[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for Telecon, Tuesday 7 Dec 2004
Minutes for SSTC Telecon, Tuesday 7 Dec 2004 Dial in info: +1 865 673 6950 #351-8396 Minutes taken by Steve Anderson
====================================================================== Summary ======================================================================
Votes:
- Minutes from 23 Nov 2004 call accepted
Action Items Status Changes:
- none
New Action Items:
- Chairs to create 3 electronic ballots (CD, promote to OASIS, 30 day review)
====================================================================== Raw Notes ======================================================================
> > Agenda: > > 1. Roll call >
- Attendance attached to bottom of these minutes - Quorum achieved
> > 2. Accept minutes from previous meeting, 23 Nov > http://lists.oasis-open.org/archives/security-services/200411/msg00119.html >
- [VOTE] unanimous consent, accepted
> > 3. New updates to documents (not previously discussed) > > Fixes for authn-context schema errors > http://lists.oasis-open.org/archives/security-services/200412/msg00017.html >
- JohnK: someone reported validation problem - discovered that many tools we had been using for validation weren't checking certain things - resulted in broad change for new approach - no normative text change - Tony: but these were normative changes against the schema - Prateek: there was a technology problem with the schema, and John & Scott instituted a change - Eve: amounts to a big bug fix - Scott: definitions of classes haven't changed - JohnK: semantics are the same - Rob: we'll talk in a few minutes about significance of this wrt to our process - Rob: what is status of files? - JohnK: files are all done, and was about to upload - Rob: then, suggest we skip agenda #4 for now, and go on to #5 - [**** SKIPPING TO AGENDA ITEM #5 ****]
> > 4. Re-affirm CD status for document set and schemas > > (a) Specifications > > Glossary: -cd-02a http://www.oasis-open.org/apps/org/workgroup/security/download.php/9360/sstc-saml-glossary-2.0-cd-02a.pdf > > Bindings: -cd-02f http://www.oasis-open.org/committees/download.php/10337/sstc-saml-bindings-2.0-cd-02f.pdf > > Conformance: -cd-02a http://www.oasis-open.org/apps/org/workgroup/security/download.php/10269/sstc-saml-conformance-2.0-cd-02a-diff.pdf > > Core: -CD-02G http://www.oasis-open.org/committees/download.php/10390/sstc-saml-core-2.0-cd-02g.pdf > > Metadata: -cd-02f http://www.oasis-open.org/committees/download.php/10219/sstc-saml-metadata-2.0-cd-02f.pdf > > Profiles: -cd-02g http://www.oasis-open.org/committees/download.php/10418/sstc-saml-profiles-2.0-cd-02g.pdf > > Authn-context: -cd-02b > <To appear in repository> > > (b) Schema > > Metadata http://www.oasis-open.org/apps/org/workgroup/security/download.php/10035/sstc-saml-schema-metadata-2.0.xsd > > DCE Attribute data http://www.oasis-open.org/apps/org/workgroup/security/download.php/9051/sstc-saml-schema-dce-2.0.xsd > > Protocol http://www.oasis-open.org/apps/org/workgroup/security/download.php/9783/sstc-saml-schema-protocol-2.0.xsd > > Core http://www.oasis-open.org/apps/org/workgroup/security/download.php/9782/sstc-saml-schema-assertion-2.0.xsd > > X500 http://www.oasis-open.org/apps/org/workgroup/security/download.php/9185/sstc-saml-schema-x500-2.0.xsd > > LDAP http://www.oasis-open.org/apps/org/workgroup/security/download.php/8652/sstc-saml-schema-ldap-2.0.xsd > > Authn-context (core) > <To appear in repository> > > Authn-context (classes) > <To be updated in V2.0 Working Specifications>
- [**** DISCUSSED AFTER AGENDA ITEM #5 ****] - [MOTION by Conor] Accept documents (pending AuthN Context change) as CD - second by Jeff - Tony: don't have web access currently - can't vote on what I can't see - happy with intent of fixing problem - happy with rest of spec - Frederick: can't treat this fix as errata? - no - Scott: if you had reviewed it before and were happy with it before, you'll be happy with it now - Prateek: we'll still have 30 days to look it over - Steve: are you assuming we'll repeat the public review - Eve: even the OASIS std process gives us opportunity to make editorial changes - Scott: if we repeat the review, there are some changes I'd like to make - Mike: are people suggesting not doing another 30 day review? - Prateek: first considering reaffirming as CD - Mike: but less comfortable voting CD if there won't be another review - Jamie: can table this and vote on review vs. OASIS ballot - Mike: could do electronic vote - Eve: could hold meeting in 1 week to vote - Steve: delaying for a week leaves no time for changes after review before submitting for OASIS ballot by Jan 15 - Conor withdraws motion - Conor: concerned about staying in loop of 30 day reviews - Prateek: proposal is to do one week ballots for reaffirming CD status AND submit to OASIS for voting - Jamie: fine to combine into one vote - Eve: but we need to have fallback ballot (if vote to go to OASIS fails) to immediately start 30 day review - Rob: planned electronic ballots are - re-confirm CD status - promote to OASIS for vote - if vote to go to OASIS fails, start 30 day review immediately - [ACTION] Chairs to create 3 electronic ballots (CD, promote to OASIS, 30 day review) - Rob: means we don't need quorate meeting next Tuesday - [**** SKIPPING TO AGENDA ITEM #6 ****]
> > 5. Discussion: > > Should we proceed to vote on OASIS standardization ? > > OR > > Does the magnitude of changes of authn-context schema > suggest another 30 day review period ? >
