OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [security-services] Minutes for Telecon, Tuesday 10 December 2002


Dial in info: +1 334 262 0740 #856956
Minutes taken by Steve Anderson

======================================================================
                              Summary
======================================================================

  Votes:
  
    - Minutes from 26 November 2002 call accepted
    - Cancel conference call on Dec 24th; Next call on Jan 7, 03
  
  Previous Action Items Still Open:
  
    - AI-6. Jeff to determine if conformance language around the
      notions of profiles vs. extensions is really an issue
    - AI-12. Prateek to draft analysis of use of XML Encryption in SAML
    - AI-15. Editor (Eve) to update documents with Eve's fragment ID
      recommendations
    - AI-18. Irving to consult w/ Merlin Hughes on current XMLDSig
      issues
    - AI-19. RobP will go back and look in issues list and see what he
      can come up with wrt item [A.3] in the SAML v1.1 to-do
      list.
    - AI-20. Eve to update specs to 1.0
    - AI-25. Eve to respond to Hal's IssuerName proposal with an
      attribute-based & an element-based solution
    - AI-25. Eve to respond to Hal's IssuerName proposal with an
      attribute-based & an element-based solution
    - AI-26. Carlisle to update Mike Just's credentials collection
      proposal
    - AI-27. Prateek to rev draft-sstc-meta-data-00 and add in schema.
    - AI-28. RobP to have RSAS convey a new "statement of licensing 
      intent" to the SSTC that documents the additional two
      claimed applicable patents in addition to the prior two.

  New Action Items:
  
    - Jahan to publish and maintain the errata list
    - Scott to produce use case document for destination site
      first flow
    - Rob to talk with Joe Pato regarding OASIS process of
      using Liberty material

======================================================================
                             Raw Notes
======================================================================

> 
> Agenda:
> 
> 1. Roll call
>

- Attendance attached to bottom of these minutes
- Quorum achieved

> 
> 2. Accept minutes from previous meeting
>    < http://lists.oasis-open.org/archives/security-services/
>      200211/msg00030.html >
>

- [VOTE] unanimous consent, accepted

> 
> 3. Cancel conference call on Dec 24th; Next call on Jan 7, 03
>

- [VOTE] unanimous consent, accepted
- Eve: conference line arranged to be reserved through next year as
  well
    - Thanks to Eve!

>
> 4. Agenda Items Carried over from previous conference call
>
>    AI-6. Jeff to determine if conformance language around the
>          notions of profiles vs. extensions is really an issue
>

- Jeff's email comments before concall:
    - status: whoosh. will do,  just keeps getting pushed down the
      proverbial stack.
    - not immediately pressing, but ought to get written down here
      @some point.
- remains pending

>
>    AI-8. Jeff to solicit comment on draft-sstc-xmlsig-guidelines-
>          0{2|3} from Liberty arena
>

- Jeff's email comments before concall:
    - Jonathan Sergent has reviewed it and is writing up his comments
      and will send them to security-services. No surprises, but worth
      noting some differences in approach.
- msg sent from J. Sergent
  < http://lists.oasis-open.org/archives/security-services/
    200212/msg00010.html >
- AI closed

>
>    AI-12. Prateek to draft analysis of use of XML Encryption in SAML
>

- Prateek will not get to this before new year
- remains pending

>
>    AI-15. Editor (Eve) to update documents with Eve's fragment ID
>           recommendations
>

- related to AI-21
- Eve: had not intended to do any more than the fragment id change, 
  not sure if other approved changes were missed
    - hopes to have this done by first Jan meeting
- remains pending

>
>    AI-18. Irving to consult w/ Merlin Hughes on current XMLDSig
>           issues
>

- Irving: hasn't spoken with Merlin since before Scott's last draft
    - Scott: incorporated many of Merlin's previous comments in that
      draft
- remains pending

>
>    AI-19. RobP will go back and look in issues list and see what he
>           can come up with wrt item [A.3] in the SAML v1.1 to-do
>           list.
>           [ROB, I couldn't find a link to this issue --- is there a
>           message we could point to here?]
>

- Rob: thought the question was just around SAML versioning, but there
  may be more to this
    - will resolve scope of this AI with Prateek
- remains pending

>
>    AI-20. Eve to update specs to 1.0
>

- Eve: just matter of putting in some status text
    - just needs a clear day to work on this
    - there is discussion on chairs list about what OASIS specs should
      look like
    - this may wind up behind getting 1.1 draft
- Prateek: notes WS-Sec TC's use of PC Magazine Award icon on their
  docs
- remains pending

>    AI-21. Eve to make cut at 1.1 draft (related to AI-15)
>           [Eve, does this mean you will collect various sub-drafts
>           floating around the list and put them into a respectable
>           document?]
>

- Eve: this is essentially a duplicate of AI-15
- Prateek: should we just combine this with AI-15?
- yes
- AI closed

>
>    AI-22. Eve to get feedback from Karl Best on canonical location
>           of OASIS standard specifications
>

- Eve: related to comments on AI-20, and discussion on chairs list
    - since discussion has been kicked off, this can be closed
- AI closed

>
>    AI-24. Scott to make proposal to list on incorporating some of
>           xmldsig guidelines into existing normative documents
>

- Scott: sent msg to list with small change proposed for POST profile
  < http://lists.oasis-open.org/archives/security-services/
    200212/msg00007.html >
- intent is to do basically what Liberty is doing
- AI closed (although likely to lead to new action)

>
>    AI-25. Eve to respond to Hal's IssuerName proposal with an
>           attribute-based & an element-based solution
>

- Eve: also relegated to "end of the year" expectation
- remains pending

>
>    AI-26. Carlisle to update Mike Just's credentials collection
>           proposal
>

- Carlisle: hasn't been able to get to this
- remains pending

> 
> 5. Agenda items added on November 26 con-call
>
>    AI-27. Prateek to rev draft-sstc-meta-data-00 and add in schema. 
>           See also comments from Jahan
>           < http://lists.oasis-open.org/archives/security-services/
>             200211/msg00019.html >

- Prateek: will get out before next meeting
- there is a msg thread
- Jahan: are we going to consider any 1.1 extension for this
    - Prateek: yes, see AI-30 in agenda
- remains pending

>    AI-28. RobP to have RSAS convey a new "statement of licensing 
>           intent" to the SSTC that documents the additional two
>           claimed applicable patents in addition to the prior two. 
>

- Rob: working on update, hopes to get out before next meeting
- Carlisle: how is this different than previous two
    - Rob: in recent patent review, determined that two new patents
      apply to SAML
    - intent is to add these two the handling of the existing two,
      RF, with a request to RSA for the RF license
- remains pending

> 
> 6. Additional Agenda items from Discussion List
>
>    AI-29. Various e-mails pointing to errors in SAML 1.1 drafts
>           < http://lists.oasis-open.org/archives/security-services/
>             200212/msg00000.html >
>           < http://lists.oasis-open.org/archives/security-services/
>             200212/msg00002.html >
>           < http://lists.oasis-open.org/archives/security-services/
>             200212/msg00003.html >
>

- Prateek: asks for an owner of an errata section
    - expects we'll find a few more of these type of items
    - Jahan: offers to take it
    - Prateek to send current set of items as baseline
    - [ACTION] Jahan to publish and maintain the errata list

>
>    AI-30. Proposal to add a flow from Destination Sites to Source
>           Sites to the Web Browser Profile
>           < http://lists.oasis-open.org/archives/security-services/
>             200212/msg00001.html >
>

- Jahan: if a subject visits a dest site first, and then gets
  redirected to source, needs to be a way to have some parameter(s) 
  preserved and sent back to dest site
- Prateek: idea is not to disturb existing flow, but rather to add as
  a new flow
    - did it informally at interop event
    - relationship to Liberty is still important, so we probably don't
      want to go much further than this
- Scott: question of where these things fit
    - Liberty issue creates a slippery slope
    - if we choose to let Liberty work prevail, then our work here is
      basically done
    - RLBob: agrees, Liberty and SSTC are independent, and we should
      continue to further this work
- Jahan: does it make sense to take Shib and use as baseline here?
    - Scott: yes, but you won't likely find much there
- Hal: had long discussion with Ron Monzillo yesterday
    - we're all for Liberty, however, concerned that they've never
      published requirements
    - want this TC to work off of published use cases
    - in the browser profiles, we carefully considered security issues
    - need to continue to do this
    - Prateek: so you're suggesting that a use case document is 
      needed for this new functionality?
    - yes
    - Prateek: moves that TC develop a use case or flow document that
      captures this requirement
    - Scott: agrees with Hal
    - [ACTION] Scott to produce use case document for destination site
      first flow
    - Jahan, Prateek and RLBob agree to contribute
    - Scott: probably can't get to this until later in January
- RLBob: slippery slope of previous discussion extends to 
  credentials collector issues, since the destination site first
  flow will likely result in credentials collection
    - Scott: does anyone know what the IPR implications are of 
      building on Liberty
    - Hal: cites OASIS policy of submissions to OASIS TC work, but
      mainly in area of copyrights
    - Rob: volunteers to investigate, and will talk with Joe
    - [ACTION] Rob to talk with Joe Pato regarding OASIS process of
      using Liberty material

> 
> 7. Adjourn
>

- Adjourned


-----------------------------------------------------------------------

Attendance of Voting Members:

  Allen Rogers Authentica
  Irving Reid Baltimore
  Mingde Xu CrossLogix
  Hal Lockhart Entegrity
  Carlisle Adams Entrust
  Jason Rouault HP
  Prateek Mishra Netegrity
  Charles Knouse Oblix
  Steve Anderson OpenNetwork
  Don Flinn Quadrasis
  Rob Philpott RSA Security
  Jahan Moreh Sigaba
  Eve Maler Sun
  Emily Xu Sun
  Scott Cantor (individual)
  Simon Godik (individual)
  Bob Morgan (individual)


Attendance of Observers or Prospective Members:

  none


Membership Status Changes:

  Maryann Hondo IBM - Lost voting status due to inactivity
  
--
Steve



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC