[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] Minutes for Telecon, Tuesday 12 November 2002
Minutes for SSTC Telecon, Tuesday 12 November 2002
Dial in info: +1 334 262 0740 #856956
Minutes taken by Steve Anderson
======================================================================
Summary
======================================================================
Votes:
- Minutes from 29 October 2002 call accepted
- The SSTC body thanks Joe & Jeff for their outstanding effort
as co-chairs, and the contributors to the SAML specification for
producing a quality standard
- Election of co-chairs will be on Tuesday 26 November
- Nominations for co-chairs will be accepted from the floor
- Nomination acceptance begins now, and closes COB Friday 22
November
- Process will be the top two vote-getters will be co-chairs
Previous Action Items Still Open:
- AI-6. Jeff to determine if conformance language around the
notions of profiles vs. extensions is really an issue
- AI-7. Prateek & Jeff to look at Liberty provider metadata's
applicability for SAML specs
- AI-8. Jeff to solicit comment on draft-sstc-xmlsig-
guidelines-0{2|3} from Liberty arena
- AI-10. Eve, Rob and Jeff to draft amended SSTC charter
- AI-12. Prateek to draft analysis of use of XML Encryption in SAML
- AI-15. Editor (Eve) to update documents with Eve's fragment ID
recommendations
- AI-16. Jeff & Eve to add parts of Eve's fragment ID
recommendation to 2.0 item list
- AI-18. Irving to consult w/ Merlin Hughes on current XMLDSig
issues
- AI-19. RobP will go back and look in issues list and see what he
can come up with wrt item [A.3] in the SAML v1.1 to-do
list.
New Action Items:
- Eve to update specs to 1.0
- Eve to make cut at 1.1 draft (related to AI-15)
- Eve to get feedback from Karl Best on canonical location of OASIS
standard specifications
- Joe & Jeff to send separate email concerning election of
co-chairs
- Scott to make proposal to list on incorporating some of xmldsig
guidelines into existing normative documents
- Eve to respond to Hal's IssuerName proposal with an attribute-
based & an element-based solution
- Carlisle to update Mike Just's credentials collection proposal
======================================================================
Raw Notes
======================================================================
>
> Agenda:
>
> 1. Roll call
>
- Attendance attached to bottom of these minutes
- Quorum achieved
>
> 2. Accept minutes from previous meeting
> < http://lists.oasis-open.org/archives/security-services/
> 200210/msg00040.html >
>
- [VOTE] unanimous consent, accepted
>
> 3. PC Magazine award acceptance at Comdex
>
- Is anyone (besides Krishna) going to be at Comdex to accept PCMag
award
- Krishna has graciously offered to rep TC if no one else can
- no one else offers
- Krishna will be very appropriate representative
>
> 4. Review of open Action Items (AIs)...
>
> AI-6. Jeff to determine if conformance language around the notions
> of profiles vs. extensions is really an issue
>
> [still in progress (will try to before next meeting)]
>
- Jeff: has been looking at this, and will try to write something up
this week
>
> AI-7. Prateek & Jeff to look at Liberty provider metadata's
> applicability for SAML specs
>
> [in progress & forthcoming - can discuss on the call]
>
- Prateek: has put out a draft just a few minutes ago
< http://lists.oasis-open.org/archives/security-services/
200211/msg00015.html >
- serves as a starting point, comments are invited
- Jeff: is there any rationale included?
- would be useful
- couldn't use the Liberty metadata directly, but used it as a
model
>
> AI-8. Jeff to solicit comment on draft-sstc-xmlsig-
> guidelines-0{2|3} from Liberty arena.
>
> [in progress - have commitment from Jonathan Sergent to
> review the -03 rev of the guidelines. Good news is that
> Liberty folk and SAML folk are on same wavelength wrt to
> xmldsig. ]
>
- in progress
>
> AI-10. Eve, Rob and Jeff to draft amended SSTC charter
>
> [in progress, will do this week]
>
- Eve: will write draft and send to Rob and Jeff hopefully this
afternoon
>
> AI-12. Prateek to draft analysis of use of XML Encryption in SAML.
>
- Prateek: hasn't been able to get to this, and may not be able to
for another couple weeks
- looks like it will be extended into December
- Joe: anyone offering to assist?
- Hal: had offered to review what Prateek writes up
- Joe: December sounds fine, can leave as is
>
> AI-14. Hal to get a proposal crafted to make this schema change
> for "Standardize Issuer Name Format" needed by XACML.
>
> < http://lists.oasis-open.org/archives/security-services/
> 200211/msg00012.html >
>
- Hal: Sent proposal to list
< http://lists.oasis-open.org/archives/security-services/
200211/msg00012.html >
- Eve: does have comments
- Action item closed
>
> AI-15. Editors to update documents with Eve's fragment ID
> recommendations.
>
- Eve: will update doc with her recommendation this week
>
> AI-16. Jeff & Eve to add parts of Eve's fragment ID recommendation
> to 2.0 item list.
>
> [will do this week]
>
- Jeff: will do after call
>
> AI-17. Hal to propose specific schema changes for proposed
> DoNotCache condition.
>
> < http://lists.oasis-open.org/archives/security-services/
> 200211/msg00011.html >
>
- Done, closed
>
> AI-18. Irving to consult w/ Merlin Hughes on current XMLDSig
> issues.
>
- Irving not on call
- still open
>
> AI-19. RobP will go back and look in issues list and see what he
> can come up with wrt item [A.3] in the SAML v1.1 to-do
> list.
>
- Rob: has found the old information, but hasn't crafted a response to
the list
- will do before next call
>
> 5. SAML v1.0 OASIS-wide vote
>
> SAML is now "OASIS Standard" maturity-level. We're (effectively)
> done.
>
> Need to update specs with maturity-level, new dates, filenames,
> etc.
>
> Raises question of canonical location of OASIS-std specs, Eve will
> be looking into this.
>
- [ACTION] Eve to update specs to 1.0 (related to AI-15)
- [ACTION] Eve to make cut at 1.1 draft
- [ACTION] Eve to get feedback from Karl on canonical location of
OASIS std specs
>
> 6. Resignation of present co-chairs; nomination & election of new.
>
> [security-services] stepping down as co-chairs
> < http://lists.oasis-open.org/archives/security-services/
> 200211/msg00010.html >
>
> Need to vote on nomination method. "nominations can come from the
> floor just like motions," which would be the simplest.
>
> need to decide what nomination acceptance window is, and when vote
> will be held.
>
> suggestion: nomination acceptance begins now, thru Mon 18-Nov.
> Have special election concall next week (in this timeslot?), and
> then new co-chair(s) preside at next regularly-scheduled SSTC
> concall in two weeks (on 26-Nov).
>
- Joe and Jeff thank the TC for the opportunity to serve as chairs
- acknowledges significant assistance from Eve
- Eve: moves for the body to thank Joe and Jeff for their outstanding
effort
- Rob: friendly amendment to extend to the significant contributors
- [VOTE] The SSTC body thanks Joe & Jeff for their outstanding effort
as co-chairs, and the contributors to the SAML specification for
producing a quality standard
- Karl: thanks Jeff & Joe for their wonderful work
- OASIS is getting lots of great comments & press
- Joe: process
- Hal: makes counterproposal, to receive nominations until next
regularly scheduled meeting, nominees must accept nominations,
and use first 15 minutes of next meeting to vote on chairs
- Eve: cautions that our next call is Thanksgiving week
- Joe: brings up question of whether to keep that meeting date
- Joe: strongly believes in co-chair approach
- Hal: last time, we used the two highest vote-getters
- [VOTE] election will be on Tue 26 Nov
- [VOTE] nominations will be accepted from the floor
- Joe: can open for nominations now and follow up with email
- Prateek: moves for a cut-off for nominations
- cutoff will be Fri 22 Nov
- [VOTE] nomination acceptance begins now, and closes COB Fri 22
Nov
- Joe: any nominations now?
- Carlisle: nominates Prateek
- Prateek: accepts, urges the nomination of a co-chair
- RLBob: nominates Rob
- Rob: accepts
- [ACTION] Joe & Jeff will send separate email concerning election
- [VOTE] process will be the top two vote-getters will be co-chairs
- Joe & Jeff's resignation is effective at the close of the election
>
> 7. where are we at with a SAML v1.1?
>
> todo list from item [A] of..
>
> [security-services] Proposed, categorized To-Do list for SAML 1.x
> and2.0 (SAMLng/SAML.next)
>
> < http://lists.oasis-open.org/archives/security-services/
> 200208/msg00010.html >
>
> [A] Feasible Near-term high-priority items, and bug fixes
>
> - Bugs that are backwards-compatible (targeted to 1.1)
> - Functionality that's backwards-compatible/orthogonal and
> high-priority
> - The list as a whole can be completed in 3-6 months
> - Any decision that needs to be made in the short term
> - the below items are in no particular order (ie unprioritized)
>
> [above is the working summary of the scope of the SAML v1.1
> effort]
>
> [A.1]
>
> - Formalizing operational agreements between sites (see Liberty
> provider metadata schema (section 4 of [1]) and the saml-dev
> work [2], for examples; this is guidance/facilitation work rather
> than protocol work)
>
> - above will be initiated w/ AI-7
>
> - who will take those results and fold-in what was learned from the
> SAML interop event?
>
- Jeff: we're making progress on this
- Prateek sent draft this morning
>
> [A.2]
>
> - WS-Security profile ([3], possibly to go to WSS TC)
>
- done.
>
> [A.3]
>
> - Figure out versioning of modularly published profile and binding
> specs
>
> - TBD.
>
> - this one has to do with how do we define and version SAML as a
> whole?
>
> - don't need to answer the below scenarios on this call, but need
> someone to sign up to consider the question and write a proposal
>
> - presently we refer to the "SAML v1.0 specification set", and
> have "version" elements in assertions, request msg, and response
> msg.
>
> what should we do if we eg rev the bindings and profiles spec
> in the future, w/o making changes to -core ?
>
> what should we do if we write a separate b2b profile spec --
> what's the version of that spec once approved as a OASIS std,
> say?
>
- Jeff: Rob has AI to look at this, so progress is being made
>
> [A.4]
> - Sharpen conformance language around the notions of profiles
> vs. extensions
>
> - this is AI-6, in progress
>
- Jeff: is looking into this
>
> [A.5]
> - Express that an assertion should not be cached
>
- Hal has proposal on the table
>
> [A.6]
>
> - Fix fragment identifier gaffe [4]
>
- approved proposal on this.
- needs to be incorp'd in specs.
>
> [A.7]
>
> - Standardize issuer name formats (request came from XACML)
>
- this is AI-2
- Hal has proposal on the table.
>
> [A.8]
>
> - Fix xmldsig issues (might turn out to be a [B] item) [5]
>
- for 1.1, Scott's dsig doc to become a non-normative component of the
spec set.
- doc needs careful review & update as nec.
- Eve: do I add this to my 1.1 draft now?
- Jeff: we probably need to vote on that first
- we voted on the wording on A.6 before directing editor(s) to
incorporate into doc
- should use same procedure for several of this items
>
> 8. Discussion of xmldsig guidelines
>
- Scott: put third draft out
- didn't try to incorporate everything
- there will be a question of the most important options
- Jeff: do we want this to become a non-normative doc in the 1.1 set?
- Jeff: we also need more review and feedback in order to determine
if this is ready to go to last call
- Scott: wants implementers to go through it to verify that the
approach is not unreasonable
- Jeff: is it the intent that the doc as it is compose to be part of
1.1?
- Scott: yes
- Scott: proposes that some of the text get copied into the bindings
spec
- [ACTION] Scott to make proposal to list
- Jeff: do we need to take vote on including this as non-normative doc
included in 1.1 doc set?
- we should, but doesn't have to be right now
- Prateek: suggests waiting until next call
>
> 9. Discussion of DoNotCache proposal
>
- Jeff: basic question is are we at a point of approving the proposal?
- Eve: only came out 2 hours ago
- Eve: thinks she has an XML comment
- requires a little more review before approving
- Hal: considered making it an attribute, or making an abstract type,
but chose to derive it directly
- RLBob: in what sense is this a condition (where a condition is a
consideration for evaluating the assertion, and this is a case of
what you do after evaluation)?
- Jeff: sounds like more review and commentary is needed
- Hal: there has been discouragingly little so far
- Hal: primary motivation was around AuthZ decisions, but also applies
to freestanding attribute assns
- Jeff: discuss more on list, with goal of having resolution to vote on
by next call
>
> 10. Discussion of IssuerName proposal
>
- Jeff: proposal is on table, so where do we stand
- Eve: believes there is XML crafting necessary
- RLBob: looking back, we had also been unclear about the semantics
of the issuer
- requires more review and comment
- [ACTION] Eve to respond to Hal's proposal with and attribute-based &
an element-based solution
>
> 11. Discussion of credentials collection (?)
>
- Carlisle had intended to get something out following up Mike Just's
proposal before this call
- Hal: his question is what problem are we trying to solve?
- [ACTION] Carlisle to update Mike Just's proposal
>
> 12. Adjourn
>
- Adjourned
-----------------------------------------------------------------------
Attendance of Voting Members:
Allen Rogers Authentica
Ronald Jacobson Computer Associates
Mingde Xu CrossLogix
Hal Lockhart Entegrity
Carlisle Adams Entrust
Robert Griffin Entrust
Joe Pato HP
Jason Rouault HP
Maryann Hondo IBM
Prateek Mishra Netegrity
Charles Knouse Oblix
Steve Anderson OpenNetwork
Don Flinn Quadrasis
Rob Philpott RSA Security
Jahan Moreh Sigaba
Bhavna Bhatnagar Sun
Jeff Hodges Sun
Eve Maler Sun
Emily Xu Sun
Phillip Hallam-Baker Verisign
Scott Cantor (individual)
Bob Morgan (individual)
Attendance of Observers or Prospective Members:
Karl Best OASIS
Membership Status Changes:
none
--
Steve
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC