[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for Telecon, Tuesday 17 February 2004
Action items Hal will generate a posting on possible need to liaison. Maryann will consult with Michael and Tony regarding work item W5b and will get back with the group by next call. All: Need to comment on Scott's message on 10-Feb (msg #00102) John H and Tim will spend early next week working on the solution proposal for W-25. Eve: Action to implement 28-b in core. ALL: Please review the current action items and update them. Prateek will follow up. Minutes for SSTC Conference Call, February 17 -------------------------------------------- Roll call. Attached to end of minutes. Quorum achieved. 1. Accept minutes from the February (2-5) F2F meeting at Burlington, MA <http://lists.oasis-open.org/archives/security-services/200402/msg00123.html> Eve Maler moves to accept minutes of F2F meeting. Raj Sodhi seconds the motion. No objections. Accepted by unanimous consent. 2. Interop report. Rob reported that interop is going well. Needs a speaker from TC to participate in the press conference. Rob has volunteers to be the TC representative. TC approves Rob to be the TC representative to the press event. 3. Time-lines and next F2F planning - Next F2F Mar 30 - April 1 (Mike McIntosh to confirm hotel details etc.) Due to flight schedules it is proposed to start the third day at 8:30 and end at 11:30 AM. Prateek: proposes March 16 as absolute cutoff date of text for proposed specification text (no "new" text or documents after that date) Eve: we can refine the proposed text during the focus call on the 23rd. 4. Focus call for the 24th Due to RSA conference there will be some people who cannot make the call. Rob and Prateek may be able to call-in depending on the state of the Interop. Eve can call in Bob Morgan can call in Scott will likely be able to call in 5.Work Item Review Work through latest version of sstc-saml-scope document available from the OASIS document repository. The following work items do not have solution proposals at this time and are at risk: W-5b: SOAP Client Profile (Mike McIntosh, Tony Nadalin) W-9: XML Encryption (Hal Lockhart) W-15: Delegation and Intermediaries (bob Morgan, Scott Cantor, Ron Monzillo) W-25: Kerberos Support (John Hughes, Tim Alsop) W-21a: Document describing instances of "baselines attribute namespaces" (John Hughes, Prateek Mishra) Eve walked through the document. In many cases the proposals' status is that "it passed" (based on F2F). Prateek: does this mean that the editors will pick up material from ID-FF 1.2 and include it in the material. Eve: Session-related editing has begun. Federation has also begun. Feredrick has split up bindings and profiles. Eve: Notice to editors: all accepted proposed solution should be in draft by the next call. Scott: is working through identity federation and has suggested changes to core. With this, Work Item W2 is "done". Prateek has a number of action items with respect to SSO with attribute exchange; he will work through it. Eve: W3 - Action on Jahan to update document. Scott: has published schema proposal. Jahan: Will publish a draft as soon as TC comments on Scott's schema (probably by 3/2). W5: The cycle over the next week is John, Scott and then Eve. W5a: Fredrick has split Binding and Profiles. There is some commonality between the two. Eve suggest that may be the commonality should move to core. Eve: W5a is in a fairly good shape and is pending comment from TC. W5b: SOAP client profile. Scott: This is a good starting point but does not believe we can complete in time for 2.0. Maryann: neither Michael nor Tony is on the call. Can I answer any questions? Prateek: We do not know the status of the item. We have announced a cut off date. We do not have proposed text. Scott has put some proposals but we do not have a final text. Maryann: Trying to understand what we need here. Scott: his review resulted in identifying issues and what needs to be addressed in order to have a proposed text. Prateek: needs to make work item owner that there is no solution proposal. Maryann: what is the process for getting the feedback to the owners so they can respond. Scott: we are at a point that we need an absolute schema proposal. Ron: it seems that some of the Subject discussion is about the Assertion and W5b is about interacting with an authority. Therefore, there seems to be a separation between the two. Prateek: We need a proposal like: "modify the AuthN req/response protocol in such and such way and modify the Subject in some ways to satisfy the use case". Maryann: It seems we have a dependency on Scott's work. Scott: we will be done by end of this week Prateek: there is really no dependency. There is a need for a solution proposal. Scott: has posted a AuthN request message schema