[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] updated agenda: SSTC telecon meeting tuesday29-Oct-2002
[updated AI-2]
Minutes from prior meeting...
------------------------------
http://lists.oasis-open.org/archives/security-services/200210/msg00028.html
Agenda Items for 15-Oct-2002...
-------------------------------
1. Roll Call
2. Approval of prior meeting's minutes (see ref above)
3. Agenda bashing
4. Review of open Action Items (AIs)...
-------------------
AI-2. Carlisle Adams to take the "Standardize Issuer Name Format" back
to the XACML for more clear requirements and/or proposal.
[security-services] XACML Change request to SAML...
http://lists.oasis-open.org/archives/security-services/200209/msg00015.html
AI-6. Jeff to determine if conformance language around the notions of
profiles vs. extensions is really an issue
[still in progress (will try to before next meeting)]
AI-7. Prateek & Jeff to look at Liberty provider metadata's applicability
for SAML specs
[in progress - can discuss on the call]
AI-8. Jeff to solicit comment on draft-sstc-xmlsig-guidelines-0{2|3} from
Liberty arena.
[in progress - have commitment from Jonathan Sergent to review the -03 rev of
the guidelines. Good news is that Liberty folk and SAML folk are on same
wavelength wrt to xmldsig. ]
AI-9. Scott to rev the draft-sstc-xmlsig-guidelines-02 doc to -03.
[security-services] Third draft of Signature document
http://lists.oasis-open.org/archives/security-services/200210/msg00034.html
AI-10. Eve, Rob and Jeff to draft amended SSTC charter
AI-11. Eve to send mail msg that wraps up resolution on fragment identifiers
[security-services] Motion to approve fragment ID recommendations for1.1
http://lists.oasis-open.org/archives/security-services/200210/msg00026.html
AI-12. Prateek to draft analysis of use of XML Encryption in SAML.
AI-13. Hal to write up proposal on expressing that assertions are not to be
cached
[security-services] Proposed DoNotCache Condition
http://lists.oasis-open.org/archives/security-services/200210/msg00035.html
-------------------
5. SAML v1.0 OASIS-wide vote
tally can be monitored here..
http://lists.oasis-open.org/archives/tc-voting/
Have 49 Yes votes, 3 abstains, no "No"s. (tally as of tonight is down below)
6. where are we at with a SAML v1.1?
todo list from item [A] of..
[security-services] Proposed, categorized To-Do list for SAML 1.x and2.0
(SAMLng/SAML.next)
http://lists.oasis-open.org/archives/security-services/200208/msg00010.html
> [A] Feasible Near-term high-priority items, and bug fixes
>
> - Bugs that are backwards-compatible (targeted to 1.1)
> - Functionality that's backwards-compatible/orthogonal and
> high-priority
> - The list as a whole can be completed in 3-6 months
> - Any decision that needs to be made in the short term
> - the below items are in no particular order (ie unprioritized)
>
> - Formalizing operational agreements between sites (see Liberty
> provider metadata schema (section 4 of [1]) and the saml-dev
> work [2], for examples; this is guidance/facilitation work rather
> than protocol work)
[A.1]
- above will be initiated w/ AI-7
- who will take those results and fold-in what was learned from the
SAML interop event?
> - WS-Security profile ([3], possibly to go to WSS TC)
[A.2]
- done.
> - Figure out versioning of modularly published profile and binding
> specs
[A.3]
- TBD.
- this one has to do with how do we define and version SAML as a whole?
- don't need to answer the below scenarios on this call, but need
someone to sign up to consider the question and write a proposal
- presently we refer to the "SAML v1.0 specification set", and
have "version" elements in assertions, request msg, and response
msg.
what should we do if we eg rev the bindings and profiles spec
in the future, w/o making changes to -core ?
what should we do if we write a separate b2b profile spec --
what's the version of that spec once approved as a OASIS std, say?
> - Sharpen conformance language around the notions of profiles
> vs. extensions
[A.4]
- this is AI-6, in progress
> - Express that an assertion should not be cached
[A.5]
- proposal on the table
> - Fix fragment identifier gaffe [4]
[A.6]
- motion on the "email floor" to close this.
> - Standardize issuer name formats (request came from XACML)
[A.7]
- this is AI-2
> - Fix xmldsig issues (might turn out to be a [B] item) [5]
[A.8]
- for 1.1, this will be addressed by Scott's dsig doc (yes?)
7. Discussion of xmldsig guidelines
8. Discussion of credentials collection (?)
9. any other business?
10. adjourn
----
SAML voting Tally -- thanks to Eve Maler
SAML 1.0 voting: 30 September 2002 - 31 October 2002
http://lists.oasis-open.org/archives/tc-voting/
Waveset: yes
Cyclone Commerce: yes
Griffin Consulting: abstain
RSA: yes
BEA: yes
Sun: yes
Entegrity: yes
Bank of America: yes
CA: yes
EAN: abstain
HP: yes
Entrust: yes
SAP: yes
Overxeer: yes
Quadrasis (Hitachi): yes
U.S. DoJ: yes
MTG Management Consultants: yes
Sigaba: yes
Netegrity: yes
Bowstreet: yes
Kinzan: yes
Cincom: yes
Federal Reserve: yes
Sonic Software: yes
VeriSign: yes
Fujitsu: yes
MSI Business Solutions: yes
Xtradyne: yes
Cognitran: yes
UnitSpace: abstain
Ascio: yes
Authentica: yes
Mercator: yes
U.S. GSA: yes
XML Global: yes
CrossLogix: yes
Microsoft: yes
Sterling: yes
Boeing: yes
Iona: yes
OpenNetwork: yes
Oracle: yes
Nokia: yes
CommerceOne: yes
IBM: yes
Sybase: yes
lmi.org: yes
Navy: yes
epeople: yes
Argonne: yes
Cisco: yes
SeeBeyond: yes
Total as of 29 October 2002 0030h PT: 49 yes, 3 abstain
----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC