[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] Minutes for Telecon, Tuesday 18 February 2002
Minutes for SSTC Telecon, Tuesday 18 February 2002
Dial in info: +1 334 262 0740 #856956
Minutes taken by Steve Anderson
======================================================================
Summary
======================================================================
Votes:
- Minutes from 4 February 2003 call accepted
- Standing Rules 1 & 2 from Eve's charter draft 02 accepted
- Charter draft 02, with amendment of "may be changed from time to
time" wording regarding standing rules, accepted
Previous Action Items Still Open:
- AI-6. Jeff to determine if conformance language around the
notions of profiles vs. extensions is really an issue
- AI-15. Editor (Eve) to update documents with Eve's fragment ID
recommendations
- AI-18. Irving to consult w/ Merlin Hughes on current XMLDSig
issues
- AI-20. Eve to update specs to 1.0
- AI-31. Jeff to send email to list on his interpretation of IPR
issues surrounding using Liberty material
- AI-32. Rob will draft a usecase for an Attribute Authority, to
be examined by the TC for profiling
- AI-33. Eve to update the charter based on discussion
- AI-36. Prateek to draft the 1.1 doc set list
- AI-37. Scott to email list with intent and proposal to modify
core around signature recommendations
- AI-39. Prateek to propose WSDL along with metadata
- AI-42. Carlisle to investigate SAML errors specification and
impact on interoperability.
New Action Items:
- AI-43. Eve to repost standing rule 3
- AI-44. Scott to write summary/position paper of how to treat
schema changes
- AI-45. Prateek will update SSTC Bindings Extension 01 with
URL-centric flow
- AI-46. Prateek to incorporate changes for PE-3
- AI-47. Rob to propose replacement text for PE-9
- AI-48. Jahan to start discussion on list for PE-10
======================================================================
Raw Notes
======================================================================
>
> Agenda:
>
> 1. Roll call
>
- Attendance attached to bottom of these minutes
- Quorum achieved
>
> 2. Accept minutes from previous meeting, 4 February
> < http://lists.oasis-open.org/archives/security-services/
> 200302/msg00009.html >
>
- [VOTE] unanimous consent, accepted
>
> 3. Open actions
>
> AI-6. Jeff to determine if conformance language around the
> notions of profiles vs. extensions is really an issue
>
- Jeff's email comments:
- was planning to write this up last night and this morning.
got overtaken by events. will work on this week.
- still open
>
> AI-15. Editor (Eve) to update documents with Eve's fragment ID
> recommendations
>
- Eve: continues to be lowest on her list, as we discuss other 1.1
issues
- Prateek: this is so old, has lost context on this
- Eve: has to do with cleaning up of absolute URI issues
- perhaps this would be a spur to get other 1.1 issues moving
- Prateek: would this fall under errata?
- Eve: no, this would be backward compatible, and would be some
rewording
- probably won't be done until early March
- concrete proposal was made on 15 October 2002
< http://lists.oasis-open.org/archives/security-services/
200210/msg00026.html >
- still open
>
> AI-18. Irving to consult w/ Merlin Hughes on current XMLDSig
> issues
>
- Irving: is in progress now, finally
- Merlin will get back to Irving when he has comments
- still open
>
> AI-20. Eve to update specs to 1.0
>
- Eve: has made progress, but there is still the external variable
with the as yet determined OASIS naming approach
- could publish without this OASIS unique numbering if people want
- Carlisle: that is what XACML is doing
- Eve: thinks this might be the right thing to do
- also noted WSSTC's use of PCMagazine logo, thinks SAML should do same
- Eve will update docs without OASIS unique numbering
>
> AI-28. RobP to have RSAS convey a new "statement of licensing
> intent" to the SSTC that documents the additional two
> claimed applicable patents in addition to the prior two.
>
> Complete. Details at:
>
> < http://lists.oasis-open.org/archives/security-services/
> 200302/msg00027.html >
>
- Rob: is working on getting the final licensing terms up on the RSA
web site
- done
>
> AI-31. Jeff to send email to list on his interpretation of IPR
> issues surrounding using Liberty material
>
- Jeff's email comments:
- researched it, and was planning to write this up last night and
this morning. got overtaken by events. will work on this week.
- still open
>
> AI-32. Rob will draft a usecase for an Attribute Authority, to
> be examined by the TC for profiling
>
- still open
>
> AI-33. Eve to update the charter based on discussion
>
> Complete. Details at:
>
> < http://lists.oasis-open.org/archives/security-services/
> 200302/msg00023.html >
>
- Eve: we've had 2 comments come in
- Rob's "goal of the TC" wording
< http://lists.oasis-open.org/archives/security-services/
200302/msg00024.html >
- Irving's simplification of legalese
< http://lists.oasis-open.org/archives/security-services/
200302/msg00025.html >
- Eve's response
< http://lists.oasis-open.org/archives/security-services/
200302/msg00026.html >
- do we want to make a decision here, pending legal review
- Rob: likes Irving's simplification, and favors approving
- Approval of charter requires 2/3 majority
- of quorum or of membership?
- believe to be of quorum
- Eve: separate issue of updating change to standing rules
- Irving: moves first two standing rules (which may have been formally
approved in the distant past, but it's easier to just re-approve
here rather than dig up proof of past approval)
- [VOTE] unanimous consent
- for standing rule 3 (IP stuff) ...
- really is just a 'warm-fuzzy'
- Eve: suggests re-writing this based on comments, re-posting,
and letting everyone pass it through their own legal council
- we will vote on this at the next call, so everyone must be
prepared with their comments
- [ACTION] Eve to repost standing rule 3
- Rob: we may be sweating this too much, since it is stated as a
goal, and the TC could choose to violate it in certain cases
- Eve: charter can be considered for approval independent of the
standing rules
- amendment "may be changed from time to time" added to wording
at end regarding standing rules
- [VOTE] unanimous consent to accept charter draft 02, with
amendment
>
> AI-35. Rob to propose changes to the current spec regarding
> versioning
>
- Rob: sent mail 5 Feb
< http://lists.oasis-open.org/archives/security-services/
200302/msg00015.html >
- suggestion is to add wording to keep request and response to stay in
lock-step wrt versioning
- Prateek: recalls that independent versioning was primarily to allow
assertions versions to be independent of protocol
- [VOTE] unanimous consent to approve Rob's versioning proposal
- Rob: other minor changes were included
- sender/recipient replaced with requester/responder
- followed this up with separate message on the list
- Eve: thinks this is correct
- closed
>
> AI-36. Prateek to draft the 1.1 doc set list
>
- Prateek: certain amount of it appears to be updates to existing docs
- Eve: thinks there are some options
- whole new set of 1.1 docs
- turn the profile doc into a 'how to create profiles' doc, and the
existing profiles would go into their own docs
- version of docs with changebars
- separate doc describing changes
- this is partly why Eve hasn't started making changes
- [ACTION] Prateek to start thread summarizing these points
- Prateek: there will also be some supplementary docs, e.g. DSig doc
- stays open
>
> AI-37. Scott to email list with intent and proposal to modify
> core around signature recommendations
>
- Scott: hasn't sent mail to list, and will do this, but has made some
edits to section 5 with some suggested language
- will still make some changes to the binding doc as well
- still open
- this AI relates to AI-18
- Steve: how could we make our schema open, a la WSSTC discussions?
Would definitely have to be a 2.0 issue
- Eve: brought this up a while ago, but let it go because it wasn't
the trend then
- it is invasive, doesn't come for free, requires adding a line
('##other') to every complex type
- <lead to discussion of how to handle schema changes>
- [ACTION] Scott to write summary/position paper of how to treat
schema changes
>
> AI-38. Jahan, Scott & Prateek to draft changes to profiles for new
> destination site first flows
>
- Prateek: published msg just before today's meeting summarizing some
of the discussion
< http://lists.oasis-open.org/archives/security-services/
200302/msg00044.html >
- was trying to come to consensus of what these flows mean
- next question is 'what are the realizations of the flows?'
