Re: [security-services] Minutes for 13 Mar 2007 SSTC telecon, withroll

[Prateek Mishra <prateek.mishra@oracle.com>]

Carolina canales contacted me just as the call ended, reminding me that 
we forgot to publicize the early US time change!

So a late attendee (OK, the meeting started early), but an attendee 
nevertheless...

>> 1. Roll Call & Agenda Review, Find volunteer minute taker
>
> Eve volunteered to take minutes.
>
> Attendance of Voting Members
>   Steve Anderson BMC Software
>
>
>   Conor P. Cahill Intel
>
>
>   Brian Campbell Ping Identity
>
>
>   Scott Cantor Internet2
>
>
>   Jeff Hodges NeuStar
>
>
>   Ari Kermaier Oracle
>
>
>   Chris Laskowski Booz Allen Hamilton
>
>
>
>   Paul Madsen NTT Corporation
>
>
>   Eve Maler Sun Microsystems
>
>
>   Prateek Mishra Oracle
>
>
>   Bob Morgan Internet2
>
>
>   Anthony Nadalin IBM
>
>
>   Ashish Patel France Telecom
>
>
>   Rob Philpott EMC Corporation
>
>
>   Tom Scavo National Center for Supercomputing Applications
>
>
>
>   David Staggs Veteran's Health Admin
>
>
>
>   Eric Tiffany IEEE Industry Standards
>
>
>
>   Greg Whitehead Hewlett-Packard Company
>
>
>
>   Emily Xu Sun Microsystems
>
>
>
> Attendance of Non-Voting Members
>   Abbie Barbir Nortel
>
>
>   George Fletcher AOL
>
>
>
> Membership Status Changes
>   Eric Tiffany IEEE Industry Standards - Member account restored 3/1/2007
>   Senthil Sengodan Nokia - Withdrew from TC 3/2/2007
>   George Fletcher AOL - Membership granted 3/9/2007
>
>> 2. Approve minutes from February 27 con-call
>> http://lists.oasis-open.org/archives/security-services/200702/msg00071.html 
>>
>
> APPROVED by unanimous consent.
>
>> 3. New drafts uploaded
>>
>> (a) Simple Signature Web SSO Profile
>> http://lists.oasis-open.org/archives/security-services/200703/msg00014.html 
>>
>
> Scott: Note that this is a binding (not a profile).  He had some 
> trouble producing HTML, but ultimately managed it using a software 
> tool and a bit of hand-editing.  This is okay to do occasionally but 
> isn't tenable as a regular thing.
>
> AI: Chairs to get SimpleSign to 60-day public review.
>
>> (Voted to public review Jan 30 - chairs need to forward to Mary)
>>
>>
>> (b) CD-01 version of Approved Errata document 
>> http://www.oasis-open.org/archives/security-services/200703/msg00033.html 
>>
>>
>> initiate errata process -
>> http://www.oasis-open.org/committees/process.php#3.5
>
> Eve: Actually we did this last time; this is ready to go to public 
> review now, having been edited into CD form.
>
> AI: Chairs to get Approved Errata to 15-day public review.
>
>> (c) Technical Overview v13
>> http://www.oasis-open.org/archives/security-services/200702/msg00052.html 
>>
>
>> We had planned on a CD and public review vote today.
>
> MOVED by Abbie, SECONDED by RLBob to move IdP Discovery doc to CD 
> status.  APPROVED by unanimous consent.
>
> MOVED by JeffH, SECONDED by Abbie to move the IdP Discovery CD to 
> public review.  APPROVED by unanimous consent.
>
> Eve: Asks for clarification: are we instructing the editor (Paul) to 
> incorporate edits as suggested by Eve and Tom prior to CD 
> publication?  Prateek: No, we'll catalog these as the first wave of 
> "public review" comments and save them for later.
>
> AI: Editor (Paul) to prepare Tech Overview for CD publication.
>
>> (d) draft-sstc-saml-idp-discovery-03.pdf uploaded 
>> http://lists.oasis-open.org/archives/security-services/200703/msg00028.html 
>>
>
> Current status is that we're requesting comment preparatory to 
> entertaining a CD/public review vote next time.
>
>> 4. Active Threads
>>
>> (a) Untrusted Service Provider Profile
>> http://lists.oasis-open.org/archives/security-services/200702/msg00075.html 
>>
>
> No action.
>
>> (b) Assertion signing confusion 
>> http://lists.oasis-open.org/archives/security-services/200703/msg00003.html 
>>
>
> No action.  The confusion was cleared up in errata already.
>
>> (c) AuthnContextDecl and AuthnContextDeclRef 
>> http://lists.oasis-open.org/archives/security-services/200703/msg00004.html 
>>
>
> No action; we think the spec text is as good as we can make it.  If 
> someone (Eric?) wants to suggest better text, we can entertain it.
>
> AI: Eric to either propose text to improve AuthnContextDecl/Ref 
> confusion or indicate that there's no need.
>
>> (d) Comments on Tech Overview rev 13 
>> http://lists.oasis-open.org/archives/security-services/200703/msg00019.html 
>>
>
> This link is to a followup; the original comments in totality are at:
>
> http://lists.oasis-open.org/archives/security-services/200703/msg00016.html 
>
>
> First issue: Should the two outermost steps in flows ("access 
> resource" and "supply resource") use dotted lines or solid lines? 
> Currently the first is solid and the last is dotted!  So regardless, 
> something has to change.  The sentiment on the call was to make them 
> solid, so as not to needlessly confuse people about what's being 
> accomplished by the flow.  (The "challenge for credentials" and "user 
> login" steps are appropriately dotted because it could be multiple 
> challenge steps etc.  We're not willing to change it to be a single 
> dotted-double arrow line, though, since that would change the 
> numbering and be very invasive to the spec text.)
>
> AI: Editor (Paul) to change final arrows to solid in Tech Overview 
> diagrams throughout.
>
> Second issue: Should the swoopy redirect arrows be changed to a pair 
> of arrow steps, the way POST is?  No, it's not that important and 
> anyway it shows at a glance which binding is being used in the 
> diagram.  No action.
>
>> (e) NZ gov use case 
>> http://lists.oasis-open.org/archives/security-services/200703/msg00022.html 
>>
>
> No action; Collin isn't on the call.
>
>> 5. AIs
>>
>> #0279: Investigate relationship between ID-WSF and SOAP SSO profile 
>> Owner: Greg Whitehead Status: Open Assigned: 2007-03-12 Due: --- 
>
> Greg continues to investigate (though he is not at the Liberty interim 
> meeting this week and is hampered from pursuing it right away 
> therefore).  Keep AI open.  Eve will ask Hubert to bring it up in the 
> interim meeting.
>
>> #0278: Ari to respond to comments on x.509-attribute profile version 
>> 11 Owner: Ari Kermaier Status: Open Assigned: 2007-03-12 Due: --- 
>
> Ari and Tom agreed that Tom will produce rev 12, including lots of 
> editorial corrections and some resolutions on Tom's more substantive 
> comments.
>
> AI: Website editor (Paul -- but can delegate back to Eve if necessary) 
> to add links to all the latest new documents, most particularly the 
> errata redlines so that new readers of the specs see that first.
>
> AI: Ashish Patel to report on next steps on his/Paul's draft that has 
> gone through public review.
>
> ADJOURNED at x:43.
>