Minutes for Telecon, Tuesday 8 June 2004

["Steve Anderson" <sanderson@opennetwork.com>]

Minutes for SSTC Telecon, Tuesday 8 June 2004
Dial in info: +1 865 673 6950 #351-8396
Minutes taken by Irving Reid


1. Attendance

Quorum reached, attached below

2. Minutes from previous meeting

No objections, minutes passed

3. F2F detail

Attendance: ongoing poll

4. Recent document updates

A) authncontext draft 5 from John Kemp

Implements transition from using the 1.x SAML authentication methods to the new authncontext, and profiling authncontext methods that replace the 1.x methods

More examples of authncontext classes, and guidance for others to create and publish their own

Proposes a place on the web site for others to publish authncontext classes, like we have a list of third party profiles

Plans presentation and further discussion at F2F

Rob P: Points out that the document does not seem to use the standard template
John K: Will check

B) Metadata update by Scott

Convert to standard document template and same layout/style as core

Prateek: Is metadata basically done and ready for a thorough review at F2F?
Scott: yes


C) Profiles, draft 10, Prateek:

Added a new section for Attribute Profiles
 - general guidelines for defining an attr profile
 - three specific profiles:
   o basic attr profile: restricted naming scheme


D) XACML attribute profile

Hal L: they want to publish it as a SAML profile to make sure that SAML deployments generate attribute statements that are usable by XACML. There has been some debate as to whether this belongs in SSTC or XACML.

Eve: reviewed the doc, looks good

General discussion of the SSTC vs. XACML TC question. Rough consensus to keep it in SSTC.


Scott: ISSUE: X500 profile in our profiles has a "NameFormat" that isn't just "uri", even though the format is a URI. Two problems: more "NameFormat" values than we need, and using a special purpose NameFormat makes X500 incompatible with the XACML profile. Same may also be true for other attribute profiles.


Another ISSUE: Use of NameFormat as an indicator of which attribute profile is in effect, rather than just as a specifier of the format of the attribute name.


E) Kerberos profile:

Prateek: Did the mailing list discussion end with a conclusion?

Scott: It seems that there is nothing in the Kerb protocol that can carry the kerb preauth data, so in general there is no way to derive sophisticated authentication contexts just from a service ticket. Either authn context document (or perhaps the kerb profile doc) should discuss how preauth could be reflected in the authn context

Unknown: the authn context document should specify that the relevant data should be obtained securely.

John K: Rough proposal contained in the last message on the thread (message June 2004 #43)

Scott: suggests just taking the first part of the proposed text; tone down the part that proposes changes to the KDC

Missed: is John K going to update authn context, or did we nominate Tim in absentia?


F) Conformance

Prateek: Pinning down the "mandatory to implement" subset of the bindings, describing "units of conformance" that cover specific subsets.

Structural discussion of how the conformance stuff would be handled, but no detailed discussion of specific profiles.


G) F2F agenda drafting:

Scott: Core specs are pretty well ready; we should turn to other specs and work them into near-final state.

Prateek: First day could be profiles, authn context, metadata, conformance; then move on to issue list (first four probably go past the first day)

Scott: other areas that need attention are:
 - enhanced client profile needs some attention
 - re-read the IBM Zurich document and make any concrete proposals; ACTION for Prateek and/or Scott to produce a proposal before F2F



Prateek: we need to start discussing specific timetable for when we will publish final documents

Jeff H: shoot for "committee last call" for internal review two weeks after F2F, maybe sooner

Someone asks: are we including the non-normative security/privacy and glossary documents?

Frederick: there is a WSS call Tuesday 10:00 AM; can we make agenda room for people to call in to that?



H) Action Items and Issues list (draft-11)

117 closed
128 XRI liaison closed
134 compression algorithms closed
137 closed.
Scott: Action 145 is basically done.
Hal: can we get action 146 closed? The work is done.
Prateek: 147 closed; no comments received
Prateek: his proposal closes 151
John sent message that 162 is complete.


TECH-1: terminology closed; ACTION open a new issue to find an appropriate place to publish the domain model

TECH-3: appears to be mostly done

Rest are still open or in progress.


----------------------------------------------------------------------------


Attendance of Voting Members

  Conor P. Cahill AOL, Inc.
  Hal Lockhart BEA
  Gavenraj Sodhi Computer Associates
  Tim Alsop CyberSafe
  John Hughes Entegrity Solutions
  Dana Kaufman Forum Systems
  Irving Reid Hewlett-Packard Company
  Jason Rouault Hewlett-Packard Company
  Paula Austel IBM
  Maryann Hondo IBM
  Michael McIntosh IBM
  Anthony Nadalin IBM
  Scott Cantor Individual
  Bob Morgan Individual
  Prateek Mishra Netegrity
  Peter Davis Neustar
  Frederick Hirsch Nokia
  John Kemp Nokia
  Nicholas Sauriol Nortel
  Charles Knouse Oblix
  Steve Anderson OpenNetwork
  Darren Platt Ping Identity
  Jim Lien RSA Security
  John Linn RSA Security
  Rob Philpott RSA Security
  Dipak Chopra SAP
  Jahan Moreh Sigaba
  Bhavna Bhatnagar Sun Microsystems
  Jeff Hodges Sun Microsystems
  Eve Maler Sun Microsystems
  Mike Beach The Boeing Company
  Greg Whitehead Trustgenix


Attendance of Prospective Members and Observers

  Ronald Jacobson Computer Associates
  Senthil Sengodan Nokia
  Rebekah Metz NASA


Membership Status Changes

  Ronald Jacobson Computer Associates - Granted voting status after 6/8/2004 call
  Senthil Sengodan Nokia - Granted voting status after 6/8/2004 call
  John Cook ComBrio - Lost prospective status after 6/8/2004 call

--
Steve Anderson
OpenNetwork