[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: FW: SSTC Meeting Minutes 1/18/2005.
Minutes compliments of Ron Jacobson.
Sorry for the delay getting these out - that was my [Rob] fault. Attendance is at the end…
Action Items:
· [All] Ask your voting rep's to respond to the XACML 2.0 Standardization ballot.
· [Chairs] Future agenda item - Determine need for future face to face meeting.
· [Jahan] Add potential errata for 2 issues in Nicolas Williams/John Linn discussion thread.
· [Hal L] Provide Tech Overview comments to John H.
· [Paul M] Update/Republish Exec Overview with recent comments.
· [Scott] Provide implementation guideline info for Exec Overview
1. Accept minutes from January 4, Conference Call
http://lists.oasis-open.org/archives/security-services/200501/msg00015.html
Accept Minutes from January 4th
Minutes accepted.
--------------------------------------------------------------------------------
2. SAML 2.0 submitted to OASIS!
http://lists.oasis-open.org/archives/security-services/200501/msg00075.html
Note that CD-04 is available from the OASIS home page.
Eve M. encouraged everyone to Direct Customer and Colleagues to home page.
Hal L. added that XACML 2.0 is now in voting. Please ask your organization's voting reps to vote.
Rob P. - Question on the fact that there were only 90 votes possible.
Hal L. – Officially there are 350…351 organizations.
Prateek M. – Any other comments on the SAML 2.0 submission?
Hal L. – voting commences on the 16th of February.
--------------------------------------------------------------------------------
3. F2F opportunities (informational) - is the TC interested?
a. OASIS Symposium, New Orleans, April 24-29
http://www.oasis-open.org/events/symposium_2005/
b. Digital ID World 2005, San Francisco, May 9-12
http://www.digitalidworld.com/conference/2005/index.html
Prateek M. - A number of people would like us to have an SSTC face to face at their venue.
OASIS has a meeting scheduled at the end of April.
The email links were just FYI.
Rob P. has responded saying that we have to first figure out if we need a face to face.
Prateek M. - We need to discuss this. I am not sure if we have enough business to warrant a face to face.
--------------------------------------------------------------------------------
4. Recent discussion thread
i. John Linn comments
http://lists.oasis-open.org/archives/security-services/200501/msg00077.html
ii. Original comment from Nicolas Williams
http://lists.oasis-open.org/archives/security-services/200501/msg00061.html
John Linn - Thoughtful set of comments.
Maybe there are some things we should consider updating in the future.
On the first one as I read the text on security considerations.
Prateek M. – Much of that material is in SAML bindings.
That material is partly in conformance.
The information is scattered somewhat.
Security considerations are broad in scope.
John – I am not sure we can find the answer in any one place
Rob P. – We have disjoint that are disjoint… but not really.
That there is this WSI document with this other information may be a reasonable thing to do.
Prateek M. – John would that be adequate or do you think we must change the security consideration documents?
John – It is certainly a good and right step to take, however, I am not sure what is contained in the other documents.
Prateek M. – We can keep this open.
First part of John’s concerns…
Assisting on signing denial of service attacks.
John – Good solution for attackers hoping to penetrate… not good protection from individuals attempting to swamp…
Prateek M. – Should this be picked up in errata?
It is not a counter measure against denial of service.
Hal L. – This is a big fight at WSI… If you feel that you are under attack you are allowed to silently discard.
Rob P. – Let’s make this another item on the errata list.
Two errata’s have been identified:
Errata issue with regard to the second part of John’s concerns. There is an error in the text that makes a reference to denial of service attacks.
Errata issue in the text on how responders should deal with perceived attacks.
Rob P. – Do we want to do something similar to what WSI did?
Hal L. – Maybe. We need to give some thought to this.
Prateek M. - TC is calling for comments on these documents by end of January with the intention of advancing them to CD status thereafter.
--------------------------------------------------------------------------------
5. Supporting documents, status and next steps
i. Executive Overview
http://www.oasis-open.org/committees/download.php/9886/sstc-saml-exec-overview-2.0-draft-02.pdf
ii. Technical Overview
http://www.oasis-open.org/committees/download.php/7874/sstc-saml-tech-overview-2.0-draft-01.pdf
iii. Implementation Guidelines
These are supporting documents… The idea would be to release these simultaneously with the standardization announcement.
Rob P. – They are not part of the standards doc set. We would just announce that they are out there.
Exec Overview - Is Paul on the call?
Two objectives modifications to the docs remain.
Prateek M. supplied recommended text for his.
Eve M. if you have text for yours please send it.
Prateek M. – Paul you will update and republish?
Paul – Yes.
Technical Overview - John H:
Hal L. – I had promised to provide some text around SAML and XACML and web services security.
Who should I send this too?
Eve M. – Maybe I should pass the token to you.
John Hughes – I may have some time this week. Hal L. if you want to send this to me.
Action Item - Hal Lockhart - I will email John Hughes word text.
Action Item - John Hughes – I will update this by the end of the week.
--------------------------------------------------------------------------------
6. Other documents on CD track
i. Response to T. Gross analysis of SAML 1.1 artifact
profile
John Linn has put together a response to Thomas Gross paper.
Action Item - Prateek M. – Has an action item to comment on this.
ii. SAML 1.1 Metadata Profile
http://lists.oasis-open.org/archives/security-services/200412/msg00083.html
John Hughes - The schema file is a bit more solid.
