[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for Telecon, Tuesday 5 August 2003
Minutes for SSTC Telecon, Tuesday 5 August 2003
Dial in info: +1 865 673 3239 #238-3466
Minutes taken by Steve Anderson
======================================================================
Summary
======================================================================
Votes:
- Minutes from 22 July 2003 call accepted
- Chairs directed to contact Project Liberty regarding
submitting ID-FF v1.2 just as they submitted v1.1
Previous Action Items Still Open:
- none
New Action Items:
- Prateek to set up ballot to gauge F2F attendance
- Prateek to post draft F2F agenda before next call
- Prateek to send Rob link to previous posting, and Rob to
update web site with link
- Scott, RLBob and Jeff to produce scenarios for multi-
participant transactional workflows
- John Hughes to produce use case doc for Kerberos support
- Eve to compile v2.0 work items and champions
======================================================================
Raw Notes
======================================================================
>
> Agenda:
>
> 1. Roll call
>
- Attendance attached to bottom of these minutes
- Quorum achieved
>
> 2. Accept minutes from previous meeting, 22 July
> < http://lists.oasis-open.org/archives/security-services/
> 200307/msg00048.html >
>
- Eve: minutes weren't specific on IPR issues with Liberty
- Rob: let's accept these, and deal with that topic later on the Agenda
- [VOTE] unanimous consent, accepted
>
> 3. SAML 1.1 follow-up
>
> a. OASIS announcement to review specs by 16-Aug
>
- Rob: OASIS announcement already sent out
>
> b. Possible errata (Scott C)
> < http://www.oasis-open.org/archives/security-services/
> 200307/msg00063.html >
>
- Rob: seems minor
- question is how to handle? new errata? incorporate into existing
errata doc?
- Jahan: doesn't think it affects anything normative
- Scott: it does affect some "MUST" language
- Jahan: will update errata doc, and we'll fix it in v2.0
- Hal: that's all we legally can do
>
> c. SAML V1.1 Metadata doc draft-07
> < http://www.oasis-open.org/archives/security-services/
> 200307/msg00055.html >
>
- Rob: how do we want to deal with this?
- Prateek: thought it would flow into v2.0
- Rob: ok, that's right
>
> 4. V2.0 Face-to-Face
> a. Scheduled for Sept 8-10, Sun Campus in Burlington, MA
> b. Logistics updates?
> < http://lists.oasis-open.org/archives/security-services/
> 200307/msg00051.html >
>
- Eve: all set
- Jahan: knows someone who is not in TC, but is OASIS member, and would
like to attend
- Eve: just a question of space in the reserved room, which is setup
to hold around 20
- Prateek: also has lots of requests from folks who've been
implementing SAML wanting to attend, which is a good thing
- thinks we'll push well over 20
- will put up a ballot to determine number of people intending to come
- Eve: we need to see how many voting members will be attending, and
make sure we reign in the numbers of non-members
- may be able to reserve bigger room
- observers should send request to the chairs (and Eve, as host) about
attending, and it's up to the judgment of the chairs to allow/dis
- Rob, Prateek, Eve will talk offline
- [ACTION] Prateek to set up ballot to gauge F2F attendance
- Prateek: but non-members may not be able to get to the ballot
>
> c. Social event?
>
- Rob: not too many ideas have come in
- can setup dinner reservations
- if there are any additional ideas, send them in
- otherwise, just needs indications of who would be interested in
attending
- Jahan: this would be on the 2nd night, right?
- Rob: yes, Tues evening
>
> d. Agenda development?
>
- Rob: need some work done here
- Prateek: would be happy to help
- Jeff: before, we've had someone draw up a proposed agenda, post it,
get comments, and proceed
- Irving: can have an open call for topics
- Rob: won't be on next call, so can Prateek post a proposed agenda
and drive to resolution on next call?
- Prateek: can do
- [ACTION] Prateek to post draft F2F agenda before next call
- Hal: is there anything outside of v2.0 work? Liberty IPR, etc?
- Prateek: <described some topics, which will be in proposed agenda, to
be posted shortly>
- Eve: would be good to keep track on public site things like
implementation lessons, interactions with Liberty, etc
- Prateek: had posted some material on this previously
- [ACTION] Prateek to send Rob link to previous posting, and Rob to
update web site with link
>
> 5. V2.0 Call for Editors
> a. Frederick and Eve are the only volunteers so far. Others?
>
- Rob: Krishna also volunteered
- anyone else?
- Jeff: might be able to
- Rob: that would be good, given you background with Liberty stuff
- John Hughs: volunteers as well
- Eve: happy to serve as coordinating editor
- Jahan: can continue with errata and meta data
- Tim: expecting to help Jeff with SASL and CC work
- Jahan: also keening interested in CC work
- Eve: could do editorial team meetings
- Hal: has keen interest in several technical items, but probably can't
commit to editor job
- Eve: maybe those editor calls can be focus group calls
>
> 6. V2.0 scope definition
> a. Follow-up from 22-July discussion?
>
- Eve: Liberty IPR discussion from last call
- Liberty contribution came with its own IPR statement
- Prateek will point to message with that info
- Rob will update web site to point to that
- Jeff: goal statement just sent to list
- probably better to hash this out on list with specific wording
- Rob: if anyone has feedback on the goal statement, post to list
- we need to settle on goal statement on next call
>
> b. Multi-participant transactional workflows - several emails
> exchanged:
> i. Sender Vouches vs Bearer Vs Artifact confirmation methods
>
- Rob: there were about 7-8 emails exchanged on this
- comments?
- Irving: 'SenderVouches' isn't meaningful in an assertion
- simply redundant with absent confirmation method
- Irving: the one condition you could imply is that the absence
of anything else is intentional
- Prateek: does this have a technical impact?
- Jeff: we need to address what is the difference in trust models?
- Bob Blakely did this way back at a F2F (#4?)
- can pull the data out, put into doc, and post to list
- Irving: has only waived arms about artifact profile mandating
confirmation method of "artifact", because using the assertion
after the SSO interaction requires requesting a different
assertion
- Prateek: SAML profile in WSS calls out many of these issues
- Scott: there is no bridge between the SSO interactions and any
subsequent assertion use
- Prateek: so is that a use case that folks are interested in?
- seems to be
- Prateek: is anyone willing to step up with some scenarios?
- Scott: can do it
- RLBob: will assist
- Jeff: will also
- [ACTION] Scott, RLBob and Jeff to produce scenarios for multi-
participant transactional workflows
>
> ii. CSIv2/IIOP identity token vs authorization token
>
- Rob: can continue this discussion on list, if people think
appropriate
>
> iii. Using SAML assertions in WSS-SAML Profile
>
- Rob: dealt with above
- Prateek: is it appropriate to have as part of F2F a discussion of the
state of the WSS-SAML Profile?
- seems to be
- Prateek: will add to agenda
- can feed information back to Ron Monzillo based on that discussion
>
> c. Liberty ID-FF
> i. Can we use ID-FF V1.2?
>
- Prateek: proposes that we solicit contribution of Liberty v1.2
- would like to unify federation layers between SAML & Liberty
- [MOTION] Chairs directed to contact Project Liberty regarding
submitting ID-FF v1.2 just as they submitted v1.1
- Jeff: draft specs are available
- would be a problem to start some work based on those, provided our
work is in draft stage
- IPR stuff seems only dependent on final specs (of derivative work)
- Jeff: Liberty already committed (in statement to press?) to
contribute ID-FF v1.2 to SSTC
- won't hurt for SSTC to request it anyway
- Liberty won't submit it until it is finalize, but may get direct
commitment to do so, freeing SSTC to begin draft work based on
draft of ID-FF v1.2
- [VOTE] unanimous consent
>
> ii. Migration issues SAML V1.x/Liberty to SAML 2.0
>
- Prateek: already spending time on this issue
- seeking other volunteers that are more involved with implementations,
Liberty, etc
- Rob: will assist
>
> d. Trust and delegation email (Krishna)
>
- Krishna: do we have caching intermediaries now?
- Prateek: don't believe there is a general intermediary case
- Hal: not clear on the terms thrown about here, as they mean so many
things
- Krishna: wants to work on providing definitions
- Hal: prefers to hear clear problems that aren't currently solved by
SAML
- Eve: we're still at definition phase, and until that progresses, we
can't do further work
- Scott: this may relate to earlier discussions
>
> e. Kerberos support (Krishna)
>
- John Hughes: someone should produce some use cases on this
- offers to take the lead on this
- Hal: a prior email of mine had some implied use cases, which could
easily be extracted
- John: will be on vacation soon, so it won't be ready until right
before F2F
- [ACTION] John Hughes to produce use case doc for Kerberos support
- Krishna: can assist
>
> f. XACML and OGSA proposals for new request type
>
- Hal: some time ago, XACML submitted proposal for enhancement to
AuthZDecisionRequest to better fit with XACML
- April 3, submitted by Carlisle
- OGSA also had a request that was very similar
- Eve: this is exactly the kind of implementor experience suggestions
we are looking for
- Hal: expects XACML will analyze OGSA request, and may revise their
submission (no later than the F2F)
>
> g. anything else?
>
- Eve: there was a set of things we promised way beck to do in 2.0
- need to go back and gather those
- Scott: certainly, deprecations need to be removed
- [ACTION] Eve to compile v2.0 work items and champions
>
> 7. Action item review
>
> #0056: Solicit comments on 2.0 activities from saml-dev
> Owner: Prateek Mishra
> Status: Closed
>
> #0058: Ask Ron Monzillo for input on multi-participant
> transactional workflows
> Owner: Eve Maler
> Status: Closed
>
> #0038: Continue developing Metadata specs
> Owner: Prateek Mishra
> Status: Open
>
- Rob: let's close this, since it will be a v2.0 work item
- CLOSED
>
> #0055: Draft goal statement for SAML 2.0
> Owner: Jeff Hodges
> Status: Open
>
- Jeff sent draft to list at beginning of call
- discussion will be on list
- CLOSED
>
> #0054: Prepare analysis of Liberty work for 2.0
> Owner: Eve Maler
> Status: Open
>
- Eve: result turned into candidate work item list
- working on a cross reference list of Liberty items
- Scott working on a spreadsheet-style doc
- could also have references to other efforts such as XACML, WS-Fed
- What about WS-Federation?
- Hal: BEA's position is to work to a single set of specs
- Rob: RSA would like to see the same thing
- Eve: has heard that WS-Fed has features that exist in other open
specs, but does it have features that we can take as use cases
for work here?
- Scott: it has benefit of hindsight
- Hal: thinks it does have additional features, like UDDI
- Eve: can you elaborate?
- Scott: UDDI fits in tighter when you move up stack into
federation
- Eve: so this is more relevant to Liberty?
- seems so
- Jeff: there is a need in the Web Services space for discover
service, and Liberty feels that UDDI is too high up, and designed
its own
- Eve: would like to take a use case-based approach to this
- there may be some marketing impacts to any response to WS-Fed
- Prateek: what is there we can do, other than urging submission to
some standards body?
- Eve: thinks there is work we can do
- happy to hear that some WS-Fed authors are pursuing convergence
- we can present ourselves in a stronger fashion as we begin on
v2.0, such as additional web site collateral discussed today,
renewing an attempt at an FAQ section, etc
- John Hughes: has a white paper that includes several relevant
use cases, available on their web site (but requires registering)
- can provide it to anyone who sends him direct requests
- Eve: soliciting people interested in outreach efforts
- Krishna, Rob, Jeff, Jahan, RLBob interested
- Eve: will contact them offline
- analysis done
- CLOSED
>
> #0013: Request use of WS-Trust for CC Proposal
> Owner: Maryann Hondo
> Status: Open
>
- Rob: can discuss at F2F
- Tim: doesn't seem to be going anywhere, so we should forget it
- Jeff: there are other avenues
- CLOSED (due to lack of response)
>
> 8. Any other business
>
- Eve: administrative, we can confirm our telecon schedule at the F2F,
which should be weekly beginning then
- Eve: for work items, can make explicit calls for champions via
emails (one per item)
>
> 9. Adjourn
>
- Adjourned
----------------------------------------------------------------------
Attendance of Voting Members:
Irving Reid Baltimore
Hal Lockhart BEA
Krishna Sankar Cisco
John Hughes Entegrity Solutions
Jason Rouault HP
Scott Cantor Individual
Bob Morgan Individual
Darren Platt Individual
Prateek Mishra Netegrity
Frederick Hirsch Nokia
Senthil Sengodan Nokia
Charles Knouse Oblix
Steve Anderson OpenNetwork
Simon Godik OverXeer
Rob Philpott RSA Security
Edward Coyne SAIC
Jahan Moreh Sigaba
Jeff Hodges Sun
Eve Maler Sun
Emily Xu Sun
Phillip Hallam-Baker Verisign
Attendance of Observers or Prospective Members:
John Linn RSA Security
Tim Moses Entrust
Bill Haase IBM
Membership Status Changes:
Rebekah Lepro NASA - granted voting status after call
--
Steve
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]