OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Minutes for Telecon, Tuesday 7 Dec 2004


Minutes for SSTC Telecon, Tuesday 7 Dec 2004

Dial in info: +1 865 673 6950 #351-8396

Minutes taken by Steve Anderson

 

======================================================================

                              Summary

======================================================================

 

  Votes:

 

    - Minutes from 23 Nov 2004 call accepted

 

  Action Items Status Changes:

 

    - none

 

  New Action Items:

 

    - Chairs to create 3 electronic ballots (CD, promote to OASIS,

      30 day review)

   

======================================================================

                             Raw Notes

======================================================================

 

>

> Agenda:

>

> 1. Roll call

>

 

- Attendance attached to bottom of these minutes

- Quorum achieved

 

>

> 2. Accept minutes from previous meeting, 23 Nov

>    http://lists.oasis-open.org/archives/security-services/200411/msg00119.html

>

 

- [VOTE] unanimous consent, accepted

 

>

> 3. New updates to documents (not previously discussed)

>

>    Fixes for authn-context schema errors

>    http://lists.oasis-open.org/archives/security-services/200412/msg00017.html

>

 

- JohnK: someone reported validation problem

- discovered that many tools we had been using for validation

  weren't checking certain things

- resulted in broad change for new approach

- no normative text change

- Tony: but these were normative changes against the schema

- Prateek: there was a technology problem with the schema, and

  John & Scott instituted a change

- Eve: amounts to a big bug fix

- Scott: definitions of classes haven't changed

- JohnK: semantics are the same

- Rob: we'll talk in a few minutes about significance of this

  wrt to our process

- Rob: what is status of files?

- JohnK: files are all done, and was about to upload

- Rob: then, suggest we skip agenda #4 for now, and go on to #5

- [**** SKIPPING TO AGENDA ITEM #5 ****]

 

>

> 4. Re-affirm CD status for document set and schemas

>

>    (a) Specifications

>   

>    Glossary: -cd-02a http://www.oasis-open.org/apps/org/workgroup/security/download.php/9360/sstc-saml-glossary-2.0-cd-02a.pdf

>

>    Bindings: -cd-02f http://www.oasis-open.org/committees/download.php/10337/sstc-saml-bindings-2.0-cd-02f.pdf

>   

>    Conformance: -cd-02a http://www.oasis-open.org/apps/org/workgroup/security/download.php/10269/sstc-saml-conformance-2.0-cd-02a-diff.pdf

>   

>    Core: -CD-02G http://www.oasis-open.org/committees/download.php/10390/sstc-saml-core-2.0-cd-02g.pdf

>   

>    Metadata: -cd-02f http://www.oasis-open.org/committees/download.php/10219/sstc-saml-metadata-2.0-cd-02f.pdf

>   

>    Profiles: -cd-02g http://www.oasis-open.org/committees/download.php/10418/sstc-saml-profiles-2.0-cd-02g.pdf

>   

>    Authn-context: -cd-02b

>    <To appear in repository>

>   

>    (b) Schema

>   

>    Metadata http://www.oasis-open.org/apps/org/workgroup/security/download.php/10035/sstc-saml-schema-metadata-2.0.xsd

>   

>    DCE Attribute data http://www.oasis-open.org/apps/org/workgroup/security/download.php/9051/sstc-saml-schema-dce-2.0.xsd

>   

>    Protocol http://www.oasis-open.org/apps/org/workgroup/security/download.php/9783/sstc-saml-schema-protocol-2.0.xsd

>   

>    Core http://www.oasis-open.org/apps/org/workgroup/security/download.php/9782/sstc-saml-schema-assertion-2.0.xsd

>   

>    X500 http://www.oasis-open.org/apps/org/workgroup/security/download.php/9185/sstc-saml-schema-x500-2.0.xsd

>   

>    LDAP http://www.oasis-open.org/apps/org/workgroup/security/download.php/8652/sstc-saml-schema-ldap-2.0.xsd

>   

>    Authn-context (core)

>    <To appear in repository>

>   

>    Authn-context (classes)

>    <To be updated in V2.0 Working Specifications>

 

- [**** DISCUSSED AFTER AGENDA ITEM #5 ****]

- [MOTION by Conor] Accept documents (pending AuthN Context

  change) as CD

    - second by Jeff

    - Tony: don't have web access currently

    - can't vote on what I can't see

    - happy with intent of fixing problem

    - happy with rest of spec

    - Frederick: can't treat this fix as errata?

    - no

    - Scott: if you had reviewed it before and were happy with it

      before, you'll be happy with it now

    - Prateek: we'll still have 30 days to look it over

    - Steve: are you assuming we'll repeat the public review

    - Eve: even the OASIS std process gives us opportunity to make

      editorial changes

    - Scott: if we repeat the review, there are some changes I'd like

      to make

    - Mike: are people suggesting not doing another 30 day review?

    - Prateek: first considering reaffirming as CD

    - Mike: but less comfortable voting CD if there won't be another

      review

    - Jamie: can table this and vote on review vs. OASIS ballot

    - Mike: could do electronic vote

    - Eve: could hold meeting in 1 week to vote

    - Steve: delaying for a week leaves no time for changes after

      review before submitting for OASIS ballot by Jan 15

    - Conor withdraws motion

- Conor: concerned about staying in loop of 30 day reviews

- Prateek: proposal is to do one week ballots for reaffirming

  CD status AND submit to OASIS for voting

- Jamie: fine to combine into one vote

- Eve: but we need to have fallback ballot (if vote to go to

  OASIS fails) to immediately start 30 day review

- Rob: planned electronic ballots are

    - re-confirm CD status

    - promote to OASIS for vote

    - if vote to go to OASIS fails, start 30 day review immediately

- [ACTION] Chairs to create 3 electronic ballots (CD, promote to OASIS,

  30 day review)

- Rob: means we don't need quorate meeting next Tuesday

- [**** SKIPPING TO AGENDA ITEM #6 ****]

 

>

> 5. Discussion:

>

>    Should we proceed to vote on OASIS standardization ?

>

>    OR

>

>    Does the magnitude of changes of authn-context schema

>    suggest another 30 day review period ?

>

 

- Rob: we do have a timing issue

- we may be comfortable proceeding to OASIS std, or may desire

  another public review

- if want we proceed to OASIS std, we need to re-approve CD status

- if we go thru another review, we would need to start immediately

  to be able to submit by 15 Jan, to have them approved by 1 Mar

- docs on authN context aren't on website yet

- JohnK: uploading now

- Rob: people obviously weren't looking at these, as the authN

  context was sort of secondary

- Rob: so how do folks feel about voting these as CD, pending JohnK's

  post?

- Jamie: was a member of a TC 2 years ago that had a similar

  situation

    - can vote to CD, vote for another review, and after that there

      must be yet another vote to confirm as CD

- Scott: for me, CD question isn't a question, specs are stable

- editorial changes need to be merged in

- the question is whether to proceed to OASIS ballot

- also notes a change in latest Profiles draft concerning what an

  IdP can do in response to an AuthN request in ECP

- Tony: so this is a semantic change

- Scott: yes, the text was overly restrictive, and change loosens it

- attestations shouldn't be affected, because if they were compliant

  already, they still should be

- Prateek: do we go back to agenda #4 now?

- Scott: my vote on #4 doesn't depend on #5

- [**** RETURNING TO AGENDA ITEM #4 ****]

 

>

> 6. Attestations: we now have three statements of use !

>

>    (a) Trustgenix attestation of successful use of SAML 2.0

>    http://lists.oasis-open.org/archives/security-services/200412/msg00014.html

>

>    (b) Entrust attestation of SAML 2.0 implementation

>    http://lists.oasis-open.org/archives/security-services/200411/msg00042.html

>

>    (c) Sun Microsystems attestation of successful use of SAML V2.0

>    http://lists.oasis-open.org/archives/security-services/200411/msg00105.html

>

 

- no comments

 

>

> 7. Other e-mail threads:

>

>    (a) IPR Question from Fujitsu and discussion thread

>    http://lists.oasis-open.org/archives/security-services/200411/msg00126.html

>

 

- Rob: we have had discussions on the side to ensure that we're

  following OASIS procedure

- have spoken with AOL and Fidelity about stating claims

- RSA will be posting on this shortly as well

- Tony: have taken issue to the OASIS board

    - people from Liberty have submitted material with known IPR

    - pointers to Liberty about the IPR may change

    - applicability of IP claims to TC output isn't obvious

    - Conor: Liberty requires disclosure of *pending* IPR and OASIS

      does not

    - Tony: Board has not responded yet

    - Frederick: doesn't think it's progressed within the Board

- Jeff: Liberty mgmt board granted us rights to their specs, and

  they're the ultimate authority

- Jeff: why are we wasting TC time on this?  This is a board matter.

- Prateek: we are following current OASIS rules, and that is all we

  can do now

 

>

>    (b) Days late and dollars short, comments on "entity" terminology

>    http://lists.oasis-open.org/archives/security-services/200412/msg00013.html

>

 

- Eve: haven't finished, but looks pretty good so far

- created descriptions of how terms are used, which may be useful in

  tech overview or other ancillary docs

- Jeff: will help with clean up

- Ron: question about "asserting party" overlapping "authority"

- Eve: almost synonyms

- confusion on "confirming entity", some prefer "attesting entity"

- Eve: is compiling these edits, but not applying them yet

- Rob: let's let Eve work with Editorial team to ensure terms are

  consistent

 

>

> 8. Open AIs relevant to SAML 2.0

>

>    #0204: Final text for subject and subject confirmation

>    Owner: Bob Morgan

>    Status: Open

>    Assigned: 2004-11-23 06:20:46

>    Due: 

>

 

- RLBob not on call

- Rob: expected to be editorial changes, right?

- Scott: thinks he was unhappy with it over all, but this is what

  we're going with unless people speak up

 

>

>    #0203: Analyze/correct usage of SAML entity terminology

>    Owner: Eve Maler

>    Status: Open

>    Assigned: 2004-10-31 19:56:49

>    Due: 

>

 

- Eve: this is under way

 

>

>    #0199: Glossary updates

>    Owner: Jeff Hodges

>    Status: Open

>    Assigned: 2004-10-25 20:14:40

>    Due: 

>

 

- Jeff: will work on it this week

- will be deriving definitions from the specs and put in glossary

- will coordinate with editorial clean up of terminology

 

>

>    #0123: Obtain MIME type registration for HTTP lookup

>    of SAML

>    Owner: Jeff Hodges

>    Status: Open

>    Assigned: 2004-02-13 20:18:48

>

 

- Jeff: needs to double check

- one was approved, not sure on the other one

 

>

> 9. Any other business

>

 

- none

 

>

> 10. Adjourn

>

 

- Adjourned

 

 

----------------------------------------------------------------------

 

Attendance of Voting Members:

 

  Conor P. Cahill AOL, Inc.

  John Hughes Atos Origin

  Hal Lockhart BEA

  Rebekah Metz Booz Allen Hamilton

  Rick Randall Booz Allen Hamilton

  Ronald Jacobson Computer Associates

  Paul Madsen Entrust

  Dana Kaufman Forum Systems

  Michael McIntosh IBM

  Anthony Nadalin IBM

  Nick Ragouzis Individual

  Scott Cantor Internet2

  Peter     Davis NeuStar

  Jeff Hodges NeuStar

  Frederick Hirsch Nokia

  John Kemp Nokia

  Abbie Barbir Nortel

  Scott Kiester Novell

  Cameron Morris Novell

  Charles Knouse Oblix

  Steve Anderson OpenNetwork

  Vamsi Motukuru Oracle

  Darren Platt Ping Identity

  Prateek Mishra Principal Identity

  Jim Lien RSA Security

  Rob Philpott RSA Security

  Jahan Moreh Sigaba

  Bhavna Bhatnagar Sun Microsystems

  Eve Maler Sun Microsystems

  Ron Monzillo Sun Microsystems

  Emily Xu Sun Microsystems

  Mike Beach The Boeing Company

  Greg Whitehead Trustgenix

 

 

Attendance of Observers or Prospective Members:

 

  Senthil Sengodan Nokia

  Carolina Canales-Valenzuela Ericsson

  Jamie Clark OASIS

  James Vanderbeek Vodafone

  Gavenraj Sodhi Computer Associates

  Mary McRae OASIS

 

 

Membership Status Changes:

 

  Tim Alsop CyberSafe - Withdrew 11/23/2004

  Forest Yin Netegrity - Lost voting status after 12/7/2004 call

Maryann Hondo IBM - Lost prospective membership after 12/7/2004 call

 

--

Steve Anderson

OpenNetwork

 

 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]