- Rob: we do have a timing issue - we may be comfortable proceeding to OASIS std, or may desire another public review - if want we proceed to OASIS std, we need to re-approve CD status - if we go thru another review, we would need to start immediately to be able to submit by 15 Jan, to have them approved by 1 Mar - docs on authN context aren't on website yet - JohnK: uploading now - Rob: people obviously weren't looking at these, as the authN context was sort of secondary - Rob: so how do folks feel about voting these as CD, pending JohnK's post? - Jamie: was a member of a TC 2 years ago that had a similar situation - can vote to CD, vote for another review, and after that there must be yet another vote to confirm as CD - Scott: for me, CD question isn't a question, specs are stable - editorial changes need to be merged in - the question is whether to proceed to OASIS ballot - also notes a change in latest Profiles draft concerning what an IdP can do in response to an AuthN request in ECP - Tony: so this is a semantic change - Scott: yes, the text was overly restrictive, and change loosens it - attestations shouldn't be affected, because if they were compliant already, they still should be - Prateek: do we go back to agenda #4 now? - Scott: my vote on #4 doesn't depend on #5 - [**** RETURNING TO AGENDA ITEM #4 ****]
> > 6. Attestations: we now have three statements of use ! > > (a) Trustgenix attestation of successful use of SAML 2.0 > http://lists.oasis-open.org/archives/security-services/200412/msg00014.html > > (b) Entrust attestation of SAML 2.0 implementation > http://lists.oasis-open.org/archives/security-services/200411/msg00042.html > > (c) Sun Microsystems attestation of successful use of SAML V2.0 > http://lists.oasis-open.org/archives/security-services/200411/msg00105.html >
- no comments
> > 7. Other e-mail threads: > > (a) IPR Question from Fujitsu and discussion thread > http://lists.oasis-open.org/archives/security-services/200411/msg00126.html >
- Rob: we have had discussions on the side to ensure that we're following OASIS procedure - have spoken with AOL and Fidelity about stating claims - RSA will be posting on this shortly as well - Tony: have taken issue to the OASIS board - people from Liberty have submitted material with known IPR - pointers to Liberty about the IPR may change - applicability of IP claims to TC output isn't obvious - Conor: Liberty requires disclosure of *pending* IPR and OASIS does not - Tony: Board has not responded yet - Frederick: doesn't think it's progressed within the Board - Jeff: Liberty mgmt board granted us rights to their specs, and they're the ultimate authority - Jeff: why are we wasting TC time on this? This is a board matter. - Prateek: we are following current OASIS rules, and that is all we can do now
> > (b) Days late and dollars short, comments on "entity" terminology > http://lists.oasis-open.org/archives/security-services/200412/msg00013.html >
- Eve: haven't finished, but looks pretty good so far - created descriptions of how terms are used, which may be useful in tech overview or other ancillary docs - Jeff: will help with clean up - Ron: question about "asserting party" overlapping "authority" - Eve: almost synonyms - confusion on "confirming entity", some prefer "attesting entity" - Eve: is compiling these edits, but not applying them yet - Rob: let's let Eve work with Editorial team to ensure terms are consistent
> > 8. Open AIs relevant to SAML 2.0 > > #0204: Final text for subject and subject confirmation > Owner: Bob Morgan > Status: Open > Assigned: 2004-11-23 06:20:46 > Due: >
- RLBob not on call - Rob: expected to be editorial changes, right? - Scott: thinks he was unhappy with it over all, but this is what we're going with unless people speak up
> > #0203: Analyze/correct usage of SAML entity terminology > Owner: Eve Maler > Status: Open > Assigned: 2004-10-31 19:56:49 > Due: >
- Eve: this is under way
> > #0199: Glossary updates > Owner: Jeff Hodges > Status: Open > Assigned: 2004-10-25 20:14:40 > Due: >
- Jeff: will work on it this week - will be deriving definitions from the specs and put in glossary - will coordinate with editorial clean up of terminology
> > #0123: Obtain MIME type registration for HTTP lookup > of SAML > Owner: Jeff Hodges > Status: Open > Assigned: 2004-02-13 20:18:48 >
- Jeff: needs to double check - one was approved, not sure on the other one
> > 9. Any other business >
- none
> > 10. Adjourn >
- Adjourned
----------------------------------------------------------------------
Attendance of Voting Members:
Conor P. Cahill AOL, Inc. John Hughes Atos Origin Hal Lockhart BEA Rebekah Metz Booz Allen Hamilton Rick Randall Booz Allen Hamilton Ronald Jacobson Computer Associates Paul Madsen Entrust Dana Kaufman Forum Systems Michael McIntosh IBM Anthony Nadalin IBM Nick Ragouzis Individual Scott Cantor Internet2 Peter Davis NeuStar Jeff Hodges NeuStar Frederick Hirsch Nokia John Kemp Nokia Abbie Barbir Nortel Scott Kiester Novell Cameron Morris Novell Charles Knouse Oblix Steve Anderson OpenNetwork Vamsi Motukuru Oracle Darren Platt Ping Identity Prateek Mishra Principal Identity Jim Lien RSA Security Rob Philpott RSA Security Jahan Moreh Sigaba Bhavna Bhatnagar Sun Microsystems Eve Maler Sun Microsystems Ron Monzillo Sun Microsystems Emily Xu Sun Microsystems Mike Beach The Boeing Company Greg Whitehead Trustgenix
Attendance of Observers or Prospective Members:
Senthil Sengodan Nokia Carolina Canales-Valenzuela Ericsson Jamie Clark OASIS James Vanderbeek Vodafone Gavenraj Sodhi Computer Associates Mary McRae OASIS
Membership Status Changes:
Tim Alsop CyberSafe - Withdrew 11/23/2004 Forest Yin Netegrity - Lost voting status after 12/7/2004 call Maryann Hondo IBM - Lost prospective membership after 12/7/2004 call
-- Steve Anderson OpenNetwork
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]