and it's already on the list. The people responsible for this work should take this AuthN request proposal and see if it fits their needs or make alternative solution proposals. Hal: Need to liaisons with the XDI TC, which is doing work in the space of Authority Domain. Eve: what is XDI Hal: XRI Data Interchange. They are at the bottom of the OASIS web page. Action Item: Hal will generate a posting on possible need to liaison. Action Item: Maryann will consult with Michael and Tony an will get back with the group by next call. Discovery proposal: have accepted solution proposal. Will have text by march 16 deadline. W8: Authentication Context. Solution proposal has been accepted. Eve: needs to be turned into a spec. John H.: should be done by the end of this week. W9: Hal will add proposed text this week. W14: SAML server trust. Need to re-format. Jeff: will do it by next week. W15: delegation and intermediaries. Eve: needs technical discussion. Ron has made a proposal and revised the proposal. Eve: should discuss the proposal and vote if we can. Ron: The document as it is written is a core document associates the assertion with the key in a way that resyricts the use of confirmation. This does not seem appropriate to him. Scott: need lots of text and proposed changes AuthN request. Does not see if it can be done by 2.0. Need to address what "holder of key" means. Ron: if we agree to accept Scott's req/resp then that will take us a long way towards completing this item. Prateek: Next step: comment on what Ron and Scott have put out and start summarizing the solution. Ron: finds a little hard to understand some of the terms (like issuer). Action for all: Need to comment on Scott's message on 10-Feb (msg #00102) W-19: Scott will provide text and Jeff will register a MIME type. W-21: This item is at-risk. John H is waiting for input from Prateek and RLBob. W-25: Kerberos support - Also at-risk; discussion has gone on, but there is no solution proposal. Eve: Add to technical discussion list definitions and distinctions between profiles and bindings. John H and Tim will spend early next week working on the solution proposal. W-27: Nothing new. W-28: Eve's proposal is on the table. Rebekah asked Eve to include a bit more of her proposal for historical reference. To be discussed on next focus call. Changes are pretty minimal. Eve: Action to implement 28-b in core. 6. Review of latest version of Issues list Not enough time to cover this agenda item. 7. Action Item Review Prateek will follow up with AI owners. #0127 Remove short-lived assertion restriction from SSO Profiles Owner: Scott Cantor Status: Open Comments: Prateek Mishra 2004-02-16 14:57 GMT I can give a hand with this (prateek) #0126: Modify Trust Model Submission and re-cast into SAML Owner: Jeff Hodges Status: Open Assigned: 16 Feb 2004 Due: --- Comments: ---------------------------------------------------------------------------- ---- #0125: Propose language to explain that AuthNResponse may contain attribute statements Owner: Prateek Mishra Status: Open Assigned: 16 Feb 2004 Due: --- Comments: Prateek Mishra 2004-02-16 14:46 GMT Easy to do but needs proposal on validity of assertion life-times as well. ---------------------------------------------------------------------------- ---- #0124: Update meta-data specification with identifiers for SAML entities Owner: Jahan Moreh Status: Open Assigned: 13 Feb 2004 Due: --- Comments: ---------------------------------------------------------------------------- ---- #0123: Obtain MIME type registration for HTTP lookup of SAML Owner: Jeff Hodges Status: Open Assigned: 13 Feb 2004 Due: --- Comments: ---------------------------------------------------------------------------- ---- #0122: Arrangements for Austin F2F Owner: Michael McIntosh Status: Open Assigned: 13 Feb 2004 Due: --- Comments: ---------------------------------------------------------------------------- ---- #0121: Make a proposal that meets the W-28a* goals and discussion points. Owner: Eve Maler Status: Open Assigned: 11 Feb 2004 Due: --- Comments: ---------------------------------------------------------------------------- ---- #0119: Extension of AuthNRequest - AuthNResponse protocol Owner: Scott Cantor Status: Open Assigned: 11 Feb 2004 Due: --- Comments: Prateek Mishra 2004-02-11 22:35 GMT Scott: Proposes to change AuthnRequest to handle some of this. Ron: would like to help PROPOSAL: get basic integration of AuthnRequest/Response and then look at the various use cases to see how they can be integrated in. (Scott) ---------------------------------------------------------------------------- ---- #0118: Solution proposal for encryption use-cases Owner: Hal Lockhart Status: Open Assigned: 11 Feb 2004 Due: --- Comments: Prateek Mishra 2004-02-11 22:33 GMT ACTION: Hal to produce text to describe 3 use cases for SSTC to consider. ---------------------------------------------------------------------------- ---- #0117: Describe use-cases for attribute-based SSO in relationship to ID-FF 1.2 NameIdPolicy Owner: Prateek Mishra Status: Open Assigned: 11 Feb 2004 Due: --- Comments: ---------------------------------------------------------------------------- ---- #0116: Investigate removal of NotBefore/NotOnOrAfter from BaseNameIdentifier Owner: Scott Cantor Status: Open Assigned: 11 Feb 2004 Due: --- Comments: Prateek Mishra 2004-02-11 22:17 GMT ISSUE: Consider removing NotBefore/NotOnorAfter based on sessions discussion. Sync up validity period (Scott) ACTION: Scott to think about this more ---------------------------------------------------------------------------- ---- #0115: Update metadata drafts with ID-FF 1.2 materials Owner: Jahan Moreh Status: Open Assigned: 19 Jan 2004 Due: --- Comments: Prateek Mishra 2004-01-20 03:27 GMT Jahan: ACTION: Update the metadata draft if necessary according to the latest ID-FF V1.2 materials. (Scott will also review for this purpose.) <http://lists.oasis-open.org/archives/security-services/200312/msg00064.html> ---------------------------------------------------------------------------- ---- #0114: Propose language to address attribute-based federation Owner: Prateek Mishra Status: Open Assigned: 19 Jan 2004 Due: --- Comments: <http://lists.oasis-open.org/archives/security-services/200312/msg00064.html> ---------------------------------------------------------------------------- ---- #0112: Update (W-7) discovery protocol solution proposal Owner: Scott Cantor Status: Open Assigned: 19 Jan 2004 Due: --- Comments: Prateek Mishra 2004-01-20 03:17 GMT ACTION: (SC) Update based on replacement of hash of succint id by literal provider id. ---------------------------------------------------------------------------- ---- #0110: Feedback from LECP profile interop Owner: Frederick Hirsch Status: Open Assigned: 19 Jan 2004 Due: --- Comments: Prateek Mishra 2004-01-20 03:14 GMT ACTION: (FH) Check with Liberty Interop for any problems that may have arisen with actual use of LECP profile. ---------------------------------------------------------------------------- ---- #0109: Security concerns with LECP profile Owner: Anthony Nadalin Status: Open Assigned: 19 Jan 2004 Due: --- Comments: Prateek Mishra 2004-01-20 03:12 GMT ACTION: (FH) update to respond to Tony's security questions but we need to ask Tony for the specific problem he had in mind. ---------------------------------------------------------------------------- ---- #0105: Respond to IBM Analysis Paper Owner: Status: Open Assigned: 19 Jan 2004 Due: --- Comments: Prateek Mishra 2004-01-19 23:09 GMT - [ACTION] Scott & Tony to make recommendations based on IBM security analysis paper ---------------------------------------------------------------------------- ---- #0098: Why does XACML use a URI-based type system Owner: Eve Maler Status: Open Assigned: 19 Jan 2004 Due: --- Comments: Prateek Mishra 2004-01-19 22:30 GMT AI: Eve to ask Anne Anderson for the historical use cases that underlie the XACML decision to use a URI-based type system. <http://lists.oasis-open.org/archives/security-services/200401/msg00043.html> ---------------------------------------------------------------------------- ---- #0086: Non-HTTP use-cases related to the LECP profile Owner: Bob Morgan Status: Open Assigned: 23 Nov 2003 Due: --- Comments: Prateek Mishra 2003-11-24 03:27 GMT ACTION: Bob Morgan - more use cases. More generic use cases, may be not involving HTTP. May involve web dav. Attendance of Voting Members: Hal Lockhart BEA Gavenraj Sodhi Computer Associates Tim Alsop CyberSafe Paul Madsen Entrust Irving Reid HP Jason Rouault HP Maryann Hondo IBM Scott Cantor Individual Bob Morgan Individual Greg Whitehead Individual Prateek Mishra Netegrity Conor Cahill Netscape/AOL Peter Davis Neustar Frederick Hirsch Nokia John Kemp Nokia Charles Knouse Oblix Steve Anderson OpenNetwork Darren Platt Ping Identity John Linn RSA Security Rob Philpott RSA Security Jahan Moreh Sigaba Jeff Hodges Sun Eve Maler Sun Ron Monzillo Sun Emily Xu Sun Mike Beach The Boeing Company Attendance of Prospective Members or Observers: Bhavna Bhatnagar Sun Miguel Pallares Ericsson Dipak Chopra SAP Rick Randal Booz Allen Hamilton Membership Status Changes: Bhavna Bhatnagar Sun - Granted voting status after 2/17/2004 call Miguel Pallares Ericsson - Granted voting status after 2/17/2004 call Maneesh Sahu Individual - Requested membership 2/5/2004 Senthil Sengodan Nokia - Requested membership 2/6/2004 Rick Randal Booz Allen Hamilton - Requested membership 2/8/2004 Von Welch NCSA - Withdrew 2/6/2004 -- Steve Anderson OpenNetwork
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]