[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Agenda for 20-Jan-2004 SSTC Quorum con-call Meeting
1. Roll call
2. Accept minutes from previous quorum meeting
http://lists.oasis-open.org/archives/security-services/200401/msg00019.html
3. Updates for upcoming Boston F2F (Feb 3-5, 2004)
4. SAML 1.1 Interop update (week of Feb 23)
5. Work items WITHOUT solution proposals or "next step" action items:
W-2a SSO with Attribute Exchange (Owner: Prateek Mishra)
W-5: SSO Profile Enhancements (Owner: Prateek Mishra)
W-5b: SOAP Client Profile (Owner: Tony Nadalin)
W-8: Authentication Context (Owner: Bill Howard)
W-9: XML Encryption (Owner: Hal Lockhart)
W-14: SAML Server Trust (Owner: Jeff Hodges)
W-15: Delegation and Intermediaries (Owner: Bob Morgan, Scott Cantor)
W-17: credentials collector and assertions (Owner: Tim Moses --- BUT
Tim no longer wishes to pursue this item here. Maybe this is the call to
announce this change and move it to inactive in the scope document?)
W-19: HTTP-based Assertion referencing (Owner: Scott Cantor)
W-21: Baseline Attribute Namespaces (Owner: Bob Morgan)
W-30: Migration Paths (SAML 1.X, ID-FF 1.X) (Owner: Scott, Prateek)
6. Work in progress (open action items)
#0115: Update metadata drafts with ID-FF 1.2 materials
Owner: Jahan Moreh
Status: Open
Assigned: 19 Jan 2004
Due: ---
Comments:
Prateek Mishra 2004-01-20 03:27 GMT
Jahan:
ACTION: Update the metadata draft if necessary according to the
latest ID-FF V1.2 materials. (Scott will also review for this
purpose.)
http://lists.oasis-open.org/archives/security-services/200312/msg00064.html
----------------------------------------------------------------------------
----
#0114: Propose language to address attribute-based federation
Owner: Prateek Mishra
Status: Open
Assigned: 19 Jan 2004
Due: ---
Comments:
Prateek Mishra 2004-01-20 03:22 GMT
We could break the bilateral assumption that account linkage and
identity federation are equivalent. We could provide a unique
definition for account linkage that includes but doesn't depend
on identity federation ("one can accomplish AL through IF or
through other means, such as exchange of attributes" or similar).
Maryann:
Agrees with this idea.
Prateek:
So account linkage becomes the umbrella term. But can both IF be
accomplished without AL?
Scott:
As an example, his university has contracts with various SPs, but
Scott personally doesn't. There's an agreement to provide
service based on attributes.
A lot of people have been using account linking instead of
identity federation, because the latter has become so overloaded.
Prateek:
The notion of identity federation could be particularized as
attribute-based SSO in one case.
Scott:
We need to stress the "identity" part rather than the
"federation" part in that circumstance, but he agrees.
Eve:
Though this proposal doesn't need to address attribute-based
account linking/identity federation, we may want to add glossary
terms for that.
http://lists.oasis-open.org/archives/security-services/200312/msg00064.html
----------------------------------------------------------------------------
----
#0113: Decouple definition of account linking and federation in
NameIdentifier solution proposal
Owner: Scott Cantor
Status: Open
Assigned: 19 Jan 2004
Due: ---
Comments:
Prateek Mishra 2004-01-20 03:20 GMT
We could break the bilateral assumption that account linkage and
identity federation are equivalent. We could provide a unique
definition for account linkage that includes but doesn't depend
on identity federation ("one can accomplish AL through IF or
through other means, such as exchange of attributes" or similar).
Maryann:
Agrees with this idea.
Prateek:
So account linkage becomes the umbrella term. But can both IF be
accomplished without AL?
Scott:
As an example, his university has contracts with various SPs, but
Scott personally doesn't. There's an agreement to provide
service based on attributes.
A lot of people have been using account linking instead of
identity federation, because the latter has become so overloaded.
Prateek:
The notion of identity federation could be particularized as
attribute-based SSO in one case.
Scott:
We need to stress the "identity" part rather than the
"federation" part in that circumstance, but he agrees.
Eve:
Though this proposal doesn't need to address attribute-based
account linking/identity federation, we may want to add glossary
terms for that.
http://lists.oasis-open.org/archives/security-services/200312/msg00064.html
----------------------------------------------------------------------------
----
#0112: Update (W-7) discovery protocol solution proposal
Owner: Scott Cantor
Status: Open
Assigned: 19 Jan 2004
Due: ---
Comments:
Prateek Mishra 2004-01-20 03:17 GMT
ACTION: (SC) Update based on replacement of hash of succint id by literal
provider id.
----------------------------------------------------------------------------
----
#0111: Request updated liberty draft on proxied SSO
Owner: Scott Cantor
Status: Open
Assigned: 19 Jan 2004
Due: ---
Comments:
Prateek Mishra 2004-01-20 03:16 GMT
A second issue has to do with "controls" over the proxy. This is a three
party situation: IdP, Proxy and SP,
so the question arises whether IdP can indicate to Proxy what is needed and
whether the Proxy can indicate
its preferences.
ACTION: (SC) Request liberty contributors to send draft to SSTC dealing with
second issue.
----------------------------------------------------------------------------
----
#0110: Feedback from LECP profile interop
Owner: Frederick Hirsch
Status: Open
Assigned: 19 Jan 2004
Due: ---
Comments:
Prateek Mishra 2004-01-20 03:14 GMT
ACTION: (FH) Check with Liberty Interop for any problems that may have
arisen with
actual use of LECP profile.
----------------------------------------------------------------------------
----
#0109: Security concerns with LECP profile
Owner: Anthony Nadalin
Status: Open
Assigned: 19 Jan 2004
Due: ---
Comments:
Prateek Mishra 2004-01-20 03:12 GMT
ACTION: (FH) update to respond to Tony's security questions but we need to
ask Tony for the
specific problem he had in mind.
----------------------------------------------------------------------------
----
#0108: Update LECP proposal with ID-FF 1.2 schema changes
Owner: Frederick Hirsch
Status: Open
Assigned: 19 Jan 2004
Due: ---
Comments:
Prateek Mishra 2004-01-20 03:11 GMT
http://lists.oasis-open.org/archives/security-services/200312/msg00086.html
----------------------------------------------------------------------------
----
#0107: Proposal on Sessions
Owner: Hal Lockhart
Status: Open
Assigned: 19 Jan 2004
Due: ---
Comments:
Prateek Mishra 2004-01-19 23:12 GMT
- Hal: there was a mission AI on sessions, which he's been working on
- can try to get a proposal on this out in a couple weeks
- wants to get sessions proposal out next week
- [MISSING ACTION] for Hal, regarding sessions
Prateek Mishra 2004-01-20 03:46 GMT
This action item can be found in the minutes of the December 9 con-call:
- [ACTION] Hal to suggest message flows for separate session/authN
authorities, and John, MikeB & Conor to review
http://lists.oasis-open.org/archives/security-services/200312/msg00054.html
----------------------------------------------------------------------------
----
#0106: Owner for W-8: Authentication Context
Owner: Jeff Hodges
Status: Open
Assigned: 19 Jan 2004
Due: ---
Comments:
Prateek Mishra 2004-01-19 23:11 GMT
Jeff to contact Bill Howard regarding W-8
http://lists.oasis-open.org/archives/security-services/200401/msg00022.html
----------------------------------------------------------------------------
----
#0105: Respond to IBM Analysis Paper
Owner:
Status: Open
Assigned: 19 Jan 2004
Due: ---
Comments:
Prateek Mishra 2004-01-19 23:09 GMT
- [ACTION] Scott & Tony to make recommendations based on IBM security
analysis paper
----------------------------------------------------------------------------
----
#0104: Follow-up on current Meta-data proposals
Owner: Scott Cantor
Status: Open
Assigned: 19 Jan 2004
Due: ---
Comments:
Prateek Mishra 2004-01-19 23:05 GMT
- Rob: there was lots of email activity, and sounds like consensus was
reached
- Jahan not on call
- Scott: believes it's just a matter of incorporation into draft
- [ACTION] Scott to contact Jahan to followup on Roles & Metadata
http://lists.oasis-open.org/archives/security-services/200401/msg00022.html
----------------------------------------------------------------------------
----
#0103: Recommendation on extensibility
Owner: Eve Maler
Status: Open
Assigned: 19 Jan 2004
Due: ---
Comments:
Prateek Mishra 2004-01-19 23:02 GMT
http://lists.oasis-open.org/archives/security-services/200401/msg00022.html
----------------------------------------------------------------------------
----
#0102: Tony to draft amendments to current charter
Owner: Anthony Nadalin
Status: Open
Assigned: 19 Jan 2004
Due: ---
Comments:
Prateek Mishra 2004-01-19 23:01 GMT
Tony to draft amendments to current charter, post to list,
and move for a vote
----------------------------------------------------------------------------
----
#0101: Rob to setup poll for F2F attendance
Owner: Rob Philpott
Status: Open
Assigned: 19 Jan 2004
Due: ---
Comments:
----------------------------------------------------------------------------
----
#0100: Revise draft-sstc-solution-profile-kerberos-01
Owner: John Hughes
Status: Open
Assigned: 19 Jan 2004
Due: ---
Comments:
Prateek Mishra 2004-01-19 22:35 GMT
John wonders if this solution proposal should keep to the minimum
details and then just point out to the existing AuthnRequest design.
There seems to be general consensus on this point. This introduces a
dependency, but seems cleaner overall. Jeff will point to the latest
much-revised draft of SASL-based authentication over SOAP when it's
publicly available. Liberty sponsor members will have access to this
next week.
Scott suggests that WSS needs to be looked at here, as well.
It sounds like we need some of this work to be covered under the SSO
Profile Enhancements work item.
AI: John to evolve the proposal in this direction
http://lists.oasis-open.org/archives/security-services/200401/msg00043.html
----------------------------------------------------------------------------
----
#0099: Review solution proposal in draft-sstc-attribute-02
Owner: Prateek Mishra
Status: Open
Assigned: 19 Jan 2004
Due: ---
Comments:
Prateek Mishra 2004-01-19 22:32 GMT
AI: Prateek, Eve, and Scott to comment on the TC list about the solution
proposal, in order to get us ready to make decisions in next week's call.
Prateek Mishra 2004-01-19 22:36 GMT
http://lists.oasis-open.org/archives/security-services/200401/msg00043.html
----------------------------------------------------------------------------
----
#0098: Why does XACML use a URI-based type system
Owner: Eve Maler
Status: Open
Assigned: 19 Jan 2004
Due: ---
Comments:
Prateek Mishra 2004-01-19 22:30 GMT
AI: Eve to ask Anne Anderson for the historical use cases that underlie
the XACML decision to use a URI-based type system.
http://lists.oasis-open.org/archives/security-services/200401/msg00043.html
----------------------------------------------------------------------------
----
#0097: Update draft-sstc-attribute-02 with AttributeNamespace Usage
Owner: Rebekah Lepro
Status: Open
Assigned: 19 Jan 2004
Due: ---
Comments:
Prateek Mishra 2004-01-19 22:29 GMT
Section 2.2 doesn't quite highlight the fact that implementors (mostly
Prateek and Rob) have reported usage of AttributeNamespace for a
scope-like purpose. We'd like to be more prescriptive about how to do this.
AI: Rebecca to mention the AttributeNamespace usage in the next version
of the paper.
http://lists.oasis-open.org/archives/security-services/200401/msg00043.html
----------------------------------------------------------------------------
----
#0086: Non-HTTP use-cases related to the LECP profile
Owner: Bob Morgan
Status: Open
Assigned: 23 Nov 2003
Due: ---
Comments:
Prateek Mishra 2003-11-24 03:27 GMT
ACTION: Bob Morgan - more use cases. More generic use cases, may be not
involving HTTP. May involve web dav.
----------------------------------------------------------------------------
----
#0084: Reconcile terminology in glossary and current use-case document
Owner: John Kemp
Status: Open
Assigned: 23 Nov 2003
Due: ---
Comments:
Prateek Mishra 2003-11-24 03:19 GMT
Terminology used in sstc-saml-2.0-issues-draft-01.pdf is not consistent with
terminology found in the current SAML glossary.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]