Minutes for Telecon, Tuesday 4 Jan 2005

["Steve Anderson" <sanderson@opennetwork.com>]

Minutes for SSTC Telecon, Tuesday 4 Jan 2005

Dial in info: +1 865 673 6950 #351-8396

Minutes taken by Steve Anderson

 

======================================================================

                              Summary

======================================================================

 

  Votes:

 

    - Minutes from 21 Dec 2004 call accepted

    - Direct chairs to set up ballots to re-affirm CD status and

      submit to OASIS, ending 14 January

    - Remove the reference to 8.4 from conformance, rendering it

      not MTI

 

  Status Changes to Existing Action Items:

 

    - none

 

  New Action Items:

 

    - none

   

======================================================================

                             Raw Notes

======================================================================

 

>

> Agenda:

>

> 0. Roll call

>

 

- Attendance attached to bottom of these minutes

- Quorum achieved

 

>

> 1. Accept minutes from previous meeting, 21 Dec

>    < http://lists.oasis-open.org/archives/security-services/

>      200501/msg00007.html >

>

 

- Steve sent update with membership status changes

  < http://lists.oasis-open.org/archives/security-services/

    200501/msg00010.html >

- [VOTE] unanimous consent, accepted

 

>

> 2. Update on CD 3 and next steps

>

>    - Public review period ends January 14.

>    - The chairs will entertain a motion to direct chairs to set up a

>      ballot beginning January 7, ending January 14 asking the TC to:

>      (1) re-affirm CD status

>      (2) vote on submission to OASIS

>

>    Assuming successful votes, the chairs will submit the specification

>    set to OASIS for standardization on January 15.

>

 

- [MOTION] Direct chairs to set up ballots to re-affirm CD status and

  submit to OASIS, ending 14 January

- [VOTE] unanimous consent, accepted

 

>

> 3. Spec updates:

>

>    - Groups - sstc-saml-schema-protocol-2.0.xsd uploaded

>    - Groups - sstc-saml-core-2.0-cd-03a-diff.pdf uploaded

>    - Groups - sstc-saml-bindings-2.0-cd-03a-diff.pdf uploaded

>    - Groups - sstc-saml-profiles-2.0-cd-03a-diff.pdf uploaded

>    - Groups - sstc-saml-metadata-2.0-cd-03a-diff.pdf uploaded

>    - Groups - authn-ctx-schemas-3a.zip uploaded

>    - Groups - sstc-saml-authn-context-2.0-cd-03a-diff.pdf uploaded

>

 

- Scott: not much to highlight, mostly clarifications and editorial

- was one issue that came up in interop

    - Greg: byte order in encoding of artifact

    - implies big endian, but not explicit

    - Scott: thought he made change in latest bindings, but might not

      have

    - same was byte order ambiguity true of Format

- Rob: do you have any other outstanding edits?

- Scott: no

- Rob: has some editorial clean up he wants to do

 

>

> 4. Message threads

>

>    (a) IPR declarations

>    - AOL: http://lists.oasis-open.org/archives/security-services/200412/msg00074.html

>    - Fidelity: http://lists.oasis-open.org/archives/security-services/200412/msg00075.html

>

 

- these are in addition to RSA's previous submission

 

>

>    (b) Conformance spec update:

>    - Prateek: Editorial Update to Section 3.3 of conformance

>

 

- Prateek: thread began with Thomas' question

- appears that intent is that SAML consumers be able to consume assns

  that have identifiers described in 8.2 - 8.4

- Rob: has issue with this direction

- don't see why a conformant implementation needs to accept and

  generate every single format

- Prateek: you only need to be able to syntactically generate them, but

  how you handle them behind the scenes is out of band

- there needs to be one configuration setting

- Scott: even less, you need only provide a plugin interface for dealing

  with each

- Irving: has issue with certifying one thing and shipping something

  different

- Scott: concerned about reopening similar old discussions, like

  support for persistence

- Conor: thinks we should have one Name ID Format that is required, and

  make the rest optional

- the existing approach only fits vendor products, but not a particular

  service

- Greg: thinks consumer should be required to accept all formats

- Rob: and do what with them?

- Greg: associate them with internally known identities

- [... discussion carries on ...]

- Rob: would support clarification that says conformant product provides

  extension interfaces to handle various formats

- Prateek: there is proposed text on the list, so Rob can take a shot at

  modifying that

 

 

- Rob: ok, now what about the Consent issue?

- ??: if we use the same approach, it will require a lot of work

  to provide user interface to obtain the consent from the user

- Rob: if my product only handles implied consent, I'll have to do a

  lot of work to deal with other types of consent

- Scott: doesn't see it that way, sees SAML as merely expressing the

  consent

- Scott: not going to push hard on this, because he doesn't really

  value the feature

- Prateek: tried to state that the means of obtaining the types of

  consent are out of scope

- maybe a clarification of that would be acceptable

- Rob: would like to see us relax on this

- 8.2 and 8.3 are ok, but this one we should back off on

- Conor: the whole reason this was in Liberty was that the Policy folks

  wanted a positive statement on the request

- Greg: they were all lawyers, btw

- Prateek: feels like an important part of the spec

- Nick: agrees, and has proposed in Liberty to test for this in their

  conformance

- Rob: so what do we do? one proposal was to remove the conformance

  requirement for this version of SAML

- [MOTION] Remove the reference to 8.4 from conformance, rendering it

  not MTI

- [VOTE] 9 for, 2 against, 10 abstain, therefore vote passes

- ??: everyone seems ok with 8.2, so conformant implementations must

  support URI attr names, but no attr profiles are MTI, correct?

- [yes]

 

>

>    (c) Other updates:

>    - Per 21-Dec con-call: We need to work on non-normative docs during

>      ballot period, and discuss them on 2005-01-11 focus call

>

 

- Eve: hasn't made any progress

 

>

>    - Groups - draft-saml1x-metadata-02.pdf uploaded

>

 

- Scott: no big changes

- we don't have rules for releasing something that isn't part of a

  spec release, so we'll need to talk about this later

 

>

> 5. Action Items:

>

>    #0206: Clarify logout error handling [Owner: Greg Whitehead]

>

 

- Greg: will work on this week

 

>

>    #0205: MIME type registrations: Jeff will reformat as plain text

>    for IANA update after final docs done. [Owner: Jeff Hodges]

>

 

- Rob: just added this AI

 

>

>    #0203: Analyze/correct usage of SAML entity terminology

>    [Owner: Eve Maler]

>

 

- Eve: hasn't finished (in the midst of moving)

- Scott: can take a pass thru as well

 

>

>    #0183: Comments solicited on John Linn response to Thomas Gross

>    paper [Owner: Prateek Mishra]

>

 

- Prateek: will get to this quickly after 2.0

 

>

>    #0180: Need to update SAML server trust document [Owner: Jeff

>    Hodges]

>

 

- Jeff isn't here

- Rob: post 2.0

 

>

>    #0166: Investigate use of Wiki from the web site [Owner: Scott

>    Cantor]

>

 

- Rob: post 2.0

 

>

>    #0144: Explain optional subject decision [Owner: Eve Maler]

>

 

- Eve: not sure why this resurfaced

- thought we put in more explanatory text in core, and then were going

  to write a technical white paper about the schema

 

>

> 6. Any other business

>

 

- [none]

 

>

> 7. Adjourn

>

 

- Adjourned

 

 

----------------------------------------------------------------------

 

Attendance of Voting Members:

 

  Conor P. Cahill AOL, Inc.

  Hal Lockhart BEA

  Rick Randall Booz Allen Hamilton

  Ronald Jacobson Computer Associates

  Carolina Canales-Valenzuela Ericsson

  Dana Kaufman Forum Systems

  Irving Reid Hewlett-Packard Company

  Michael McIntosh IBM

  Anthony Nadalin IBM

  Nick Ragouzis Individual

  Scott Cantor Internet2

  Bob Morgan Internet2

  Frederick Hirsch Nokia

  Senthil Sengodan Nokia

  Abbie Barbir Nortel

  Scott Kiester Novell

  Cameron Morris Novell

  Steve Anderson OpenNetwork

  Ari Kermaier Oracle

  Vamsi Motukuru Oracle

  Darren Platt Ping Identity

  Prateek Mishra Principal Identity

  Jim Lien RSA Security

  John Linn RSA Security

  Rob Philpott RSA Security

  Dipak Chopra SAP

  Jahan Moreh Sigaba

  Eve Maler Sun Microsystems

  Emily Xu Sun Microsystems

  Greg Whitehead Trustgenix

 

 

Attendance of Observers or Prospective Members:

 

  Guy Denton IBM

  Thomas Schenkman Individual

  Maryann Hondo IBM

  Thomas Wisniewski Entrust

  John Kemp Nokia

 

 

Membership Status Changes:

 

  Guy Denton IBM - Requested membership on 12/8/2004

  John Kemp Nokia - Requested membership on 1/4/2004

  Irving Reid Hewlett-Packard Company - Returned from LOA before 1/4/2005 call

  John Linn RSA Security - Returned from LOA before 1/4/2005 call

 

--

Steve Anderson

OpenNetwork