OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes for 25-Oct SSTC con-call

Minutes for 25-Oct SSTC con-call

1. Roll call
Cameron Morris to take minutes

2. Approve minutes of 11 Oct con call:
a. RE: [security services] Minutes for SSTC Conference
Call, October 11
<http://lists.oasis-open.org/archives/security-services/200510/msg00014.html>
Unanimously-Approved

3. Errata Review (Jahan):
a. Current rev is draft 17 posted prior to 11 Oct meeting.
New version 18 posted past night, 4 items remains open
32 – Rob
36 – Conflict in schema - We discussed this last meeting.
Should we update text to match schema?
Proposed Jahan Moreh:
No schema change.  On line 1359 strike 'namespace required', and remove sentence starting on line 1361 to 1363
Emily Xu 2nd
Unanimously-approved

b. Status of updates from 11 Oct meeting?
AI's: 231, 236
Nothing new on these.

Clarification on Action element
<http://lists.oasis-open.org/archives/security-services/200509/msg00053.html>
Jahan to capture this as an errata item.

  1. Should we produce red line versions of spec's soon?
    1. Proposed goal, build red-line spec by end of year.
    2. Scott: it would be nice to make these more normative.
    3. Pratek, Errata should go through the standards process.
    4. Does the original specification imply an errata, thus no need to make a new normative?
    5. Action Item: talk to Mary McCray about re-approving errata
    6. Why not take an errata/red-line to standard?
    7. Why not make a schedule to publish red-lines? - Maintenance
    8. Target vote/public review at the end of the year.
    9. Action Item: Have Eve coordinate this, Scott will help

3. Scott: Strawman proposal on third party AuthnRequest
<http://lists.oasis-open.org/archives/security-services/200509/msg00043.html>
    1. Could be done over SOAP, should WS-Addressing be used?
    2. 2 ways to implement this:
      1. Explicitly name the relying party
      2. Extension at the protocol level for a redirect
    3. Criticality? This could be done in metadata – endpoint.
    4. WS-Addressing
      1. Should we bring this up in WS-addr?
      2. Greg: not a good match
    5. Scott: we should decide this high-level approach before continuing
    6. Scott: action item to propose something
4. Scott: Some food for thought on delegation
<http://lists.oasis-open.org/archives/security-services/200510/msg00008.html>
    1. Scott will be working on delegation via assertions
    2. If you are interested read through the document and work with Scott

5. Package for upcoming CD vote:
    a. Rob: Tech Overview status   Still working on updates.
Not ready for review.
    b. Eve: XPath CD draft?
Not done

6. Eve: FAQ update (see AI 235):
a. Could use advise on changing the SAML FAQ
<http://lists.oasis-open.org/archives/security-services/200510/msg00006.html>

  1. Abbie/Prateek: Submission to ITU T
    1. Final approval this winter.  There may be objections to our use of SSL, instead of TLS.
    2. Any comments on PAOS? No.
    3. They want to make a security review
    4. More details to come
      1. This could require a change to text. editorial changes only, (references to SSL should be informative)
    5. Soonest possible is January 16th, More likely in April
    6. Action Item: Please send status to Eve Mahler to place on the web site

8. Miscellaneous:
a. Comment list: Public Comment
<http://lists.oasis-open.org/archives/security-services-comment/200510/msg00000.html>
Any issues come from these comments? No

b. OASIS Press Inquiry: TC response to Gartner's March'05
Report?

An editor from Computer Weekly, a UK IT publication, is writing an
article on new approaches to network security. He asks if we can provide
an official TC response to Gartner's March report, which says "much more
must be done before SAML can be considered anything more than just
another security token format and yet another set of protocols... very
few real world production applications rely on it". He also asks if
there's any synergy between SAML and the Jericho Forum's work.

  1. Is this something the Adoption SC could addresss?
    1. Should we respond to all inquires?
    2. Motion to move this to the sub committee to craft a TC response
    3. 2nd by Peter Davis
    4. Action Item: delegate this to Meritt Maxim

10. AI Review: See attached list
11. Other business?
12. Adjourn

#0237: Interop Test question: Metadata 2.0 EndpointType question Owner:
Eric Tiffany

11 Oct: Option "A" in the list email is the preferred interpretation.
Eric to propose text
Eric was not on the call




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]