Scott – Some set of overarching issues that we want to put into an outline. [RSP – which document is this referring to?]
Prateek M. – Should we push this out beyond 2.0 release?
Scott – I had a lot of different thoughts that need to get into the implementation guideline.
Action Item – Scott will review the implementation guideline.
Scott – My goal would be to produce a committee draft end of February or March.
Rob P. – End of February for comments.
Rick – There is a new version of the profile document he posted.
--------------------------------------------------------------------------------
7. Errata Status
i.
http://lists.oasis-open.org/archives/security-services/200501/msg00058.html
ii.
http://lists.oasis-open.org/archives/security-services/200501/msg00069.html
Start documenting based on the messages that are on the list. We would start whenever it was appropriate.
Prateek M. - In a couple of weeks you will have a draft.
A couple more will be coming out of Ron Williams notes.
8. Open AIs
--------------------------------------------------------------------------------
#0205: MIME type registrations: Jeff will reformat as
plain text for IANA update after final docs done.
Owner: Jeff Hodges
Status: Open
Assigned: 2005-01-04 00:30:40
Due:
Rob P. – Finalize that text in the two specifications.
Jeff – After the vote passes (assuming) the spec set is approved (SAML v2.0) we will edit the spec set for final publication. This means updating front matter and back matter. While we are doing this I will need to update the MIME type registration.
Rob P. – After the vote closes we need to submit the specifications.
Jeff – I will work with you guys and we can do this. This is just a few hours of work.
Prateek M. – This stays open.
Jeff - After approval and during the publication process I need to work with Eve M. or Rob P..
--------------------------------------------------------------------------------
#0203: Analyze/correct usage of SAML entity terminology
Owner: Eve Maler
Status: Open
Assigned: 2004-10-31 19:56:49
Due:
Prateek M. - For Eve M....
Prateek M. - This is closed.
--------------------------------------------------------------------------------
#0183: Comments solicited on John Linn response to
Thomas Gross paper
Owner: Prateek Mishra
Status: Open
Assigned: 2004-07-23 17:10:02
Due:
Prateek M. – I agreed to provide a response to the SAML artifect work.
Prateek M. – I will complete this by this week.
--------------------------------------------------------------------------------
#0180: Need to update SAML server trust document
Owner: Jeff Hodges
Status: Open
Assigned: 2004-07-12 21:49:08
Due:
Prateek M. – This issue will stay open.
--------------------------------------------------------------------------------
#0166: Investigate use of Wiki from the web site
Owner: Scott Cantor
Status: Open
Assigned: 2004-06-22 16:40:19
Hal L. – I see issues with respect to the new OASIS IPR policy. Asking people who make comments on a comment list/Wiki to sign a document on IPR is not feasible.
Using the Wiki to what goes on the SAML dev issue it is not an issue, however, if contributions are going to be included in the specification this is an issue.
Rob – If someone has a Wiki site then the comments must be brought into the TC using normal process if they are going to be including in the specs.
Hal L. – It is an issue. There have been some lawsuits. The standards org in question did not have a good enough process or audit trail on where contributions came from.
Rob P. – We must follow standard OASIS process.
Hal L. – Be aware that there can be potential IP issues.
Scott – It’s up to the TC whether they would like to link up to something like that.
I don’t think it is any different then posting an inventory of profiles.
Bob – Policy is an issue about linking.
Rob P. – We will deal with this if we want to link from this from our site.
Eve M. – We can cross that bridge when we come to it.
Prateek M. – Do we need to talk to some one about this Wiki.
Rob P. – This doesn't seem any different than saml-dev. Whatever applies to saml-dev should apply to this.
Hal L. – Jamie is well aware of the issues around the public comment issue.
Prateek M. – We leave this open and perhaps a Wiki will be started at some point.
Prateek M. – Are there other items that people would like to discuss?
No.
Meeting adjourned.
Attendance
----------
Voting members:
Conor P. Cahill AOL, Inc.
John Hughes Atos Origin
Hal Lockhart BEA Systems, Inc
Rebekah Metz Booz Allen Hamilton
Rick Randall Booz Allen Hamilton
Ronald Jacobson Computer Associates
Carolina Canales-Valenzuela Ericsson
Dana Kaufman Forum Systems
Irving Reid Hewlett-Packard Company
Michael McIntosh IBM
Anthony Nadalin IBM
Nick Ragouzis Individual
Scott Cantor Internet2
Bob Morgan Internet2
Peter Davis NeuStar
Jeff Hodges NeuStar
Frederick Hirsch Nokia
Senthil Sengodan Nokia
Abbie Barbir Nortel
Scott Kiester Novell
Cameron Morris Novell
Paul Madsen NTT USA
Ari Kermaier Oracle
Vamsi Motukuru Oracle
Prateek Mishra Principal Identity
Jim Lien RSA Security
John Linn RSA Security
Rob Philpott RSA Security
Dipak Chopra SAP
Jahan Moreh Sigaba
Eve Maler Sun Microsystems
Ron Monzillo Sun Microsystems
Emily Xu Sun Microsystems
Mike Beach The Boeing Company
Greg Whitehead Trustgenix
Prospective members (as of 18-Jan):
Guy Denton IBM
Maryann Hondo IBM
Thomas Wisniewski Entrust
Observers:
James Vanderbeek Vodafone
Gavenraj Sodhi Computer Associates
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]