[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for Telecon, Tuesday 8 June 2004
Minutes for SSTC Telecon, Tuesday 8 June 2004 Dial in info: +1 865 673 6950 #351-8396 Minutes taken by Irving Reid 1. Attendance Quorum reached, attached below 2. Minutes from previous meeting No objections, minutes passed 3. F2F detail Attendance: ongoing poll 4. Recent document updates A) authncontext draft 5 from John Kemp Implements transition from using the 1.x SAML authentication methods to the new authncontext, and profiling authncontext methods that replace the 1.x methods More examples of authncontext classes, and guidance for others to create and publish their own Proposes a place on the web site for others to publish authncontext classes, like we have a list of third party profiles Plans presentation and further discussion at F2F Rob P: Points out that the document does not seem to use the standard template John K: Will check B) Metadata update by Scott Convert to standard document template and same layout/style as core Prateek: Is metadata basically done and ready for a thorough review at F2F? Scott: yes C) Profiles, draft 10, Prateek: Added a new section for Attribute Profiles - general guidelines for defining an attr profile - three specific profiles: o basic attr profile: restricted naming scheme D) XACML attribute profile Hal L: they want to publish it as a SAML profile to make sure that SAML deployments generate attribute statements that are usable by XACML. There has been some debate as to whether this belongs in SSTC or XACML. Eve: reviewed the doc, looks good General discussion of the SSTC vs. XACML TC question. Rough consensus to keep it in SSTC. Scott: ISSUE: X500 profile in our profiles has a "NameFormat" that isn't just "uri", even though the format is a URI. Two problems: more "NameFormat" values than we need, and using a special purpose NameFormat makes X500 incompatible with the XACML profile. Same may also be true for other attribute profiles. Another ISSUE: Use of NameFormat as an indicator of which attribute profile is in effect, rather than just as a specifier of the format of the attribute name. E) Kerberos profile: Prateek: Did the mailing list discussion end with a conclusion? Scott: It seems that there is nothing in the Kerb protocol that can carry the kerb preauth data, so in general there is no way to derive sophisticated authentication contexts just from a service ticket. Either authn context document (or perhaps the kerb profile doc) should discuss how preauth could be reflected in the authn context Unknown: the authn context document should specify that the relevant data should be obtained securely. John K: Rough proposal contained in the last message on the thread (message June 2004 #43) Scott: suggests just taking the first part of the proposed text; tone down the part that proposes changes to the KDC Missed: is John K going to update authn context, or did we nominate Tim in absentia? F) Conformance Prateek: Pinning down the "mandatory to implement" subset of the bindings, describing "units of conformance" that cover specific subsets. Structural discussion of how the conformance stuff would be handled, but no detailed discussion of specific profiles. G) F2F agenda drafting: Scott: Core specs are pretty well ready; we should turn to other specs and work them into near-final state. Prateek: First day could be profiles, authn context, metadata, conformance; then move on to issue list (first four probably go past the first day) Scott: other areas that need attention are: - enhanced client profile needs some attention - re-read the IBM Zurich document and make any concrete proposals; ACTION for Prateek and/or Scott to produce a proposal before F2F Prateek: we need to start discussing specific timetable for when we will publish final documents Jeff H: shoot for "committee last call" for internal review two weeks after F2F, maybe sooner Someone asks: are we including the non-normative security/privacy and glossary documents? Frederick: there is a WSS call Tuesday 10:00 AM; can we make agenda room for people to call in to that? H) Action Items and Issues list (draft-11) 117 closed 128 XRI liaison closed 134 compression algorithms closed 137 closed. Scott: Action 145 is basically done. Hal: can we get action 146 closed? The work is done. Prateek: 147 closed; no comments received Prateek: his proposal closes 151 John sent message that 162 is complete. TECH-1: terminology closed; ACTION open a new issue to find an appropriate place to publish the domain model TECH-3: appears to be mostly done Rest are still open or in progress. ---------------------------------------------------------------------------- Attendance of Voting Members Conor P. Cahill AOL, Inc. Hal Lockhart BEA Gavenraj Sodhi Computer Associates Tim Alsop CyberSafe John Hughes Entegrity Solutions Dana Kaufman Forum Systems Irving Reid Hewlett-Packard Company Jason Rouault Hewlett-Packard Company Paula Austel IBM Maryann Hondo IBM Michael McIntosh IBM Anthony Nadalin IBM Scott Cantor Individual Bob Morgan Individual Prateek Mishra Netegrity Peter Davis Neustar Frederick Hirsch Nokia John Kemp Nokia Nicholas Sauriol Nortel Charles Knouse Oblix Steve Anderson OpenNetwork Darren Platt Ping Identity Jim Lien RSA Security John Linn RSA Security Rob Philpott RSA Security Dipak Chopra SAP Jahan Moreh Sigaba Bhavna Bhatnagar Sun Microsystems Jeff Hodges Sun Microsystems Eve Maler Sun Microsystems Mike Beach The Boeing Company Greg Whitehead Trustgenix Attendance of Prospective Members and Observers Ronald Jacobson Computer Associates Senthil Sengodan Nokia Rebekah Metz NASA Membership Status Changes Ronald Jacobson Computer Associates - Granted voting status after 6/8/2004 call Senthil Sengodan Nokia - Granted voting status after 6/8/2004 call John Cook ComBrio - Lost prospective status after 6/8/2004 call -- Steve Anderson OpenNetwork
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]