[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Minutes for Telecon, Tuesday 06 May 2003
FYI - All action items have been updated based on today's discussions. http://www.oasis-open.org/apps/org/workgroup/security/members/action_items.p hp Rob Philpott RSA Security Inc. The Most Trusted Name in e-Security Tel: 781-515-7115 Mobile: 617-510-0893 Fax: 781-515-7020 mailto:rphilpott@rsasecurity.com > -----Original Message----- > From: Steve Anderson [mailto:sanderson@opennetwork.com] > Sent: Tuesday, May 06, 2003 4:27 PM > To: oasis sstc (E-mail) > Subject: [security-services] Minutes for Telecon, Tuesday 06 May 2003 > > Minutes for SSTC Telecon, Tuesday 06 May 2003 > Dial in info: +1 865 673 3239 #238-3466 > Minutes taken by Steve Anderson > > ====================================================================== > Summary > ====================================================================== > > Votes: > > - Minutes from 29 April 2003 call accepted > > Previous Action Items Still Open: > > - AI-0004: Propose WSDL for Meta-data > - AI-0013: Request use of WS-Trust for CC Proposal > - AI-0033: Generative non-normative "Differences between SAML 1.1 > and SAML 1.0" document > - AI-0038: Continue developing Metadata specs > - AI-0034: Correct document use of xsd:ID > > New Action Items: > > - (none) > > ====================================================================== > Raw Notes > ====================================================================== > > > > > Agenda: > > > > 1. Roll call > > > > - Attendance attached to bottom of these minutes > - Quorum achieved > > > > > 2. Accept minutes from previous meeting, 29 April > > < http://lists.oasis-open.org/archives/security-services/ > > 200304/msg00209.html > > > > > - [VOTE] unanimous consent, accepted > > > > > 3. Kavi Proposal: > > > > Rob has suggested that notification to users every time a document > > is posted to Kavi be turned off by default. Users should be > > notified only for selected document updates. > > > > - Rob: if we're doing large numbers of updates, just send one manual > email notice > - Steve: all for this > - Rob: there's no way to change the default, so just have to make > this a matter of procedure > > > > > 4. Last call notice has gone out Saturday, May 3, 2003 > > > > < http://lists.oasis-open.org/archives/security-services/ > > 200305/msg00067.html > > > > > Stays within guidelines proposed in (updates > > < http://lists.oasis-open.org/archives/security-services/ > > 200304/msg00133.html >) with the exception that last call ends > > on May 15. > > > > - Rob: actually ends Friday 16 May > - Original timeline had the cut-off on 13 May, which would have limited > the comments, but we're still shooting for a Candidate Spec 20 May > > > > > 5. Open Action-Items > > > > AI-0004 > > Propose WSDL for Meta-data > > Prateek Mishra > > > > - Prateek: has not had a chance to catch up with Jahan's metadata > proposal > - stays open > > > > > AI-0013 > > Request use of WS-Trust for CC Proposal > > Maryann Hondo > > > > - not on call > - Rob: can provide update > - there was a call between number of authors last week > - VeriSign, RSA, IBM, but no MS folks > - one clarification needed from TC: are we asking them to submit > specifically as a reference doc or for future derivative works > by the TC > - believes we only wanted it as a reference doc > - Hal: not sure he sees the distinction in practice > - Irving: do we want to base work on it or do we want to take over > furthering that document > - Rob: because MS wasn't on call, couldn't reach conclusion on > timeframe for submitting to a standards body > - feeling was that July may not be feasible > - it is moving forward, however > - Carlisle: trouble is that we're stuck until we get an answer > - Jeff: we're not guaranteed to use WS-Trust anyway > - Carlisle: what if we extend our request to Aug/Sept? > - Hal: would that delay 2.0? > - not necessarily > - Jeff: we can explore other alternatives, including inventing our > own, and if they get their act together, great > - Carlisle: can Rob give any timeline indication? > - Rob: gets feeling of strong desire to get it in an org in the Fall > - Carlisle: can we wait that long? > - Jeff: thinks so > - Steve: is a commitment from the WS-Trust authors to bring it to > a standards body sufficient for us to continue working against > it, or is it necessary to wait for the actual submission? > - Jeff: can do some work based on commitment, but would prefer to > hedge until it actually happens > - Carlisle: having it submitted to an org is the beginning of that > process, and the doc will change > - Steve: that's true of any referenced standard > - [discussion of 'by value' vs. 