DRAFT minutes for OASIS SSTC conf call, 2004-07-13

["RL 'Bob' Morgan" <rlmorgan@washington.edu>]

Folks should please re-check issue and action item statuses, many went by
and I'm not sure I got them all.

 - RL "Bob"

---

OASIS SSTC conference call minutes
2004-07-13
RL "Bob" Morgan


Attendance:  [will be provided separately]

Summary:

 * SSTC voted to move the primary SAML 2.0 documents to "committee last
   call" status, as proposed in

http://www.oasis-open.org/archives/security-services/200407/msg00074.html

 * Committee last call period closes Monday August 2.  This is also the
   deadline for completion of the various non-normative documents in the
   SAML 2.0 set.

 * SSTC accepted SAML 2.0 errata process as proposed in item 3 of

http://www.oasis-open.org/archives/security-services/200407/msg00072.html

 * new issue:  conflict between WSS wsu:id attribute and SAML id attribute


Notes:

motion to accept minutes from 2004-07-06 conf call
  accepted unanimously

proposed errata process, see agenda for details
  Scott:  only way to have normative errata is to go thru whole process?
  Prateek:  yes, but can put ref to errata location in spec
  Hal:  if errata are normative, best just to issue .N revision of spec

discussion of "committee last call" status
  not an official OASIS designation, just within SSTC
  kind of a "beta" status
  so soliciting public comment from outside of the TC
  in particular to get input from implementors
motion to move a bunch of documents to committee last call
  motion:  Scott Cantor, second:  John Kemp
  does not include conformance and security-considerations docs
    since these are less complete
    and not technically normative
Scott:  notes changes needed to attribute profiles
  Prateek:  just the kind of comment needed during last call
** no objections to to unanimous consent, so motion passes
length of last call?  two weeks proposed
  this need not constrain when a vote happens to move to committee spec
  consensus on Monday August 2 as deadline for comments
  Eve will modify docs to include this date
current drafts will remain stable for this time
  new versions can be submitted by editors, mark as committee-internal


Issues:

(Note that issue numbering seems to have changed in draft-12, I'll provide
both below when different.)

BIND-3:  Establish a Mandatory Profile
  remains open

BIND-4:  Representing attribute profiles in core and metadata
  Scott:  nothing covers it now, may propose something to list
  remains open

TECH-1:  Identity/Service Provider Terminology and Domain Model
  (draft-12:  TECH-2)
  closed, since description now will be in technical overview doc

CORE-9:  Wildcarding and Extensibility in the SAML Schemas
  (draft-12:  CORE-14)
  Eve:  position paper found useful, but can just be historical
  something needs to be said about "must ignore" meaning?
  Scott:  if there's no "critical bit", then all extensions implicitly
    "ignorable", so this should be made explicit
    though, for conditions, unknown ones are explicitly invalid
    so just cleanup throughout indicating how extensions should be handled
  closed, based on editors being so instructed

CORE-21:  Consent vs. Reason
  (draft-12:  CORE-26)
  Scott:  dealt with in recent core updates
  closed

CORE-27:  Consider Limiting Datatype of Attribute Name
  (draft-12:  CORE-32)
  still nominally open, we can ask for developer feedback
  Scott:  seems like a bad idea to use obscure types
  Eve:  can close by just saying we add prose constraints?  OK
  closed, based on language to be written to say this

Action items:

#180:  update SAML server trust doc
  will be post-2.0 deliverable
  closed

#179:  cross-domain-pki requirements met by conformance doc?
  need approval from Rick
  remains open

#176:  sequence diagrams for profiles (and bindings?)
  JeffH sent one to list, others remain to be done
    informal sequence diagram ("flow model") from F2F also sent to list
    this might be good input to tech-overview doc
  remains open

#175:  glossary
  a number of items remain to be added
  remains open
  Eve notes that all non-normative docs should also be done by August 2

#174:  DCE attr names
  Scott:  turns out there are none, profile to be reworked
  closed

#172:  LDAP/X.500 value types
  discussion among interested parties
  proposal will be sent to list by RL Bob
  remains open

#170:  modify authnContext declarations
  closed

#166:  wiki
  Scott:  Internet2 has agreed to put up such a service
  remains open

#165:  2.0 errata process
  discussed earlier in call
  closed

#163:  process for submission of profiles etc
  remains open

#160:  privacy concerns
  remains open

#158:  federation definition
  threads on list about this
  remains open

#157:  binding/profile definition
  remains open

#144:  optional subject decision
  Eve may work on "commentary"
  closed

#132:  privacy requirements of some nameformat values
  JohnK will post in a few days
  remains open

#131:  migration of subject
  there will be a general migration doc
  closed

#125:  authnResponse may contain attr statements
  should be covered in spec, Prateek to review
  remains open

#123:  mime type for xml/saml
  document submitted to IETF as internet-draft
  Jeff:  process recently streamlined, need not be RFC
    so will submit to IANA via new process, by next week
  remains open

RonM:  issue about "id" attributes?
  Scott:  we renamed them as "id", so closed?
  RM:  issue with wsu:id in WSS?
    WSS may need to handle different named attributes for that purpose?
    or SAML may have to accept wsu:id as well as SAML's id?
  Scott:  SAML's may have to be optional
  new issue to be opened, Ron will send to list

status of WSS SAML profile?
  RM:  will be put to committee spec vote middle of this week