[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Draft minutes for 14-Feb-2006 SSTC con-call, with attendance
> 1. Roll Call
Attendance of Voting Members
Steve Anderson BMC Software
Sharon Boeyen Entrust
Brian Campbell Ping Identity
Scott Cantor Internet2
Guy Denton IBM
Heather Hinton IBM
Frederick Hirsch Nokia
Jeff Hodges NeuStar
John Hughes Individual
Dana Kaufman Forum Systems
Ari Kermaier Oracle
Hal Lockhart BEA Systems, Inc
Paul Madsen NTT Corporation
Eve Maler Sun Microsystems
Prateek Mishra Oracle
Jahan Moreh Sigaba
Bob Morgan Internet2
Anthony Nadalin IBM
Ashish Patel France Telecom
Nick Ragouzis Enosis Group
Greg Whitehead Hewlett-Packard Company
Thomas Wisniewski Entrust
Attendance of Non-Voting Members
Bhavna Bhatnagar Sun Microsystems
Vamsi Motukuru Oracle
Membership Status Changes
Marie Henderson NZ State Services Commission - Requested and
was granted membership 2/2/2006
Bill Young NZ State Svcs Commission - Requested and was granted
membership 2/2/2006
Bhavna Bhatnagar Sun Microsystems - Granted voting status after
2/14/2006 call
Mike Beach The Boeing Company - Lost voting status after 2/14/2006
call
Peter Davis NeuStar - Lost voting status after 2/14/2006 call
Cameron Morris Novell - Lost voting status after 2/14/2006 call
> 2.
> Approve minutes from 31-Jan con-call
>
http://www.oasis-open.org/archives/security-services/200601/msg00061.html
APPROVED by unanimous consent.
> 3.
> FYI: Announcing the March Liberty AllianceInteroperability
Conformance Event
>
http://www.oasis-open.org/archives/security-services/200602/msg00011.html
This is just an FYI.
New administrative agenda item: consideration of the XACML TC's
"SAML profile of XACML":
http://lists.oasis-open.org/archives/security-services-comment/200602/msg00000.html
Eve moved and Hal seconded that we include a (non-endorsing) link to
this material on our website. APPROVED by unanimous consent.
AI: Eve to add a link for the SAML V2.0 profile of XACML V2.0 to the
SSTC website's courtesy-links section.
> 4.
> Rob Philpot steps down as Chair after 3+ years
>
http://www.oasis-open.org/archives/security-services/200602/msg00030.html
>
> (a) Rob cannot attend today but will join us for the meeting on
the 28th
>
> (b) Motion: Thank Rob for his leadership of the TC and work on
specifications;
> includes SAML 1.1 thru SAML 2.0 and several recent drafts.
Eve moved and both Hal and Jeff seconded :-) . APPROVED by
unanimous consent. Thanks, Rob, for all your contributions and hard
work!
> (c) Schedule election for new Co-Chair on the 28th. Please
nominate yourself if
> interested.
>
> TC process link: http://www.oasis-open.org/committees/process.php#2.7
Voting members: take note and be sure to attend the meeting on
February 28 for this.
Nominations may be made by email (preferred) or on the next call.
> 5.
> Vote on initiating public review of CDs (Full Majority Vote)
Some editorial work has been requested on one of these drafts. If
they don't change the semantics materially, it could be appropriate
to go ahead and conduct our public-review vote.
Ashish: Notes that Paul Madsen recently asked a question about
bundling of current vs. future extensions. Scott: However, this
particular draft, the protocol extensions document, is not up for a
public-review vote.
Paul's message:
http://lists.oasis-open.org/archives/security-services/200602/msg00027.html
Scott: Moves to put all four of the (below-listed: 5a-d) CDs into
public review. Greg seconds. (But see below for a change to the
motion.)
Hal: Are the drafts in question scheduled for revision in the near
future? Scott: Other than Rob's commentary, which could be
construed as public-review-type comments, no. The docs have not
changed since officially published as CDs. There is a question
surrounding namespaces (single or per-extension), which relates to
Ashish's point and could affect the metadata extension document (5c
below) in minor fashion -- involving namespace changes.
Eve: Do we want to delay two weeks while we decide this? Scott:
Let's discuss today, but not hold up the public-review vote.
Deciding this issue will help us know how to go forward with
extensions in general. Jeff: Would like to document the methodology
and have that be unchanging. Scott: But each schema would want to
change along with the namespace. Having a general policy is good,
though. Jeff: Cares mostly about the protocol extensions document
(6 below; not up for public-review voting).
Greg: If the protocol extension were in the original core spec, the
namespace would be fairly general.
Scott: Notices that the metadata extensions document is badly off
when it comes to managing this issue, so he'd like to pull it out of
consideration for public review (modifying the motion) so it can be
fixed.
Modified motion: Put *three* of the documents into public review
(5a, 5b, 5d). APPROVED by unanimous consent.
> a.
> Committee Draft of SAML Attribute Sharing Profile for X.509
Authentication-Based Systems
>
http://www.oasis-open.org/committees/download.php/14006/sstc-saml-x509-authn-attrib-profile-cd-01.pdf
To be put into public review (see above).
> b.
> Committee Draft of SAML XPath Attribute Profile (HTML version
also available; accompanying schema)
>
http://www.oasis-open.org/committees/download.php/16112/sstc-saml-xpath-attribute-profile-cd-01.pdf
> Schema:
http://www.oasis-open.org/committees/download.php/14194/draft-saml-schema-xpath-attribute-profile-1.xsd
To be put into public review (see above).
> c.
> Committee Draft of SAML Metadata Extension for a Standalone
Attribute Requester
>
http://www.oasis-open.org/committees/download.php/13845/sstc-saml-metadata-ext-cd-01.pdf
> Schema:
http://www.oasis-open.org/committees/download.php/13846/sstc-saml-metadata-ext.xsd
Scott would like to revise this before proposing it for public
review (see above).
> d.
> Committee Draft of SAML V1.x Metadata Profile
>
http://www.oasis-open.org/committees/download.php/13254/sstc-saml1x-metadata-cd-01.pdf
> Schema:
http://www.oasis-open.org/committees/download.php/13255/sstc-saml1x-metadata.xsd
To be put into public review (see above).
> 6.
> New/Updated drafts published to SSTC
>
http://www.oasis-open.org/apps/org/workgroup/security/download.php/16632/draft-saml-protocol-ext-02.pdf
(See above for additional discussion about namespace selection for
this document.)
Prateek: Is the idea to have a core namespace for all extensions?
Jeff: Yes, if the extensions come from this TC. The idea is for it
to be less work to do more extensions. Greg: Is ambivalent. Might
it be easier to have separate documents? Jeff: We don't have a
clear procedure for superseding prior documents. Eve: Concerned
about creating a namespacing framework that's too heavyweight.
Scott: Has decided there's likely more pain in doing a single
document. The only cost to implementing the "multiple namespaces"
approach is that the metadata extension document we already produced
will probably need a namespace change, so he'll have to produce a
new draft and we'll have to do a new CD vote for it.
AI: Scott to submit new drafts of the metadata extension document
and the protocol extension document (may require breaking up the
latter into multiple documents) for consideration as CDs.
AI: Prateek to get OASIS processes in the works to start public
review of the X.509 Attribute CD, the XPath Attribute CD, and the
SAML V1.1 Metadata Profile CD.
> 7.
> Recent Threads
>
> a.* ECP profile question*
>
http://www.oasis-open.org/archives/security-services/200602/msg00002.html
Brian: His original proposal for a fix was improved upon by Thomas:
http://lists.oasis-open.org/archives/security-services/200602/msg00009.html
Jahan: He reopened PE 35 and captured the discussion and the latest
proposal from Thomas.
Scott: The "relative URL" bit comes from the PAOS spec, and he's not
crazy about it since it requires the client to be responsible for
expanding the URL. Brian (?): We shouldn't be promoting non-ideal
examples, since people use those as implementation guides. Scott:
Let's not list a relative URL.
Prateek: Can we do a hard restriction against relative URIs? Scott:
If we make this a SHOULD NOT, it doesn't help implementors much, but
at least we avoid a new version of the profile. At least the
example shouldn't show the non-desired behavior. Eve: Let's at
least do the soft restriction and fix the example for now, since
this can be an erratum.
AI: Brian to write up a new PE35 proposal, adding a soft restriction
on relative URLs and changing the example to match.
> b. *Revised encryption guidelines text*
>
http://www.oasis-open.org/archives/security-services/200602/msg00020.html
This is PE43.
Scott: He has prepared what is mostly a wholesale replacement of the
encryption section. The use cases have been made consistent, so as
not to confuse people. Both forwards and backwards references (data
to key, key to data) are SHOULDs. Heather: This is looking good; an
improvement on her original text.
Scott: People should review the new text! And it needs to be run
against a validator.
Eve: How easy would it be to produce a red-line version? Scott: A
wholesale change indicating lines xxx-yyy would be most appropriate.
Prateek: We will vote on this change next time.
AI: Heather will attempt to validate the schema changes before next
week. (This is a continuation of AI #0250; see below.)
> c. Question about shared credential use-case
>
http://www.oasis-open.org/archives/security-services/200602/msg00001.html
This remains open.
> d. *AuthnContext comparison clarifications*
>
http://www.oasis-open.org/archives/security-services/200602/msg00024.html
There is no current PE for this. Scott: He took an AI a long time
ago to look into potential improvements. He has come up with a
candidate paragraph that explains what we meant regarding individual
authentication contexts (vs. some kind of precedence order of the
input).
AI: Jahan to create a new PE with Scott's suggestion.
> 8.
> Errata Review
>
http://www.oasis-open.org/apps/org/workgroup/security/download.php/16655/sstc-saml-errata-2.0-draft-23.pdf
PE10:
Jahan: He had an AI to propose text (see line 283 in Errata rev 23).
Jahan: Moves to accept his proposed text. Eve seconds. ACCEPTED by
unanimous consent.
PE10 is now closed and approved.
PE23: Still open.
PE35: Just discussed.
PE43: Just discussed.
New PE44:
This is about "constrained delegation", but we want to rename it.
Scott will propose something.
> 9.
> Open AIs
>
> #0251: Comment on Shared credential draft document
> Owner: Hal Lockhart
> Status: Open
> Assigned: 2006-02-13
> Due: ---
Closed. Hal sent a comment recently:
http://lists.oasis-open.org/archives/security-services/200602/msg00033.html
> #0250: PE 43
> Owner: Heather Hinton
> Status: Open
> Assigned: 2006-02-13
> Due: ---
This one is still open pending the validation activity Heather
promised above.
> #0249: Open an erratum place holder for Constrained Delegation
> Owner: Jahan Moreh
> Status: Open
> Assigned: 2006-02-13
> Due: ---
Closed; this is PE44.
> #0248: Provide draft of IBM's SAML 2.0 research report
> Owner: Anthony Nadalin
> Status: Open
> Assigned: 2006-02-13
> Due: ---
Still open.
> #0247: As per 17-Jan call: Prateek has received some feedback on
the constrained delegation profile and will produce a revision next
week.
> Owner: Prateek Mishra
> Status: Open
> Assigned: 2006-01-30
> Due: ---
Closed; Prateek and Scott have agreed on a slightly different approach.
> #0246: Jahan to revise the PE 10 wording proposal "clarifying
that anyURI is indeed the right interpretation" for the Reason
attribute.
> Owner: Jahan Moreh
> Status: Open
> Assigned: 2006-01-30
> Due: ---
Closed; PE10 closed today.
> #0245: Per 17-Jan con-call: Greg W. to propose some clarifying
text for the attribute profile section re: the issues discussed on
the call.
> Owner: Greg Whitehead
> Status: Open
> Assigned: 2006-01-30
> Due: ---
Still open. Greg: He has no recollection of this! Will figure it out.
> #0243: Clean up text in Section 3.3.2.2.1 (RequestedAuthNContext)
> Owner: Scott Cantor
> Status: Open
> Assigned: 2006-01-17
> Due: ---
Closed; discussed above.
> #0242: Recommended text for SAML Attr Sharing Profile
> Owner: Rob Philpott
> Status: Open
> Assigned: 2006-01-17
> Due: ---
Still open.
> #0240: Status of SAML 2.0 submission to ITU T
> Owner: Olivier Dubuisson
> Status: Open
> Assigned: 2005-11-07
> Due: ---
Still open. Hal: Abbie should be our main contact. The process is
proceeding -- it's the "mulling" period. :-)
> #0238: Plan for red-line versions of SAML 2.0
> Owner: Eve Maler
> Status: Open
> Assigned: 2005-11-07
> Due: ---
Still open.
> #0234: Nick to prepare some text for PE 23.
> Owner: Nick Ragouzis*
> Status: Open
> Assigned: 2005-10-10
> Due: ---
Still open; discussed above.
> #0230: SAML Conformance SSL/TLS requirements
> Owner: Eric Tiffany
> Status: Open
> Assigned: 2005-09-12
> Due: ---
Still open.
> #0180: Need to update SAML server trust document
> Owner: Status: Open
> Assigned: 2004-07-12
> Due: ---
Closed with no action. Scott: No one has been clamoring for it, and
if we did work on it, it would contribute to an implementor's guide
more than anything.
- AOB:
Hal: Notes that Jahan will be speaking at RSA on SAML, and Hal will
be following with an XACML talk. RLBob: He's speaking Thursday on
UI issues, with a SAML connection.
Late arrivers: Jahan.
Adjourned.
--
Eve Maler +1 425 947 4522
Technology Director eve.maler @ sun.com
CTO Business Alliances group Sun Microsystems, Inc.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]