[security-services] Agenda for Tuesday, January 21 Conference Call

Agenda Summary:

Agenda bashing
Approval of minutes from Tue, Jan 7 conference call.
Review (and approve?) V1.1 work items
Action Item review
Any other business
Adjourn

V1.1 Work Items (see http://lists.oasis-open.org/archives/security-services/200208/msg00010.html)

Bugs that are backwards-compatible (targeted to 1.1)
Functionality that's backwards-compatible/orthogonal and high-priority
The list as a whole can be completed in 3-6 months
Any decision that needs to be made in the short term

The below items are in no particular order [A.* numbering taken from original list]:

· [A.1] Metadata for formalizing operational agreements between sites.

1. See AI-27 below.

2. http://www.oasis-open.org/committees/security/docs/draft-sstc-saml-meta-data-00.pdf

3. http://lists.oasis-open.org/archives/security-services/200212/msg00018.html

· [A.2] WS-Security profile ([3], possibly to go to WSS TC)

1. Closed.

· [A-3] Figure out versioning of modularly published profile and binding specs

1. See AI-19 below and separate mail sent to list last night.

· [A-4] Sharpen conformance language around the notions of profiles vs. extensions

1. See AI-6 below

· [A-5] Express that an assertion should not be cached

1. Hal Lockhart's proposal: http://lists.oasis-open.org/archives/security-services/200211/msg00011.html

· [A-6] Fix fragment identifier gaffe [4]

1. Approved proposal on this.

2. Needs to be incorp'd in specs.

3. See AI-15.

· [A-7] Standardize issuer name formats

1. See AI-25 below.

2. Original request came from XACML: http://lists.oasis-open.org/archives/security-services/200211/msg00012.html

· [A-8] Fix xmldsig issues (might turn out to be a V2.0 item)

1. For 1.1, Scott's dsig doc to become a non-normative component of the spec set.

2. Doc needs careful review & update as necessary.

3. Need to vote on finalized wording and adding additional doc to spec set

4. Also see AI-18.

Additional Proposed V1.1 Work Items:

· [A-9] Fix items from the Errata List (see AI-29)

· [A-10] XML Encrypotion analysis (see AI-12)

· [A-11] Mike Just's Credential Collector Proposal (see AI-26)

1. Original mail: http://lists.oasis-open.org/archives/security-services/200209/msg00007.html

4. Action Items carried over from previous conference call:

AI-6. Jeff to determine if conformance language around the notions of profiles vs. extensions is really an issue
AI-12. Prateek to draft analysis of use of XML Encryption in SAML
AI-15. Editor (Eve) to update documents with Eve's fragment ID recommendations
AI-18. Irving to consult w/ Merlin Hughes on current XMLDSig issues
AI-19. RobP will go back and look in issues list and see what he can come up with wrt item [A.3] in the SAML v1.1 to-do list.
AI-20. Eve to update specs to 1.0
AI-25. Eve to respond to Hal's IssuerName proposal with an attribute-based & an element-based solution
AI-26. Carlisle to update Mike Just's credentials collection proposal
AI-27. Prateek to rev draft-sstc-meta-data-00 and add in schema.
AI-28. RobP to have RSAS convey a new "statement of licensing intent" to the SSTC that documents the additional two claimed applicable patents in addition to the prior two.
AI-29. Jahan to start and own Errata list for current specs
AI-30. Scott to produce use case document for destination site first flow using Web Browser Profiles (Target late January)
AI-31. Jeff to send email to list on his interpretation of IPR issues surrounding using Liberty material
AI-32. Rob will draft a usecase for an Attribute Authority, to be examined by the TC for profiling
AI-33. Eve to update the charter based on discussion
AI-34. Rob will pull single list of v1.1 To Do items

Rob Philpott
RSA Security Inc.
The Most Trusted Name in e-Security
Tel: 781-515-7115
Mobile: 617-510-0893
Fax: 781-515-7020
mailto:rphilpott@rsasecurity.com

security-services message