00004.html > > 23 July Meeting: > < http://lists.oasis-open.org/archives/security-services/ > 200207/msg00031.html > > 9 July Meeting > < http://lists.oasis-open.org/archives/security-services/ > 200207/msg00011.html > > 25 June Meeting: > < http://lists.oasis-open.org/archives/security-services/ > 200207/msg00007.html > > - [VOTE] no objections, approved > > 3. SAML ng (next generation) todo list prioritization > < http://lists.oasis-open.org/archives/security-services/ > 200208/msg00010.html > > - Jeff: more categorized than prioritized - identifies obtainable items over next 3-6 months - may want to leverage Liberty group for some longer-term items - Eve: one of reasons for SAML 1.1 idea is that SAML 1.0 won't complete OASIS approval until end of Nov, so introducing significant feature change might be unseemly - Jeff: as example of near-term bug fixes, there are issues in XMLDSig that implementors are encountering that we can firm up - Jeff walks through list in email - Group [A] - re: profiles vs. extensions, XACML is an example of a profile, in that it doesn't introduce changes to the SAML schema, where Liberty did, in fact, created schema extensions - Stops for consensus around this breakdown of tasks - Hal: SAML 1.1/@.0 distinction is a good idea - Prateek: agrees, thinks 1.1 is still a substantial piece of work - Prateek: regarding Liberty, will we incorporate all of Liberty's model? - Eve: we will have to refine our scope to determine our relationships with other specs - also need to revisit our charter - Jeff: are there any items in group [B] that people feel should be moved to group [A]? - Prateek: may come up with some later after further review - Eve: in reverse direction, we should "dare to do less" - Jeff: for group [B], there are too many to take on, so we will have to make decisions based on customer needs - Hal: seems that 2 items are duplicates - credential collector - pass through authentication - Jeff: not productive to sift through all of group [B] now - Jeff: group [C] - item 1 relates to XACML work - do the XACML folks want to codify a SAML profile and have it registered with this TC? - Hal: XACML has taken idea of allowing use of SAML, but not mandating it - so don't know if there will be a need for this registration - XACML still considering proposing an enhanced AuthZDecisionReq - left open - Jeff: group [D] - Liberty's AuthN Context is clearly orthogonal, but still of interest to this TC -- and others - may just want to shepherd this to a suitable home - Hal: only bad scenario is if SSTC and Liberty _both_ modify it - some fuzziness around appropriateness of group [D] - Jeff: is there anything else useful to do on this on today's call? - Hal: are there items in group [B] that people feel are urgent? - Hal: example of encryption, which is usually mentioned in same breath as signature - Scott: sees need for richer SSO semantics, but could live with waiting for group [B] - Steve: credential collector, in some form, would be useful sooner rather than later - Hal: good, looking forward to comments on his paper > > 4. Other Business > - Hal: last week, posted note relating to XACML/RLTC - realized significant overlap in agenda between these two groups - sees danger in same work going on in two places - not posing solution, just wants people to care about this issue - Joe: is this on agenda for SJC? - Hal: not optimistic that much can be done in that venue - Carlisle: was also surprised to see recent RLTC material indicating overlap - Carlisle: shares Hal's pessimism wrt SJC - Hal: OASIS seems perfectly fine with duplicate work, leaving "survival of the fittest" dynamics to work - Hal: believes that an inferior standard is preferable to duplicate standards - Eve: status report on WS-Sec Profile - getting minor edits now - will be sent to Prateek by tomorrow am - Prateek: will make a couple additions and then publish > > 5. Adjourn > - Adjourned ----------------------------------------------------------------------- Attendance of Voting Members: Allen Rogers Authentica Irving Reid Baltimore Mingde Xu CrossLogix Hal Lockhart Entegrity Carlisle Adams Entrust Don Flinn Hitachi Joe Pato HP Jason Rouault HP Prateek Mishra Netegrity Steve Anderson OpenNetwork Jahan Moreh Sigaba Bhavna Bhatnagar Sun Jeff Hodges Sun Eve Maler Sun Aravindan Ranganathan Sun Bob Morgan UWashington Simon Godik (individual) Attendance of Observers or Prospective Members: Scott Cantor OSU -- Steve
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC