OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Minutes of SSTC Conference Call, 24-May-2005


============================================================================
SSTC concall Tue 5/24/2005 9:07:20 AM
----------------------------------------------------------------------------

summary:

* prior minutes accepted

* tabled motions from 10-May accepted
    will have electronic ballots for..
      sstc-saml-x509-authn-based-attribute-protocol-profile-2%200-draft-07.pdf
      draft-saml-xpath-attribute-profile-03.pdf

* questions, comments, concerns, applications for SAML 1.1 Testing Referral 
Program should be sent directly to AndyM.

* Marketing-type folks are interested in forming some sort of SSTC sub-group. 
Folks are supportive. Take discussion of ins-and-outs to the list.

* current version of Technical Overview needs review & feedback !

* Jahan will endeavor to rev the Errata doc in next day or so. Review & comment 
needed.

Attendance at end.


---
Details:


prateek mishra wrote:
 >
 >
 > Dial in info: +1 865 673 6950 #351-8396
 >
 >
 > 1. Accept minutes from May 10 conference call
 > http://lists.oasis-open.org/archives/security-services/200505/msg00038.html

accepted by unanimous consent.


 > 2. Re-visit tabled motion from May 10
 >
 > (a) Proposal to create an electronic ballot for CD status for:
 >
 > sstc-saml-x509-authn-based-attribute-protocol-profile-2.0-draft-07
 >
 > available at
 >
 > 
http://www.oasis-open.org/apps/org/workgroup/security/download.php/12818/sstc-saml-x509-authn-based-attribute-protocol-profile-2%200-draft-07.pdf 



prateek mishra (PM): solicits that we vote


JeffH moves that we have elec ballot for doc in item (a). Conor 2nd.
motion carries by unanimous consent.



 > (b) Proposal to create an electronic ballot for CD status for:
 >
 > draft-saml-xpath-attribute-profile-03.pdf
 >
 > available at
 >
 > 
http://www.oasis-open.org/apps/org/workgroup/security/download.php/12811/draft-saml-xpath-attribute-profile-03.pdf 


RickR moves that we have ballot for (b). JeffH 2nds.

no objections to unanimous consent.



PM: So should have 2 elec ballots by end of day. will have week to vote.




 > 3. INFORMATIONAL
 > *SAML 1.1 Testing Referral Program Proposal Update*
 > http://lists.oasis-open.org/archives/security-services/200505/msg00027.html


AndyM(AM): going to change the policy such that (see msg)...


NickR: what's the definition of "company" in this? Is it a 50% controlling 
interest or what?

AM: good question, don't want to get on this call

Eve (em): have we/you looked at W3C -- they have some guidelines/rules wrt 
subsidaries that perhaps OASIS can leverage...?

[various folks chime in]
FredrickH(FH): OASIS membership agreement addresses subsideraries...

AM: the test referral guidelines are being updated as we speak, so we can fold 
in this info

NR: [asking for further clarification]

AM: doesn't really want discuss these details on this call....

JH: where should comments on referral guidelines be sent?

AM: send them directly to me. Also, companies that wish to offer testing via 
referral should contact AM directly.




 > 4.  INFORMATIONAL
 >
 > Proposal from Meritt Maxim, CA, (Merritt.maxim@ca.com)
 > <mailto:Merritt.maxim@ca.com)for> <mailto:Merritt.maxim@ca.com)for>
 > for <mailto:Merritt.maxim@ca.com)for>  formation of a sub-group to help
 > enhance SAML adoption
 >
 >   The purpose of the SAML Adoption sub-group is to promote
 >   the adoption of the SAML standard within large organizations
 > that will help these organizations reduce operating costs
 > and complexity. The sub-group will achieve this by
 > recommending and executing on a marketing plan. Initially
 > the
 >  sub-group will promote the work of the SAML
 > Specification release(s) and will align with ongoing SAML
 > technical efforts post release of the SAML Specification(s).
 >
 >   The scope of the sub-group is to recruit new members
 > to join the OASIS SAML group, and create and coordinate member
 > communications and outbound communications. It
 > will supervise press and analyst relations such as briefings,
 > releases, and announcements to promote the adoption of
 > SAML for identity federation. It shall manage communications
 > to OASIS SAML members and end-users and recruit new members through
 > the OASIS SAML website, collateral, newsletters, and webinars.
 > To promote SAML positioning and the value proposition, the
 > sub-group shall update existing white papers, FAQs, overview
 > documents and user scenarios as well as create new materials
 > as needed. The sub-group will also establish relationships
 > with other organizations concerned
 >  with federated identity to
 > ensure inclusion of SAML when appropriate. The sub-group will also
 > assist in coordinating the promotional efforts of member companies
 > relating to SAML.

Merritt not on the call.

EM: great idea, want to contribute, but don't think want to re-create formal 
subgroups, our early experiment with that resulted in some balkanization. We 
should discuss such stuff on the main list. Believes the "auxillary" docs we 
have are quite useful, and she's working on a SAMLv2 slide deck

AM: private comments from folks, who're marketing oriented, don't want to be 
deluged by tech list

EM: hm, might soften stance

RLBobM (BM): but there'll be tech content and will need tech review, will be 
hard for a TC-sponsored activity to be entirely objective on its own, witness 
the testing referral program issues, so thinks that having a sort of "saml 
industry association" that's sep from SSTC and sep from OASIS might be an 
outcome. but in meantime, attaching it to the TC should be a way to gather info 
for it...

EM: so what happened with that Federated ID User Group that Boeing or GM 
started....

BM: it was GM, and for various reasons it didn't go anywhere..

MikeBeach(MB): it [floundered] for lack of resources, these things take resources..

JH: summarized what RLBob was saying...

NR: try it as an informal activity as a part of the group...

SA: but if they need to be on SSTC  list then they'll get deluged...

[discussion wrt sep email list, sep sub-group]

EM: so on the stuff they come up with, the TC as a whole has to sign off on it 
and am happy to keep maintaining the SSTC web page and can place such outputs 
on the page...

PM: will have more time next week and on the list to discuss this item, moving 
forward....


 > 5. Technical overview status: (sstc-saml-tech-overview-2[1].0-draft-05.pdf)
 >
 > Most recent draft at:
 > 
http://www.oasis-open.org/apps/org/workgroup/security/download.php/12549/sstc-saml-tech-overview-2%5B1%5D.0-draft-05.pdf 



JohnHughes(JoH): have work to do on this, needs review and feedback to ensure 
have things correct.



 > 6. Errata Status (sstc-saml-errata-2.0-draft-06)
 >
 > Most recent draft at
 > 
http://www.oasis-open.org/apps/org/workgroup/security/download.php/12388/sstc-saml-errata-2.0-draft-06.pdf
 >
 > Relevant threads:
 >
 > (a) *Comments on metadata 2.0 extension spec*
 > http://lists.oasis-open.org/archives/security-services/200505/msg00021.html
 >
 > (b) *Another attempt at AllowCreate cleanup*
 > http://lists.oasis-open.org/archives/security-services/200505/msg00014.html


Jahan Moreh(JM): will endeavor to capture comments today

pm: there's suggestions in the (b) thread
jm: will endeavor to capture

pm: there's also some items in thread on (a)?
jm: [ok]


scott cantor(sc): what's the status of finishing this item up [getting the 
contributor list, frontmatter, backmatter]

[discussion...]

pm: summarizing, 2 docs (1.x metadata profile & attribute extension) 1 schema...

sc: 2 schemas

pm: will send a note to the list today soliciting folks to respond on whether 
they are contributor or not. [so EM can finish up overall editing]

pm: Jahan will you pick up 6a & 6b items and issue new draft?
jm: 6a has items?
pm: 6b has items, 6a is just editorial [nits]


 > 7. Open Action Items
 >
 > *#0221*: Request copy of Thomas Grosz paper for inclusion in SSTC archives
 > *Owner*: Maryann Hondo
 > *Status*: Open
 > *Assigned*: 2005-04-12
 > *Due*: ---

remains open.

 > *#0217*: Explore with OASIS how best to do publication of redlined specs
 > based on errata.
 > *Owner*: Eve Maler
 > *Status*: Open
 > *Assigned*: 2005-03-30
 > *Due*: ---

remains open. will re-ping requisite person.


 > *#0216*: Formulate some suggested redline text for E7 for review.
 > *Owner*: Jahan Moreh
 > *Status*: Open
 > *Assigned*: 2005-03-30
 > *Due*: ---

remains open.

 > *#0213*: Prepare final CD draft of metadata-1x document and submit it to
 > OASIS
 > *Owner*: Eve Maler
 > *Status*: Open
 > *Assigned*: 2005-03-29
 >
 > *Due*: ---
 > COMMENT: also includes meta-data extension draft
 >

remains open.



 > *#0210*: Links to new IPR policy to be sent to SSTC
 > *Owner*: Rob Philpott
 > *Status*: Open
 > *Assigned*: 2005-03-15
 > *Due*: ---


remains open.


 > *#0208*: Run additional tests to check issues with deflate encoding and
 > rfc1951 (java libraries)
 > *Owner*: Scott Cantor
 > *Status*: Open
 > *Assigned*: 2005-03-01
 > *Due*: ---


SC: this one is becoming proverbial barn door already closed. please close this 
one, will try to find someone who's done a non-Java impl to do a test with and 
report results.


ari kermier(ak): what's this one about?

sc: the rfc doesn't have test [vectors], so need to find someone who's not done 
a java impl to try to test will.

greg whitehead(gw): thinks believes that someone at RSA SAMLv2 interop had 
non-java impl....we were all iop'g and we were all doing it wrong


sc: want to get a test suite to see if we can double check output between impl 
types -- the javadoc's info is incorrect/misleading -- hence desire to 
specifically test against impl that's not java.


 > *#0180*: Need to update SAML server trust document
 > *Owner*: Jeff Hodges
 > *Status*: Open
 > *Assigned*: 2004-07-12
 > *Due*: ---


remains open.

---
Attendance:

  Attendance of Voting Members

   Conor P. Cahill AOL, Inc.

   Steve Anderson BMC

   Rick Randall Booz Allen Hamilton

   Thomas Wisniewski Entrust

   Carolina Canales-Valenzuela Ericsson

   Dana Kaufman Forum Systems

   Irving Reid Hewlett-Packard Company

   Guy Denton IBM

   Heather Hinton IBM

   Maryann Hondo IBM

   John Hughes Individual

   Nick Ragouzis Individual

   Scott Cantor Internet2

   Bob Morgan Internet2

   Jeff Hodges NeuStar

   Frederick Hirsch Nokia

   Senthil Sengodan Nokia

   Cameron Morris Novell

   Ari Kermaier Oracle

   Alberto Squassabia Ping Identity

   Prateek Mishra Principal Identity

   Jim Lien RSA Security

   Jahan Moreh Sigaba

   Eve Maler Sun Microsystems

   Ron Monzillo Sun Microsystems

   Mike Beach The Boeing Company

   Greg Whitehead Trustgenix


Attendance of Prospective Members

   Brian Campbell Ping Identity

   David Staggs Veteran's Health Admin


Attendance of Observers

   Andy Moir OASIS


Membership Status Changes



   Brian Campbell Ping Identity - Granted Voting Member status after 5/24/2005 call

   John Harby Individual - Lost prospective status after 5/24/2005 call

   Rebekah Metz Booz Allen Hamilton - Lost Voting status after 5/24/2005 call

   Abbie Barbir Nortel - Lost Voting status after 5/24/2005 call



============================================================================




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]