'by reference'] > - Irving: reluctant to head down 'derivative' route > - Carlisle: what do we think is best course of action > - Jeff: the welcome mat is out to bring the spec to this TC > - Steve: didn't recall it that way > - Carlisle: seems extremely unlikely this spec would be ratified > by a standards body by end of year > - Steve: can we not reference an input draft to another group? > - Jeff: wouldn't be good > - Rob: we could chose to not release the credential collector > functionality with 2.0, and release it afterwards > - Carlisle: do we think end of 2003 is reasonable timeline for 2.0 > - Scott: seems very aggressive > - Rob: we don't have to decide this today > - could have some of the WS-Trust authors on one of our calls > - WS-Trust authors will probably need to meet and discuss this > on their own before that > - our joint call doesn't have to happen right away > - Carlisle: what seems to be the inhibitors to submitting WS-Trust > - Rob: thinks they may want to produce another draft first > - [discussion of the usefulness of that] > - Jeff: not sure that it wouldn't be acceptable (IPR & copyright- > wise) to point to their doc and describe uses of it, basically > profiling it > - stays open > > > > > AI-0032 > > Write text for non-use of artifact confirmation data > > Rob Philpott > > > > - CLOSED > > > > > AI-0033 > > Generative non-normative "Differences between SAML 1.1 and SAML > > 1.0" document > > Prateek Mishra > > > > - Prateek: hopes to generate sometime today > > > > > AI-0038: Continue developing Metadata specs > > Owner: Jahan Moreh > > > > - Jahan: published draft 6 on Friday > - significantly changed from previous version > - appendix lists issues addressed and their resolutions > - awaiting comments > > > > > AI-0037: Example text on use of XML DSIG > > Owner: Scott Cantor > > > > - Scott: provided to Eve, not sure if in docs > - Rob: yes, it is in docs > - CLOSED > > > > > AI-0036: Glossary updates - SSO Assertion, attribute assertion > > Owner: Eve Maler > > > > - CLOSED > > > > > AI-0035: Refer to Liberty and WSS SAML Profile > > Owner: Eve Maler > > > > - CLOSED > > > > > AI-0034: Correct document use of xsd:ID > > Owner: Eve Maler > > > > - still open > - Scott: sent email this morning > < http://www.oasis-open.org/archives/security-services/ > 200305/msg00070.html > > - in the course of implementing 1.1, encountered the 2 issues > described in the email > - was going to raise as a last call issue > - if we need to rectify while Eve is out, he can do it > - most serious mistake is in schema, using IDREF, which is only > for references within the doc > - we may need to move up the hierarchy to a xsd:NCName type > - Rob: is this a true technical issue? > - Scott: thinks so > - Rob: does that mean we'll need to restart the Last Call process? > - Jeff: we made the rules up > - suggests after last call, put all the comments together and have > a vote to determine whether you passed last call or not > - is leery of schema changes > - Frederick: thinks WS-Security had similar situation > - Scott: anything derived from IDREF implies the reference points to > something in the document > - the use cases in WS-Security are different than here > - Jeff: section 7 of WS-Security is where this arises > - Scott: described 2nd issue in this morning's email > - people whose parsers choke on this will either have to patch > their parsers or change the schema in order to use our schema > - tossed around with Eve question of what we get out of our layer > of indirection (saml:IDType) > - currently, there isn't any value > - would be invasive to change > - Steve: not changing it would seem to have big impact > > > > > 6. Any other business > > > > - Prateek: issues with DoNotCache > - will send note to list > - Jahan: will we continue with weekly calls? > - Prateek: thinks we should through at least 20 May > - Errata > - everything is closed > > > > > 7. Adjourn > > > > - Adjourned > > > ---------------------------------------------------------------------- > > Attendance of Voting Members: > > Irving Reid Baltimore > Hal Lockhart BEA > Carlisle Adams Entrust > Scott Cantor Individual > Bob Morgan Individual > Prateek Mishra Netegrity > Frederick Hirsch Nokia > Timo Skytta Nokia > Steve Anderson OpenNetwork > Rob Philpott RSA Security > Dipak Chopra SAP > Jahan Moreh Sigaba > Bhavna Bhatnagar Sun > Jeff Hodges Sun > Emily Xu Sun > Phillip Hallam-Baker Verisign > > > Attendance of Observers or Prospective Members: > > Jason Rouault HP > > > Membership Status Changes: > > Trevor Perrin Individual - Granted voting status after call > > -- > Steve
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]