[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] Minutes of SSTC/SAML concall Tue 26-Nov-2002
Minutes for SSTC Telecon, Tuesday 26 November 2002
Dial in info: +1 334 262 0740 #856956
Minutes taken by Jeff Hodges
======================================================================
Summary
======================================================================
Votes:
- Minutes from previous call accepted.
- Prateek Mishra & Rob Philpott elected as new SSTC Co-chairs
- Elected new SJC liason subcommittee consisting of RobP and Prateek.
Previous Action Items Still Open:
- AI-6. Jeff to determine if conformance language around the
notions of profiles vs. extensions is really an issue
- AI-8. Jeff to solicit comment on draft-sstc-xmlsig-
guidelines-0{2|3} from Liberty arena
- AI-12. Prateek to draft analysis of use of XML Encryption in SAML
- AI-15. Editor (Eve) to update documents with Eve's fragment ID
recommendations
- AI-18. Irving to consult w/ Merlin Hughes on current XMLDSig
issues
- AI-19. RobP will go back and look in issues list and see what he
can come up with wrt item [A.3] in the SAML v1.1 to-do
list.
- AI-20. Eve to update specs to 1.0
- AI-21. Eve to make cut at 1.1 draft (related to AI-15)
- AI-22. Eve to get feedback from Karl Best on canonical location of OASIS
standard specifications
- AI-24. Scott to make proposal to list on incorporating some of xmldsig
guidelines into existing normative documents
- AI-25. Eve to respond to Hal's IssuerName proposal with an attribute-
based & an element-based solution
- AI-26. Carlisle to update Mike Just's credentials collection proposal
Closed Action Items:
- AI-7. Prateek & Jeff to look at Liberty provider metadata's
applicability for SAML specs
- AI-10. Eve, Rob and Jeff to draft amended SSTC charter
- AI-16. Jeff & Eve to add parts of Eve's fragment ID
recommendation to 2.0 item list
- AI-17. Hal to propose specific schema changes for proposed DoNotCache
condition.
- AI-23. Joe & Jeff to send separate email concerning election of
co-chairs
New Action Items:
- AI-27. Prateek to rev draft-sstc-meta-data-00 and add in schema.
- AI-28. RobP to have RSAS convey a new "statement of licensing intent"
to the SSTC that documents the additional two claimed applicable
patents in addition to the prior two.
============================================================================
SSTC/SAML concall Tue 11/26/2002 8:50:05 AM [Raw Notes]
----------------------------------------------------------------------------
> Minutes from prior meeting...
> ------------------------------
>
> http://lists.oasis-open.org/archives/security-services/200211/msg00016.html
>
> Agenda Items for 26-Nov-2002...
> -------------------------------
>
> 1. Roll Call
>
> 2. Approval of prior meeting's minutes (see ref above)
[VOTE] approved.
>
> 3. Agenda bashing
added a couple of items to #11 at end of agenda.
>
> 4. Election of co-chairs
>
> Nominees: Prateek Mishra, Robert Philpott
>
> 4.1 Decide on election method
> eg fill co-chair position with top two vote-getters
> only two nominee's, so are there objections to them assuming the
> co-chair positions?
>
> 4.2 election
Prateek & Rob were elected by unanimous consent.
Congratulations to Prateek & Rob.
>
> 5. PC Magazine Award
>
> http://www.pcmag.com/article2/0,4149,715069,00.asp
>
> Congrats to all! Thanks to Krishna for being present to accept and forwarding
> the trophy along to the Baltimore XML conference.
Krishna: is an honor for SSTC in that PCMag typically awards hardware and such,
unusual that protocols were in consideration -- illustrates the perceived
importance of the work.
>
> 6. Review of open Action Items (AIs)...
>
> -------------------
>
> AI-6. Jeff to determine if conformance language around the notions of
> profiles vs. extensions is really an issue
>
> [*whoosh* still in progress (will try to before next meeting)]
JeffH: have looked at it some, short ans is that it appears it isn't "an
issue", but is worth writing up sonething short about it for the list.
>
> AI-7. Prateek & Jeff to look at Liberty provider metadata's applicability
> for SAML specs
>
> Done. See..
>
> [security-services] draft-sstc-meta-data-00.doc
> http://lists.oasis-open.org/archives/security-services/200211/msg00015.html
AI: Prateek will rev the doc and add in schema, bef next call.
Calls for folks to review it, especially those who participated in the Catalyst
SAML interop event.
> AI-8. Jeff to solicit comment on draft-sstc-xmlsig-guidelines-0{2|3} from
> Liberty arena.
>
> [still in progress - have commitment from Jonathan Sergent to review the -03
> rev of the guidelines. He says he'll be able to do this before the next SSTC
> concall in two weeks. ]
no discussion.
> AI-10. Eve, Rob and Jeff to draft amended SSTC charter
>
> Done.
>
> [security-services] Draft updated charter
> http://lists.oasis-open.org/archives/security-services/200211/msg00022.html
Please review, there's language in it in terms of Committee standing rules (wrt
IPR, for example).
> AI-12. Prateek to draft analysis of use of XML Encryption in SAML.
will do before next meeting.
> AI-15. Editor (Eve) to update documents with Eve's fragment ID recommendations.
>
> [see also AI-21]
still open. Eve absent on this call.
> AI-16. Jeff & Eve to add parts of Eve's fragment ID recommendation to 2.0 item
> list.
>
> done.
>
> [security-services] Proposed,categorized To-Do list for SAML 2.0
> (SAMLng/SAML.next) [updated 25-Nov-2002]
> http://lists.oasis-open.org/archives/security-services/200211/msg00025.html
Please review.
> AI-17. Hal to propose specific schema changes for proposed DoNotCache
> condition.
>
> http://lists.oasis-open.org/archives/security-services/200211/msg00011.html
done. waiting on Eve's feedback & others' comments.
> AI-18. Irving to consult w/ Merlin Hughes on current XMLDSig issues.
Haven't been able to connect with Merlin, will retry, keep open.
> AI-19. RobP will go back and look in issues list and see what he can come up
> with wrt item [A.3] in the SAML v1.1 to-do list.
Rob not present, still open.
> AI-20. Eve to update specs to 1.0
still open. See item #7 below.
> AI-21. Eve to make cut at 1.1 draft (related to AI-15)
still open.
> AI-22. Eve to get feedback from Karl Best on canonical location of OASIS
> standard specifications
see discussion item #7 below. still open.
> AI-23. Joe & Jeff to send separate email concerning election of
> co-chairs
>
> done.
>
> [security-services] Nominations for SSTC co-chair positions are nowopen
> http://lists.oasis-open.org/archives/security-services/200211/msg00017.html
no discussion.
> AI-24. Scott to make proposal to list on incorporating some of xmldsig
> guidelines into existing normative documents
refers to 1.1. there might be some text we can copy from the dsig doc and put
into the bindings spec, say. The action is to, eg, tighten up the description
of the POST profile.
still open.
> AI-25. Eve to respond to Hal's IssuerName proposal with an attribute-
> based & an element-based solution
>
> [in progress -- will try to do before next SSTC concall]
still open.
Hal wants to discuss it and get it nailed down, so definitely wants to wait to
see Eve's feedback. Might end up being a somewhat subtle-but-important change
and might be something to push off to 2.X.
> AI-26. Carlisle to update Mike Just's credentials collection proposal
still open.
> -------------------
>
> 7. The question of canonical location of OASIS-std specs, Eve will be looking
> into this, JeffH has supplied feedback. This is transpiring on the Chairs list
> for the time being. Archives here: http://lists.oasis-open.org/archives/chairs/
>
> Karl Best has nominally agreed to assigning doc #s to OASIS-wide docs, a la RFC
> #s.
"Approved work" page: http://www.oasis-open.org/specs/index.shtml
AI-22 (open) is related to this.
> 8. where are we at with a SAML v1.1?
>
> todo list from item [A] of..
>
> [security-services] Proposed, categorized To-Do list for SAML 1.x and2.0
> (SAMLng/SAML.next)
> http://lists.oasis-open.org/archives/security-services/200208/msg00010.html
>
> > [A] Feasible Near-term high-priority items, and bug fixes
> >
> > - Bugs that are backwards-compatible (targeted to 1.1)
> > - Functionality that's backwards-compatible/orthogonal and
> > high-priority
> > - The list as a whole can be completed in 3-6 months
> > - Any decision that needs to be made in the short term
> > - the below items are in no particular order (ie unprioritized)
>
> [above is the working summary of the scope of the SAML v1.1 effort]
>
> [A.1]
> > - Formalizing operational agreements between sites (see Liberty
> > provider metadata schema (section 4 of [1]) and the saml-dev
> > work [2], for examples; this is guidance/facilitation work rather
> > than protocol work)
>
> - draft on the table
>
> draft-sstc-saml-meta-data-00
> http://www.oasis-open.org/committees/security/docs/draft-sstc-saml-meta-data-00.pdf
>
> - need to review and ensure what was learned from the SAML interop event
> is properly folded-in.
>
> [A.2]
> > - WS-Security profile ([3], possibly to go to WSS TC)
>
> - done.
>
> see..
>
> Web Services Security: SAML Token Profile
> http://www.oasis-open.org/committees/wss/documents/WSS-SAML-03.pdf
>
> [A.3]
> > - Figure out versioning of modularly published profile and binding
> > specs
>
> -- RobP has action item AI-19 to look at this.
>
> - TBD.
>
> - this one has to do with how do we define and version SAML as a whole?
>
> - don't need to answer the below scenarios on this call, but need
> someone to sign up to consider the question and write a proposal
>
> - presently we refer to the "SAML v1.0 specification set", and
> have "version" elements in assertions, request msg, and response
> msg.
>
> what should we do if we eg rev the bindings and profiles spec
> in the future, w/o making changes to -core ?
>
> what should we do if we write a separate b2b profile spec --
> what's the version of that spec once approved as a OASIS std, say?
>
>
>
> [A.4]
> > - Sharpen conformance language around the notions of profiles
> > vs. extensions
>
> - this is AI-6, in progress
>
> [A.5]
> > - Express that an assertion should not be cached
>
> - proposal on the table
>
> See..
>
> [security-services] Proposed DoNotCache Condition - with schema change
> http://lists.oasis-open.org/archives/security-services/200211/msg00011.html
>
> [A.6]
> > - Fix fragment identifier gaffe [4]
>
> - approved proposal on this.
> - needs to be incorp'd in specs. See AI-15
>
> See..
>
> [security-services] Motion to approve fragment ID recommendations for1.1
> http://lists.oasis-open.org/archives/security-services/200210/msg00026.html
>
> [A.7]
> > - Standardize issuer name formats (request came from XACML)
>
> - this is AI-2
> - proposal on the table.
>
> See..
>
> [security-services] Request to Generalize Issuer - was XACML changerequest
> http://lists.oasis-open.org/archives/security-services/200211/msg00012.html
>
> [A.8]
> > - Fix xmldsig issues (might turn out to be a [B] item) [5]
>
> - for 1.1, Scott's dsig doc to become a non-normative component of the
> spec set.
> - doc needs careful review & update as nec.
> - need to vote on finalized wording and adding additional doc to spec set
No discussion on above. Please review the above and comment on the list.
> 9. Discussion of xmldsig guidelines
>
> http://www.oasis-open.org/committees/security/docs/draft-sstc-xmlsig-guidelines-03.pdf
>
> Scott has AI-24 to make proposal for incorp some of text from
> -xmlsig-guidelines-xx into 1.1 ver of bindings spec.
>
> Need to vote on including -xmlsig-guidelines-xx as a non-normative addition to
> the 1.1 spec set.
No discussion.
> 10. Discussion of credentials collection (?)
>
> Carlisle has AI-26 to update Mike Just's proposal.
>
> See..
>
> [security-services] Credentials collection proposal
> http://lists.oasis-open.org/archives/security-services/200209/msg00007.html
no discussion.
> 11. any other business?
IPR discussion -- action item for Rob?
--------------------------------------
Yes, RobP has an action item to have RSA convey a new "statement of licensing
intent" viz. their claim of IPR wrt SAML (they have 2 additional patents they
believe are applicable).
Reps for security JC (SJC)?
---------------------------
JoeP moves that we elect a new SJC liason subcommittee of RobP & Prateek.
JeffH seconded.
[VOTE] No objections, passes via unanimous consent.
>
> 12. adjourn
>
============================================================================
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC