OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Draft Minutes SSTC Call - May 23, 2006


OASIS SSTC conference call minutes, 2006-05-23
By: Paul Madsen


1. Roll Call & Agenda Review

Quorum achieved

Attendance

Roll to be added by Steve

2. Approve minutes from May 9 con-call
http://lists.oasis-open.org/archives/security-services/200605/msg00023.html

Jeff: Move to approve
Rob: Seconded

Approved

3. Informational

a. Five CD drafts in public review -

http://lists.oasis-open.org/archives/security-services/200605/msg00013.html

Hal:Broadacst in various lists. Chairs will update web page

Call for disclosure

http://lists.oasis-open.org/archives/security-services/200605/msg00017.html

Hal:Anybody with IPR should disclose

b. "Lightweight" SAML & Liberty Session
http://lists.oasis-open.org/archives/security-services/200605/msg00011.html

Hal: What does lightweight SAML mean?
Scott: IETF lists heating up, heading towards another BOF at next 
meeting (Montreal)
Nick: Area Director indicated that this will become a Working Group

c: Status of Technical Overview

John: No explicit action from last minutes for taking Technical Overview 
forward
Hal:What is status?
Rob: in my hands, Eve, Nick, and I have been working on Draft 09. Trying 
to get it to point for posting in next week or so

AI: Rob to get v09 out for next week

d.  Google use of SAML for search appliance
   
Hal: details and link available on SAML Dev

4. Active Threads

a. Shared Credentials
http://lists.oasis-open.org/archives/security-services/200605/msg00021.html

Ashish: we submitted updated version adter feedback. Updated RAC 
protocol extension, schema and discussion document to reflect feedback 
from Scott.
The AuthnContext extension was not impacted. We are wondering how to 
move forward. What steps?
Prateek: Just ask for CD vote
Scott: yup, we just need to schedule a vote so that people know when to 
review
Hal: June 6th?
Jeff: Sure
Hal: comment on list as well

AI: Chairs to add agenda item for vote for next call


b. Options for correction of LDAP/X.500 attr profile 
http://lists.oasis-open.org/archives/security-services/200605/msg00022.html

Hal: Scott posted on LDAP X.509 attribute item?
Scott: fulfilling an action item, attempt at a comprehensive list of options
Prateek: issue is?
Scott: if you say type is string, then you can't have attributes. I 
presented 5 different approaches, none are really errata \
but the profile is broken so what is the process?
Rob: should be a new release.
Scott: overkill
Hal: errata meant to bring things back to original intent, not
Greg: if we had known this before going final, what would we have done?
Scott: recommending #3, move encoding attribute up to the attribute 
element, where it is permitted through wildcarding.
Other attribute profiles do this. People had originally thought of doing 
$4 which is DCE profile, implication is that we'd need
anotehr schema doc (not part o 2.0 ZIP). Other reasons not to like this 
as well
Prateek: do other profiles add attributes?
Scott: yes, XACML.
Hal: conflict between desire to leave 2.0 alone and need to fix this
Greg: is anybody using it?
Scott: somewhat, this is the one that shouldn't be left broken. #5 is 
effectively 'leave things alone'. Shib has referenced this from
some community docs and this is untenable
Hal: does this have an errata number?, - 53
RL Bob: can't ignore this - lots of interest in this
Hal: especially as SAML 2 being picked up by ITU-T
John: UK government as well
Scott: resolve by next call, people need to review
Greg: viable option to just drop the encoding?
Scott: That would be #2, the names would have to imply the encoding 
rules. Dicey to depend on absence of attribute
RL Bob: idea of multiple encodings is speculative ....
Hal: ITU-T cares about X.500. Need to come to conclusion soon. Eggs will 
be broken ..
Greg: maybe eveybody can rank Scott's options as to preference
Hal: or Eve's Quaker pole, e.g. what's your favourite and what can you 
live with
Greg: another alternative to solving the issue would be
    a) remove the x500:Encoding attribute and document that the LDAP 
encoding uses xsi:type string and base64Binary
    b) document that other encodings should define new types
 
Scott: I think this is #2
Greg: we could drop the attribute and just document that how the LDAP 
encoding is signified
Scott: yes, this would be clarification for #2
Hal: lets move to list

5. Errata review
http://lists.oasis-open.org/archives/security-services/200605/msg00024.html

PE53 - is the X.500 error discussed above, has the wrong name, cut and 
paste error

PE43 - is what Scott just posted, encryption profile changes, Scott made 
minor changes, Text hasn't changed.
Like to get this voted in.

Scott: move to approve
Greg: Second
 
approved

PE49 - has been open for a while. Scott feels not ready for a vote. 
Scott will ahve something for next call

PE50 - Conformance doc and clarification on SSL Cipher Suite

is Eric on the call? Been here for a while.

Greg: move to approve
Scott: second

approved

PE52 - following thread with Rob and Scott?

Scott: I wrote the text so I think its Rob's call on clarifications
Rob: Yup, haven't been able to get to it

AI; Rob to propose text for PE52

6. Open AIs

#0250: PE 43
Owner: Heather Hinton
Status: Open
Assigned: 2006-02-13
Due: ---

closed

#0238: Plan for red-line versions of SAML 2.0
Owner: Eve Maler
Status: Open
Assigned: 2005-11-08
Due: ---

open

#0240: Status of SAML 2.0 submission to ITU T
Owner: Abbie Barbir
Status: Open
Assigned: 2005-11-08
Due: ---

open pending word from ITU-T

#0257: authentication context and shared credentials
Owner: Paul Madsen
Status: Open
Assigned: 2006-04-10
Due: 2006-04-30

closed

#0259: Propose text to resolve PE 49 - Clarification on attribute name
format (The relationship between an attribute's NameFormat and its
syntax is not clear.)
Owner: Scott Cantor
Status: Open
Assigned: 2006-04-26
Due: 2006-05-15

open

#0260: Create document of requested enhancements
Owner: Eve Maler
Status: Open
Assigned: 2006-05-23
Due: 2006-06-15

Eve on vacation

open

7. AOB

7a: New attribute issue, possible RFE

Some objections for language in Core about the limitation in core that
says all AttributeValue elements have to share the same xsi:type, if 
any. CUrrently baked into core

Two options

- put it into RFE list (scott's view
- errata

Scott will start a thread on list

7b: Additional item on X.500 LDAP support,

RL Bob: option tags are LDAP feature, wanted to use 'language tags' but 
no support in the LDAP profile.

Hal: Likely an RFE

Next call scheduled on June 6

Close



-- 
Paul Madsen             e:paulmadsen @ ntt-at.com
NTT                     p:613-482-0432
                        m:613-302-1428
                        aim:PaulMdsn5
                        web:connectid.blogspot.com 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]