[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for Telecon, Tuesday 28 October 2003
Minutes for SSTC Telecon, Tuesday 28 October 2003 Dial in info: +1 (865) 673-3239 #238-3466 Minutes taken by Steve Anderson ====================================================================== Summary ====================================================================== Votes: - Minutes from 14 October 2003 call accepted Previous Action Items Still Open: - #0072: Authentication Context - #0069: Baseline Attribute Namespaces - #0068: Delegation and Intermediaries New Action Items: - Chairs to update 14 October minutes to reflect 19-2 vote ====================================================================== Raw Notes ====================================================================== > > Agenda: > > 1. Roll call > - Attendance attached to bottom of these minutes - Quorum achieved > > 2. Accept minutes from previous con call, 14 October > < http://lists.oasis-open.org/archives/security-services/ > 200310/msg00102.html > > - MikeM: item about charter revision doesn't list how many voted for, only who against - Prateek: minutes included voting members in attendance, all of whom voted for, except for 2 dissenting votes - MikeM: would like it to be made clear - Prateek: will mark vote 19-2 - [ACTION] Chairs to update 14 October minutes to reflect 19-2 vote - MikeM: believes vote did not pass according to TC process, which requires 2/3 of voting membership - Chairs corrected, it only requires 2/3 of attendance - MikeM: still does not believe charter vote passed - noted by Chairs - [VOTE] unanimous consent, accepted > > 3. Summarize Oct 22-24 SSTC Face-to-Face > > a. Partial minutes: < http://lists.oasis-open.org/archives/ > security-services/200310/msg00182.html > > i. Friday afternoon (10/24) minutes are being cleaned up > and will be sent out soon... > b. Many issues and action items described in the minutes - Not yet > entered into Kavi. > c. Votes/Concensus items: > i. Target for next V2.0 f2f is week of Jan 12th > ii. Motion: SAML TC recommends that XACML TC derive types from > SAML schema, saml:statement and samlp:query to support > authorization decision, and that liaison be established to > follow up on this. Passed unanimously > - Rob: calling for any corrections - will approve these at next meeting > > 4. Next steps: > > Review published list of Use Cases and vote for final inclusion in > V2.0 at 11-Nov con-call. > - Prateek: had an AI to enumerate use cases, did that - encourages posting of any additional use cases - we will be prioritizing use cases after 11 Nov call - John: asking about Kerberos use case, which he didn't see in list - Prateek: recent list came from F2F discussions - consolidated list will be posted before 11 Nov call - Prateek: would like to run through last night's posting < http://lists.oasis-open.org/archives/security-services/ 200310/msg00190.html > - W1 - MikeB: has already provided < http://lists.oasis-open.org/archives/security-services/ 200310/msg00166.html > - Tony: posted last night to list < http://lists.oasis-open.org/archives/security-services/ 200310/msg00188.html > - needs a little more work - RLBob: are we thinking this precludes any more use cases coming in describing sessions? - Prateek: yes, this one is essentially frozen now - W2 - Tony: posted last night, in same email as W1 < http://lists.oasis-open.org/archives/security-services/ 200310/msg00188.html > - W5 - Tony: posted last night, in same email as W1 & W2 < http://lists.oasis-open.org/archives/security-services/ 200310/msg00188.html > - W5a - RLBob: will get one done specifically on WebDAV - will see about others - Frederick: this is in addition to the LECP stuff? - Prateek: yes - W3 - Scott: thinks other people were to submit for A3.1, rather than Jahan - actually was supposed to submit Shib material - Prateek: can provide for this as well - Jahan: didn't understand A3.2 - not sure if there is anything to be written - Prateek: maybe just a 4-line write up of how metadata is to be used - W17 - Tim: working on A17.1 - W15 - RLBob: has already sent an outline for A15.1 < http://lists.oasis-open.org/archives/security-services/ 200310/msg00194.html > - is a container for more specific use cases, which others have indicated they have material for - those people can post directly, or contact RLBob - W28a - being worked on - W28d - RLBob: working on it - had also characterized attribute naming convention as a work item - intends to respin as a use case - Prateek: will amend list for that - Prateek: other use cases? - we have a stated intent of freezing the list today - would like to set a date for publishing docs on these items - suggests 4 Nov - discussion of how we will manage process of prioritization & reduction - when is cutoff for dev of these use case scenarios? - need that so chairs can publish summaries, say on 7 Nov - Rob: makes sense - Prateek: want to go to vote on 11 Nov, so that would give a day or two for people to review - so if summaries are to come out 7 Nov, cutoff for scenarios should be 4 Nov - Rob: sounds right, but will be tight - Proposal: all use case scenarios be completed by EOD 4 Nov, Chairs will provide summary of all scenarios by EOD 7 Nov, and vote will be taken on which scenarios will be in v2.0 on 11 Nov - no objections - Prateek: so, how to handle 11 Nov vote? - Eve: expects that we will accept the general use cases for each work item, but some of the more esoteric use cases may not make the cut - ??: question of inter-dependencies - Hal: the decision to accept use cases may be dependent on having a proposal - Eve: concerned that, based on hallway talk at F2F, many do not understand some of these use cases - if true, would lead back to acceptance of general items over esoteric items - Rob: but we don't want to block solution of esoteric items - Prateek: so how would vote be conducted? - Eve: what was methodology of use case subcommittee way back? - Hal: don't remember, but was captured in the output doc - Eve: wants everyone to look at all of them, and derive their priorities - could do email voting - Prateek: concerned about people voting to accept everything, and v2.0 not meeting its dates - Eve: doesn't expect that to happen - RLBob: doesn't preclude revising direction later, if things can't all be completed - Proposal: straight thumbs up/down vote - no objections - RLBob: could be distinctions of what is in SAML v2.0 versus what are ancillary docs produced by the SSTC - Hal: non-normative docs can be published at any time, and don't need to go beyond committee draft - but normative docs should go as a bundle through the OASIS standardization process, to the degree possible - RLBob: example of SAML SASL mech, could be on separate timeline > > 5. Action Item Review (from Kavi - some were dealt with at the F2F): > > #0072: Authentication Context > Owner: Jeff Hodges > Status: Open > Assigned: 16 Sep 2003 > Comments: > Main task is to approrpiately move Liberty AuthContext > specification into OASIS (so it becomes a standard). > > Jeff will ping Paul Madsen to see if he is interested. > - Jeff: a gentleman from Vodafone, Bill Howard, is the owner, and Jeff will ping him for status - understands that we are a breath away from being able to close this > > #0069: Baseline Attribute Namespaces > Owner: Bob Morgan > Status: Open > Assigned: 16 Sep 2003 > Comments: > Use-case discussed at F2F and generally supported. Waiting for > solution proposal. > > For example, a DSML or X.500 profile for a person's attributes > expressed in SAML. > - RLBob: doc will be submitted > > #0068: Delegation and Intermediaries > Owner: Bob Morgan > Status: Open > Assigned: 16 Sep 2003 > Comments: > Delegation and Intermediaries > Use cases that support arbitrary multi-hop delegation. Liberty > WSF supports one-hop impersonation. The relationship of this to > WSS needs to be sorted out. This relates to the Fidelity need for > a WSRP profile. This is related to W-11. The item "multi- > participant transactional workflows" was folded into this one. > > WAITING for Use-Case proposal. > - RLBob: posted msg < http://lists.oasis-open.org/archives/security-services/ 200310/msg00194.html > - a refinement will follow soon - will leave open > > #0073: Extract enhancement requests from current issues list > Owner: Eve Maler > Status: Open > Assigned: 16 Sep 2003 > - Eve: long since done - CLOSED > > #0082: Promised V2.0 Changes > Owner: Eve Maler > Status: Open > Assigned: 16 Sep 2003 > Comments: > Removing (core) > Removing (core) > Removing deprecated NameIdentifier URIs (core) > Requiring URI references to be absolute (core) > Disallowing as the only child of a SOAP (bindings) > Removing deprecated artifact URI (bindings) > - CLOSED > > #0070: SAML as a SASL security mechanism > Owner: Bob Morgan > Status: Open > Assigned: 16 Sep 2003 > Comments: > Active work item -- waiting solution proposal. > > Defining SAML as a SASL security mechanism. > > Re-spun title of action item. > - Prateek: disposition was to close this, and to open an action to liaise with IETF - RLBob and Jeff to be liaison - CLOSED > > #0076: XACML Proposal for Policy Transport > Owner: Hal Lockhart > Status: Open > Assigned: 16 Sep 2003 > Comments: > Waiting on a solution proposal. > > XACML has asked for a SAML-based solution to transporting > requests for policies and the policies themselves. > - Prateek: has been CLOSED and sent back to XACML TC > > 6. Any other business > - Scott: trying to drive to conclusion matter discussed in recent post regarding name ID < http://lists.oasis-open.org/archives/security-services/ 200310/msg00187.html > - thinks this is linchpin for many other work items - related to Irving's recent comments - not sure if people have had time to review email - question of whether we will generally derive new types to express new data - Irving: not religious about direction here - would like us to say "classification" when that's what we mean, rather than alternatives like "format" - RLBob: need to provide examples to help clarify - Eve: thinks many of the names used are not as helpful as they could be - if we move away from backwards compat, which is fair to do, we can improve that - prefers using choice groups for ourselves and leave type substitution for use by outside parties to extend our work - Scott: we could move away from name id URIs, in favor of new individual elements - allows different attribute relationships as well - [more discussion, lots of trade offs] - Scott: thinks what was done originally works out in the end to be as good as any other option - Eve: sounds like we've come full circle, and current approach is pretty effective - could add a name identifier abstract time for additional flexibility - Eve: will add an issue for 'any attribute' and 'any element' - Scott: will produce semi-final draft based on this discussion > > 7. Adjourn > - Adjourned ---------------------------------------------------------------------- Attendance of Voting Members: Hal Lockhart BEA Peiyin Pai Computer Associates John Hughes Entegrity Solutions Tim Moses Entrust Irving Reid HP Jason Rouault HP Anthony Nadalin IBM Scott Cantor Individual Bob Morgan Individual Prateek Mishra Netegrity Peter Davis Neustar Frederick Hirsch Nokia Charles Knouse Oblix Steve Anderson OpenNetwork Eric Gravengaard Reactivity Jim Lien RSA John Linn RSA Security Rob Philpott RSA Security Dipak Chopra SAP Jahan Moreh Sigaba Jeff Hodges Sun Eve Maler Sun Emily Xu Sun Mike Beach The Boeing Company Attendance of Observers or Prospective Members: Michael McIntosh IBM Gavenraj Sodhi CA Paula Austel IBM Senthil Sengodan Nokia Greg Whitehead Individual Conor Cahill AOL Timo Skytta Nokia John Kemp Individual Ronald Jacobson Computer Associates Membership Status Changes: Michael McIntosh IBM - Granted voting status after 10/28/2003 call Gavenraj Sodhi CA - Granted voting status after 10/28/2003 call Paula Austel IBM - Granted voting status after 10/28/2003 call Conor Cahill AOL - Requested membership 10/24/2003 Robert Aarts Nokia - Requested membership 10/25/2003 Timo Skytta Nokia - Requested membership 10/28/2003 -- Steve Anderson OpenNetwork
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]