RE: [security-services] Revised Minutes for Jan 16 call

["Anderson, Steve" <Steve_Anderson@BMC.com>]

With attendance data.
--
Steve Anderson
BMC Software

-----Original Message-----
From: Paul Madsen [mailto:paulmadsen@rogers.com] 
Sent: Tuesday, January 16, 2007 6:56 PM
To: oasis sstc
Subject: [security-services] Revised Minutes for Jan 16 call

Dial in info: +1 865 673 6950;
Access code: 270-9441#

1. Roll Call & Agenda Review, Find volunteer minute taker

Attendance of Voting Members

  Bhavna Bhatnagar Sun Microsystems
  Brian Campbell Ping Identity
  Carolina Canales-Valenzuela Ericsson
  Scott Cantor Internet2
  Heather Hinton IBM
  Frederick Hirsch Nokia
  Dana Kaufman Forum Systems
  Ari Kermaier Oracle
  Hal Lockhart BEA Systems, Inc
  Paul Madsen NTT Corporation
  Eve Maler Sun Microsystems
  Prateek Mishra Oracle
  Bob Morgan Internet2
  Anthony Nadalin IBM
  Ashish Patel France Telecom
  Rob Philpott RSA Security
  Tom Scavo National Center for Supercomputing Applications
  David Staggs Veteran's Health Admin
  Greg Whitehead Hewlett-Packard Company
  Emily Xu Sun Microsystems


Attendance of Non-Voting Members

  Conor P. Cahill Intel


Membership Status Changes

  Toshihiro Nishimura Fujitsu - Withdrew from TC 12/26/2006
  Abbie Barbir Nortel - Returned from LOA on before 1-16-2007 call


Paul Madsen to minute

2. Approve minutes from December 19 con-call

http://www.oasis-open.org/archives/security-services/200612/msg00031.htm
l
(lacks attendance)

Any discussion, no objections, corrected minutes approved unanimously

3. Public Review of SAML-related specifications
Starts 6 January 2007, and ends 7 March 2007

http://www.oasis-open.org/archives/security-services/200701/msg00005.htm
l

Prateek asks people to verify that specs are correctly linked to.

After review, we can move to next stages.

4. New drafts

a) draft-sstc-saml-binding-simplesign-02-diff.pdf
http://www.oasis-open.org/archives/security-services/200701/msg00003.htm
l

Scott uploaded latest revs.

Voted to CD status but issues needed to be resolved. Decision was made 
to pull the doc from review.

Change made in response from implementors. Scott confident of change.

Next step is to revote it to CD and the  60-day public review.

Hal - no need to wait for current review to end.

Prateek - anything else to add to a review bucket?

Scott- I have a discovery proposal but dont think its relevant give the 
time

Hal - let's wait till next time to determine if we can group this with 
other work.

Rob - what about the Technical Overview? Potential for grouping?


b) The debut of the Approved Errata document
http://www.oasis-open.org/archives/security-services/200701/msg00011.htm
l

Eve - please notice/comment key point - this doc has bare changes, tried

to give context. Rationale for changes left to working document (linked 
from this doc)

Could add Section refs to help people, thoughts?

Hal - recommends some motive for change, i.e. 'fixed error'. Didnt want 
the whole thread

Eve - tried to do this with meaningful titles. Can edit accordngly now 
that all errata are in. People should take a look to determine if what 
needs to be changed is clear.

Hal - title 'Approved Errata' is misleading? Will need to vote this doc 
out as per errata process requiring evidence of changes. This doc will 
likely provide model for other TCs.

Eve - WS-Sec has gone through this.

Eve - 'approved' here means that each erratum has gone through 
discussion and consensus. Useful to distinguish between 'approved', 
'working' and 'composite'.

Greg - we've used 'Draft' before

Eve - the distinction is between 'Potential Errata' and 'Errata'

Hal - TC process calls out 'approved errata' as a construct. This is a 
'draft' of an 'approved errata' doc.

Scott - +1

Conor - 'approved' is redundant & confusing

Eve - other doc is 'errata working document'

Hal - if you take WSS as precedent, they do not use 'approved' in title.

Let's take offline.

Eve - anybody else volunteer to take over? Somebody has to keep it 
moving forward. Eve gets defaulted in

On what schedule do we want to be able to add new errata? 62 and 63 are 
open. Do we add them and then close off current session?

Hal - official process says we cant do more errata closer than 6 months 
apart.

Eve - if we close 62,63 and no more come in it would be good time to 
publish.

PE62 -

Scott - pretty non-controversial. Came up in LAP conformance event.

PE63 -

Scott - more discussion here, led off in different directions.

Need to clarify profile's intent, origin in LAP.

Scott moves that both be adopted, Hal seconds, no discussion.

Prateek - no objections, text for PE62 and PE63 accepted.

Eve - LDAP encoding situation, effects E39 & E48. We now have a draft 
profile to which deprecation text can point.

Scott - New profile is at CD and in Public Review.

Scott - need to make sure that his text includes the errata.

Eve - need a note in explanation of E39 & E48 to point at E53? WIll do 
E53 deprecation edit.

Eve - instances of 'TC' where it should be 'tc'? Tom found them.

Eve - plan for voting this to CD on Jan 30.  Eve will try for Jan 23 to 
give people review time. If not, we'll wait another 2 weeks.

AI - chairs to work with Eve to set up vote out for next (or next-next) 
call.

c) sstc-saml-x509-authn-attrib-profile-draft-11-diff.pdf
http://www.oasis-open.org/archives/security-services/200701/msg00018.htm
l

Ari - used wrong draft as base. Needs reworking. One aspect is that he 
used draft 08 rather than CD02. What to do?

Rob - delta is minor changes, contributors list, refs, 'draft' to 'CD'.

Hal - can't remove docs from archive. Upload as new revision of existing

doc.

Ari - OK, will do ASAP.

Ari - other aspect is confusion over goal of this draft. Ari's 
understanding is that CD02 would be taken as base for draft 11. Is this 
what the TC expects? Minutes from Sept 12th are contradictory, is the 
base supposed to be CD02 or draft 10?

Tom - as long as comments submitted during review are addressed, it 
doesnt really matter. Drafts 9 and 10 do incorporate those comments. SO 
thats the advantage of starting at 10.

Ari -  Draft-10 incorporates comments made in response to CD-02

Tom - Chronologically, we have:

CD-02: 28 Mar 2006
Draft-09: 26 Jun 2006
Draft-10: 05 Jul 2006

Prateek - should stay close to doc that was reviewed - so basing on 
draft 10 is preferable?

Ari - alot of comments made sense to incorporate into draft 11, others 
made sense in a different kind of document. Couple of email threads sort

them out.

Rob - concerned that there was a use case that CD02 satisfied for Gov 
......

Prateek - focus was to maintain that

Rob - hard to determine what was approved etc

Hal - we are required to provide an accounting of public review
comments.

Ari - where would we make such notes?

Hal - either list or email message. As long as in archive its OK for
audit

Ari - will work on list. Caveat is that the original comments often 
evolved ....

Tom - he had created a list of all comments, will dig up. Discussed over

email, agreement from threads but no formal votes.

Prateek - next step?

AI: Ari to produce a new draft 11.

d) New agenda item

Technical Overview

Eve - Paul and Eve had looked into docbook formatting, conversion to 
HTML is not trivial. No longer able to publish through Kavi. Better to 
put it in docs.oasis-open.org.

Need to make the TO the explicit starting point to get to specific 
sections and lines etc.

Also need to add code examples from Tom?

AI: Paul M to pick up active editing of TO.

Prateek - so not take to CD until next steps?

Eve - March time frame for CD?

5. Open AIs

#0276: status of documents drafted under the old rules but to be 
finished under the new rules.
Owner: Hal Lockhart
Status: Open
Assigned: 2007-01-15
Due: ---

Hal - posted to list but want to leave open. Current understanding is 
that new obligations will apply to these docs.
------------------------------------------------------------------------
-------- 


#0275: Create links for public review of documents
Owner: Paul Madsen
Status: Open
Assigned: 2007-01-15
Due: ---

Remains open with new interpretation for updating public TC page links
------------------------------------------------------------------------
-------- 


#0274: Correction of SimpleSign document
Owner: Scott Cantor
Status: Closed
Assigned: 2007-01-15
Due: 2007-01-16

------------------------------------------------------------------------
-------- 


#0273: Update Simple Sign Binding to correct problem
Owner: Scott Cantor
Status: Closed
Assigned: 2006-12-19
Due: 2007-01-16

Same as above 274

------------------------------------------------------------------------
-------- 


#0272: Errata around TLS keys in metadata
Owner: Eve Maler
Status: Closed
Assigned: 2006-12-19
Due: 2007-01-16

E62

------------------------------------------------------------------------
-------- 


#0271: submit a draft of an alternative approach to IdP Discovery on 
behalf of Shibboleth Project
Owner: Scott Cantor
Status: Open
Assigned: 2006-12-19
Due: 2007-01-31

------------------------------------------------------------------------
-------- 


#0269: CDize errata based on draft 35
Owner: Eve Maler
Status: Closed
Assigned: 2006-09-25
Due: 2007-01-16

Actually draft 38
------------------------------------------------------------------------
-------- 


#0265: Updated draft of X.509 attribute sharing deployment profile
Owner: Ari Kermaier
Status: Open
Assigned: 2006-09-25
Due: 2007-01-16

see above discussion

-- 
Paul Madsen             e:paulmadsen @ ntt-at.com
NTT                     p:613-482-0432
                        m:613-302-1428
                        aim:PaulMdsn5
                        web:connectid.blogspot.com