- follows web browser profiles
- [ACTION] Prateek will update SSTC Bindings Extension 01 with
URL-centric flow
- Jahan: requests members to review, since we are getting fairly deep
into it
- this is the time to say "this isn't right" if people feel that way
- closed
>
> AI-39. Prateek to propose WSDL along with metadata
>
> Jeff has re-posted Irving's WSDL example
>
> < http://lists.oasis-open.org/archives/security-services/
> 200302/msg00008.html >
>
- still open
>
> AI-40. Jeff to find 2.0 work items list
>
- Jeff's email comments:
- done.
- fyi: [security-services] Proposed,categorized To-Do list for SAML
2.0(SAMLng/SAML.next) [updated 25-Nov-2002]
< http://lists.oasis-open.org/archives/security-services/
200302/msg00040.html >
- closed
>
> AI-41. Jahan to publish updated errata-list for review and comment
> by SSTC
>
> Published Draft 02
>
> < http://lists.oasis-open.org/archives/security-services/
> 200302/msg00033.html >
>
- Jahan: asking Eve what is procedure for making these changes? who
makes these changes?
- Eve: will probably be her
- can just treat as updates in 1.1
- no need to publish a 1.0 errata doc
- Eve: suggests sending out a separate message for each Potential
Errata
- Section 2 accepted
- Going through section 3
- PE-1: accepted
- PE-2
- Prateek: this is some misunderstanding about the profile,
which doesn't involve Holder-Of-Key
- Rob: thinks there may be some clarification needed, to help
eliminate confusion like this
- no disposition yet, looking for a champion
- PE-3
- Jahan: apologizes for redundant title (2am cut-and-paste)
- Prateek: more relevant
- Scott: thinks text explaining SubjectConfirmation vs.
SubjectConfirmationData
- Irving: argued quite a bit in the past about
SubjectConfirmation because it was confusing and largely not
relevant/necessary
- others agree
- Scott: when it was debated, he didn't understand it, so he
couldn't weigh in
- no disposition yet
- PE-4: option 1 accepted
- [ACTION] Prateek to incorporate changes
- PE-5: option 2 accepted
- PE-6
- refers to Bindings & Profiles, not Assertions & Protocols
- Prateek: this was over-specification
- this deserves some thought
- Scott: suggests adding another URI that corresponds to just
'artifact', rather than multiple URIs for 'artifact-XX'
- PE-7: accepted for lines 961, 966 (971, 1237 remain unchanged)
- PE-8: accepted for lines 967, 1219 (1417 remains unchanged)
- PE-9
- [ACTION] Rob to propose replacement text
- PE-10
- [ACTION] Jahan to send this to the list to start discussion
- remaining items omitted in the interest of time
- done
- [ACTION] Jahan to publish updated version of errata doc
>
> AI-42. Carlisle to investigate SAML errors specification and
> impact on interoperability.
>
- Carlisle: had sent out request for interop participants to comment on
error conditions of interest, but hasn't received any
- <discussion of security considerations around returning error codes>
- Prateek: there wasn't any complex situations in the interop scenario
- Carlisle: we'll see if anyone sends any feedback on the five error
codes he posted originally
>
> 4. Any other business
>
- Rob: scope of metadata
- insufficient time to address
>
> 5. Adjourn
>
- Adjourned
----------------------------------------------------------------------
Attendance of Voting Members:
Irving Reid Baltimore
Ronald Jacobson Computer Associates
Carlisle Adams Entrust
Jason Rouault HP
Prateek Mishra Netegrity
Charles Knouse Oblix
Steve Anderson OpenNetwork
Rob Philpott RSA Security
Jahan Moreh Sigaba
Eve Maler Sun
Emily Xu Sun
Scott Cantor (individual)
Attendance of Observers or Prospective Members:
Robert Griffin Entrust
Membership Status Changes:
(none)
--
Steve
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC