[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for 13 Mar 2007 SSTC telecon, with roll (Corrected 4/10/2007)
> 1. Roll Call & Agenda Review, Find volunteer minute taker
Eve volunteered to take minutes.
Attendance of Voting Members
Steve Anderson BMC Software
Conor P. Cahill Intel
Brian Campbell Ping Identity
Scott Cantor Internet2
Jeff Hodges NeuStar
Ari Kermaier Oracle
Chris Laskowski Booz Allen Hamilton
Paul Madsen NTT Corporation
Eve Maler Sun Microsystems
Prateek Mishra Oracle
Bob Morgan Internet2
Anthony Nadalin IBM
Ashish Patel France Telecom
Rob Philpott EMC Corporation
Tom Scavo National Center for Supercomputing Applications
David Staggs Veteran's Health Admin
Eric Tiffany IEEE Industry Standards
Greg Whitehead Hewlett-Packard Company
Emily Xu Sun Microsystems
Attendance of Non-Voting Members
Abbie Barbir Nortel
George Fletcher AOL
Membership Status Changes
Eric Tiffany IEEE Industry Standards - Member account restored
3/1/2007
Senthil Sengodan Nokia - Withdrew from TC 3/2/2007
George Fletcher AOL - Membership granted 3/9/2007
> 2. Approve minutes from February 27 con-call
> http://lists.oasis-open.org/archives/security-services/200702/msg00071
> .html
APPROVED by unanimous consent.
> 3. New drafts uploaded
>
> (a) Simple Signature Web SSO Profile
> http://lists.oasis-open.org/archives/security-services/200703/msg00014
> .html
Scott: Note that this is a binding (not a profile). He had some trouble
producing HTML, but ultimately managed it using a software tool and a
bit of hand-editing. This is okay to do occasionally but isn't tenable
as a regular thing.
AI: Chairs to get SimpleSign to 60-day public review.
> (Voted to public review Jan 30 - chairs need to forward to Mary)
>
>
> (b) CD-01 version of Approved Errata document
> http://www.oasis-open.org/archives/security-services/200703/msg00033.h
> tml
>
> initiate errata process -
> http://www.oasis-open.org/committees/process.php#3.5
Eve: Actually we did this last time; this is ready to go to public
review now, having been edited into CD form.
AI: Chairs to get Approved Errata to 15-day public review.
> (c) Technical Overview v13
> http://www.oasis-open.org/archives/security-services/200702/msg00052.h
> tml
> We had planned on a CD and public review vote today.
Motion approved to move Tech Overview to CD status and public review.
Eve: Asks for clarification: are we instructing the editor (Paul) to
incorporate edits as suggested by Eve and Tom prior to CD publication?
Prateek: No, we'll catalog these as the first wave of "public review"
comments and save them for later.
AI: Editor (Paul) to prepare Tech Overview for CD publication.
> (d) draft-sstc-saml-idp-discovery-03.pdf uploaded
> http://lists.oasis-open.org/archives/security-services/200703/msg00028
> .html
MOVED by Abbie, SECONDED by RLBob to move IdP Discovery doc to CD
status. APPROVED by unanimous consent.
MOVED by JeffH, SECONDED by Abbie to move the IdP Discovery CD to public
review. APPROVED by unanimous consent.
> 4. Active Threads
>
> (a) