OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [security-services] agenda: SSTC telecon meeting tuesday 15-Oct-2002


Minutes from prior meeting...
------------------------------

[security-services] Minutes for Telecon, Tuesday 1 October 2002
http://lists.oasis-open.org/archives/security-services/200210/msg00015.html



Agenda Items for 15-Oct-2002...
-------------------------------

1. Roll Call


2. Approval of prior meeting's minutes (see ref above)


3. Agenda bashing


4. Review of open Action Items (AIs)...

                     -------------------

AI-2. Carlisle Adams to take the "Standardize Issuer Name Format" back
      to the XACML for more clear requirements and/or proposal. 



AI-3. Eve to ask other TCs about how they did their charter
      modifications.



AI-5. Rob and Irving to look over Eve's submission on fragment
      identifiers



AI-6. Jeff to determine if conformance language around the notions of
      profiles vs. extensions is really an issue

[in progress (will try to do this week)]


AI-7. Prateek & Jeff to look at Liberty provider metadata's applicability 
      for SAML specs

[in progress (will try to do before next meeting)]


AI-8. Jeff to solicit comment on draft-sstc-xmlsig-guidelines-0{2|3} from
Liberty arena.

[in progress]


AI-9. Scott to rev the draft-sstc-xmlsig-guidelines-02 doc to -03.

[will do by next meeting 29-Oct]

                     -------------------




5. SAML v1.0 OASIS-wide vote 

  tally can be monitored here..

    http://lists.oasis-open.org/archives/tc-voting/


cyclone:	yea
asn-1.com:	abstain
rsa:		yea
bea:		yea
sun:		yea
entegrity:	yea
b of a:		yea
ca:		yea
ean-int.org:	abstain
hp:		yea
entrust:	yea
sap:		yea
overxeer:	yea
quadrasis:	yea
usdoj.gov:	yea
mtgmc:		yea


  still need ~11 "yea" votes for SAML, if there's 250 oasis members (need
  10% at least to vote "yea")

  So there's sstc participants who've yet to vote, please encourage your
  OASIS corp rep to do so!






6. where are we at with a SAML v1.1?

todo list from item [A] of..

[security-services] Proposed, categorized To-Do list for SAML 1.x and2.0
(SAMLng/SAML.next)
http://lists.oasis-open.org/archives/security-services/200208/msg00010.html



> [A] Feasible Near-term high-priority items, and bug fixes
> 
>       - Bugs that are backwards-compatible (targeted to 1.1)
>       - Functionality that's backwards-compatible/orthogonal and
>         high-priority
>       - The list as a whole can be completed in 3-6 months
>       - Any decision that needs to be made in the short term
>       - the below items are in no particular order (ie unprioritized)
> 
>          - Formalizing operational agreements between sites (see Liberty
>            provider metadata schema (section 4 of [1]) and the saml-dev 
>            work [2], for examples; this is guidance/facilitation work rather
>            than protocol work)

[A.1]

  - above will be initiated w/ AI-7

  - who will take those results and fold-in what was learned from the 
    SAML interop event?



>          - WS-Security profile ([3], possibly to go to WSS TC)
[A.2]
  - done.



>          - Figure out versioning of modularly published profile and binding
>            specs
[A.3]
  - TBD.

  - this one has to do with how do we define and version SAML as a whole?

  - don't need to answer the below scenarios on this call, but need
    someone to sign up to consider the question and write a proposal

    - presently we refer to the "SAML v1.0 specification set", and 
      have "version" elements in assertions, request msg, and response
      msg. 

      what should we do if we eg rev the bindings and profiles spec 
      in the future, w/o making changes to -core ?  

      what should we do if we write a separate b2b profile spec -- 
        what's the version of that spec once approved as a OASIS std, say?

          
          

>          - Sharpen conformance language around the notions of profiles
>            vs. extensions
[A.4]

  - this is AI-6, in progress



>          - Express that an assertion should not be cached
[A.5]

  - need volunteer to consider this and see if mods to spec are needed, and
    propose said mods if so.




>          - Fix fragment identifier gaffe [4]
[A.6]

  - mods "on the table, essentially ready to go (modulo Eve's last question)"




>          - Standardize issuer name formats (request came from XACML)
[A.7]

  - this is AI-2



>          - Fix xmldsig issues (might turn out to be a [B] item) [5]
[A.8]

  - for 1.1, this will be addressed by Scott's dsig doc (yes?)




7. Discussion of xmldsig guidelines

 - scott will have a -03 rev out by next meeting
 - further discussion from thread on list?


8. Discussion of credentials collection (?)



9. any other business?


10. adjourn

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC