[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] agenda: SSTC telecon meeting tuesday 26-Nov-2002
Minutes from prior meeting...
------------------------------
http://lists.oasis-open.org/archives/security-services/200211/msg00016.html
Agenda Items for 26-Nov-2002...
-------------------------------
1. Roll Call
2. Approval of prior meeting's minutes (see ref above)
3. Agenda bashing
4. Election of co-chairs
Nominees: Prateek Mishra, Robert Philpott
4.1 Decide on election method
eg fill co-chair position with top two vote-getters
only two nominee's, so are there objections to them assuming the
co-chair positions?
4.2 election
5. PC Magazine Award
http://www.pcmag.com/article2/0,4149,715069,00.asp
Congrats to all! Thanks to Krishna for being present to accept and forwarding
the trophy along to the Baltimore XML conference.
6. Review of open Action Items (AIs)...
-------------------
AI-6. Jeff to determine if conformance language around the notions of
profiles vs. extensions is really an issue
[*whoosh* still in progress (will try to before next meeting)]
AI-7. Prateek & Jeff to look at Liberty provider metadata's applicability
for SAML specs
Done. See..
[security-services] draft-sstc-meta-data-00.doc
http://lists.oasis-open.org/archives/security-services/200211/msg00015.html
AI-8. Jeff to solicit comment on draft-sstc-xmlsig-guidelines-0{2|3} from
Liberty arena.
[still in progress - have commitment from Jonathan Sergent to review the -03
rev of the guidelines. He says he'll be able to do this before the next SSTC
concall in two weeks. ]
AI-10. Eve, Rob and Jeff to draft amended SSTC charter
Done.
[security-services] Draft updated charter
http://lists.oasis-open.org/archives/security-services/200211/msg00022.html
AI-12. Prateek to draft analysis of use of XML Encryption in SAML.
AI-15. Editor (Eve) to update documents with Eve's fragment ID recommendations.
[see also AI-21]
AI-16. Jeff & Eve to add parts of Eve's fragment ID recommendation to 2.0 item
list.
done.
[security-services] Proposed,categorized To-Do list for SAML 2.0
(SAMLng/SAML.next) [updated 25-Nov-2002]
http://lists.oasis-open.org/archives/security-services/200211/msg00025.html
AI-17. Hal to propose specific schema changes for proposed DoNotCache
condition.
http://lists.oasis-open.org/archives/security-services/200211/msg00011.html
AI-18. Irving to consult w/ Merlin Hughes on current XMLDSig issues.
AI-19. RobP will go back and look in issues list and see what he can come up
with wrt item [A.3] in the SAML v1.1 to-do list.
AI-20. Eve to update specs to 1.0
AI-21. Eve to make cut at 1.1 draft (related to AI-15)
AI-22. Eve to get feedback from Karl Best on canonical location of OASIS
standard specifications
AI-23. Joe & Jeff to send separate email concerning election of
co-chairs
done.
[security-services] Nominations for SSTC co-chair positions are nowopen
http://lists.oasis-open.org/archives/security-services/200211/msg00017.html
AI-24. Scott to make proposal to list on incorporating some of xmldsig
guidelines into existing normative documents
AI-25. Eve to respond to Hal's IssuerName proposal with an attribute-
based & an element-based solution
[in progress -- will try to do before next SSTC concall]
AI-26. Carlisle to update Mike Just's credentials collection proposal
-------------------
7. The question of canonical location of OASIS-std specs, Eve will be looking
into this, JeffH has supplied feedback. This is transpiring on the Chairs list
for the time being. Archives here: http://lists.oasis-open.org/archives/chairs/
Karl Best has nominally agreed to assigning doc #s to OASIS-wide docs, a la RFC
#s.
8. where are we at with a SAML v1.1?
todo list from item [A] of..
[security-services] Proposed, categorized To-Do list for SAML 1.x and2.0
(SAMLng/SAML.next)
http://lists.oasis-open.org/archives/security-services/200208/msg00010.html
> [A] Feasible Near-term high-priority items, and bug fixes
>
> - Bugs that are backwards-compatible (targeted to 1.1)
> - Functionality that's backwards-compatible/orthogonal and
> high-priority
> - The list as a whole can be completed in 3-6 months
> - Any decision that needs to be made in the short term
> - the below items are in no particular order (ie unprioritized)
[above is the working summary of the scope of the SAML v1.1 effort]
[A.1]
> - Formalizing operational agreements between sites (see Liberty
> provider metadata schema (section 4 of [1]) and the saml-dev
> work [2], for examples; this is guidance/facilitation work rather
> than protocol work)
- draft on the table
draft-sstc-saml-meta-data-00
http://www.oasis-open.org/committees/security/docs/draft-sstc-saml-meta-data-00.pdf
- need to review and ensure what was learned from the SAML interop event
is properly folded-in.
[A.2]
> - WS-Security profile ([3], possibly to go to WSS TC)
- done.
see..
Web Services Security: SAML Token Profile
http://www.oasis-open.org/committees/wss/documents/WSS-SAML-03.pdf
[A.3]
> - Figure out versioning of modularly published profile and binding
> specs
-- RobP has action item AI-19 to look at this.
- TBD.
- this one has to do with how do we define and version SAML as a whole?
- don't need to answer the below scenarios on this call, but need
someone to sign up to consider the question and write a proposal
- presently we refer to the "SAML v1.0 specification set", and
have "version" elements in assertions, request msg, and response
msg.
what should we do if we eg rev the bindings and profiles spec
in the future, w/o making changes to -core ?
what should we do if we write a separate b2b profile spec --
what's the version of that spec once approved as a OASIS std, say?
[A.4]
> - Sharpen conformance language around the notions of profiles
> vs. extensions
- this is AI-6, in progress
[A.5]
> - Express that an assertion should not be cached
- proposal on the table
See..
[security-services] Proposed DoNotCache Condition - with schema change
http://lists.oasis-open.org/archives/security-services/200211/msg00011.html
[A.6]
> - Fix fragment identifier gaffe [4]
- approved proposal on this.
- needs to be incorp'd in specs. See AI-15
See..
[security-services] Motion to approve fragment ID recommendations for1.1
http://lists.oasis-open.org/archives/security-services/200210/msg00026.html
[A.7]
> - Standardize issuer name formats (request came from XACML)
- this is AI-2
- proposal on the table.
See..
[security-services] Request to Generalize Issuer - was XACML changerequest
http://lists.oasis-open.org/archives/security-services/200211/msg00012.html
[A.8]
> - Fix xmldsig issues (might turn out to be a [B] item) [5]
- for 1.1, Scott's dsig doc to become a non-normative component of the
spec set.
- doc needs careful review & update as nec.
- need to vote on finalized wording and adding additional doc to spec set
9. Discussion of xmldsig guidelines
http://www.oasis-open.org/committees/security/docs/draft-sstc-xmlsig-guidelines-03.pdf
Scott has AI-24 to make proposal for incorp some of text from
-xmlsig-guidelines-xx into 1.1 ver of bindings spec.
Need to vote on including -xmlsig-guidelines-xx as a non-normative addition to
the 1.1 spec set.
10. Discussion of credentials collection (?)
Carlisle has AI-26 to update Mike Just's proposal.
See..
[security-services] Credentials collection proposal
http://lists.oasis-open.org/archives/security-services/200209/msg00007.html
11. any other business?
12. adjourn
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC