[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for Telecon, Tuesday 4 Jan 2005
Minutes for SSTC Telecon, Tuesday 4 Jan 2005 Dial in info: +1 865 673 6950 #351-8396 Minutes taken by Steve Anderson
====================================================================== Summary ======================================================================
Votes:
- Minutes from 21 Dec 2004 call accepted - Direct chairs to set up ballots to re-affirm CD status and submit to OASIS, ending 14 January - Remove the reference to 8.4 from conformance, rendering it not MTI
Status Changes to Existing Action Items:
- none
New Action Items:
- none
====================================================================== Raw Notes ======================================================================
> > Agenda: > > 0. Roll call >
- Attendance attached to bottom of these minutes - Quorum achieved
> > 1. Accept minutes from previous meeting, 21 Dec > < http://lists.oasis-open.org/archives/security-services/ > 200501/msg00007.html > >
- Steve sent update with membership status changes < http://lists.oasis-open.org/archives/security-services/ 200501/msg00010.html > - [VOTE] unanimous consent, accepted
> > 2. Update on CD 3 and next steps > > - Public review period ends January 14. > - The chairs will entertain a motion to direct chairs to set up a > ballot beginning January 7, ending January 14 asking the TC to: > (1) re-affirm CD status > (2) vote on submission to OASIS > > Assuming successful votes, the chairs will submit the specification > set to OASIS for standardization on January 15. >
- [MOTION] Direct chairs to set up ballots to re-affirm CD status and submit to OASIS, ending 14 January - [VOTE] unanimous consent, accepted
> > 3. Spec updates: > > - Groups - sstc-saml-schema-protocol-2.0.xsd uploaded > - Groups - sstc-saml-core-2.0-cd-03a-diff.pdf uploaded > - Groups - sstc-saml-bindings-2.0-cd-03a-diff.pdf uploaded > - Groups - sstc-saml-profiles-2.0-cd-03a-diff.pdf uploaded > - Groups - sstc-saml-metadata-2.0-cd-03a-diff.pdf uploaded > - Groups - authn-ctx-schemas-3a.zip uploaded > - Groups - sstc-saml-authn-context-2.0-cd-03a-diff.pdf uploaded >
- Scott: not much to highlight, mostly clarifications and editorial - was one issue that came up in interop - Greg: byte order in encoding of artifact - implies big endian, but not explicit - Scott: thought he made change in latest bindings, but might not have - same was byte order ambiguity true of Format - Rob: do you have any other outstanding edits? - Scott: no - Rob: has some editorial clean up he wants to do
> > 4. Message threads > > (a) IPR declarations > - AOL: http://lists.oasis-open.org/archives/security-services/200412/msg00074.html > - Fidelity: http://lists.oasis-open.org/archives/security-services/200412/msg00075.html >
- these are in addition to RSA's previous submission
> > (b) Conformance spec update: > - Prateek: Editorial Update to Section 3.3 of conformance >
- Prateek: thread began with Thomas' question - appears that intent is that SAML consumers be able to consume assns that have identifiers described in 8.2 - 8.4 - Rob: has issue with this direction - don't see why a conformant implementation needs to accept and generate every single format - Prateek: you only need to be able to syntactically generate them, but how you handle them behind the scenes is out of band - there needs to be one configuration setting - Scott: even less, you need only provide a plugin interface for dealing with each - Irving: has issue with certifying one thing and shipping something different - Scott: concerned about reopening similar old discussions, like support for persistence - Conor: thinks we should have one Name ID Format that is required, and make the rest optional - the existing approach only fits vendor products, but not a particular service - Greg: thinks consumer should be required to accept all formats - Rob: and do what with them? - Greg: associate them with internally known identities - [... discussion carries on ...] - Rob: would support clarification that says conformant product provides extension interfaces to handle various formats - Prateek: there is proposed text on the list, so Rob can take a shot at modifying that
- Rob: ok, now what about the Consent issue? - ??: if we use the same approach, it will require a lot of work to provide user interface to obtain the consent from the user - Rob: if my product only handles implied consent, I'll have to do a lot of work to deal with other types of consent - Scott: doesn't see it that way, sees SAML as merely expressing the consent - Scott: not going to push hard on this, because he doesn't really value the feature - Prateek: tried to state that the means of obtaining the types of consent are out of scope - maybe a clarification of that would be acceptable - Rob: would like to see us relax on this - 8.2 and 8.3 are ok, but this one we should back off on - Conor: the whole reason this was in Liberty was that the Policy folks wanted a positive statement on the request - Greg: they were all lawyers, btw - Prateek: feels like an important part of the spec - Nick: agrees, and has proposed in Liberty to test for this in their conformance - Rob: so what do we do? one proposal was to remove the conformance requirement for this version of SAML - [MOTION] Remove the reference to 8.4 from conformance, rendering it not MTI - [VOTE] 9 for, 2 against, 10 abstain, therefore vote passes - ??: everyone seems ok with 8.2, so conformant implementations must support URI attr names, but no attr profiles are MTI, correct? - [yes]
> > (c) Other updates: > - Per 21-Dec con-call: We need to work on non-normative docs during > ballot period, and discuss them on 2005-01-11 focus call >
- Eve: hasn't made any progress
> > - Groups - draft-saml1x-metadata-02.pdf uploaded >
- Scott: no big changes - we don't have rules for releasing something that isn't part of a spec release, so we'll need to talk about this later
> > 5. Action Items: > > #0206: Clarify logout error handling [Owner: Greg Whitehead] >
- Greg: will work on this week
> > #0205: MIME type registrations: Jeff will reformat as plain text > for IANA update after final docs done. [Owner: Jeff Hodges] >
- Rob: just added this AI
> > #0203: Analyze/correct usage of SAML entity terminology > [Owner: Eve Maler] >
- Eve: hasn't finished (in the midst of moving) - Scott: can take a pass thru as well
> > #0183: Comments solicited on John Linn response to Thomas Gross > paper [Owner: Prateek Mishra] >
- Prateek: will get to this quickly after 2.0
> > #0180: Need to update SAML server trust document [Owner: Jeff > Hodges] >
- Jeff isn't here - Rob: post 2.0
> > #0166: Investigate use of Wiki from the web site [Owner: Scott > Cantor] >
- Rob: post 2.0
> > #0144: Explain optional subject decision [Owner: Eve Maler] >
- Eve: not sure why this resurfaced - thought we put in more explanatory text in core, and then were going to write a technical white paper about the schema
> > 6. Any other business >
- [none]
> > 7. Adjourn >
- Adjourned
----------------------------------------------------------------------
Attendance of Voting Members:
Conor P. Cahill AOL, Inc. Hal Lockhart BEA Rick Randall Booz Allen Hamilton Ronald Jacobson Computer Associates Carolina Canales-Valenzuela Ericsson Dana Kaufman Forum Systems Irving Reid Hewlett-Packard Company Michael McIntosh IBM Anthony Nadalin IBM Nick Ragouzis Individual Scott Cantor Internet2 Bob Morgan Internet2 Frederick Hirsch Nokia Senthil Sengodan Nokia Abbie Barbir Nortel Scott Kiester Novell Cameron Morris Novell Steve Anderson OpenNetwork Ari Kermaier Oracle Vamsi Motukuru Oracle Darren Platt Ping Identity Prateek Mishra Principal Identity Jim Lien RSA Security John Linn RSA Security Rob Philpott RSA Security Dipak Chopra SAP Jahan Moreh Sigaba Eve Maler Sun Microsystems Emily Xu Sun Microsystems Greg Whitehead Trustgenix
Attendance of Observers or Prospective Members:
Guy Denton IBM Thomas Schenkman Individual Maryann Hondo IBM Thomas Wisniewski Entrust John Kemp Nokia
Membership Status Changes:
Guy Denton IBM - Requested membership on 12/8/2004 John Kemp Nokia - Requested membership on 1/4/2004 Irving Reid Hewlett-Packard Company - Returned from LOA before 1/4/2005 call John Linn RSA Security - Returned from LOA before 1/4/2005 call
-- Steve Anderson OpenNetwork
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]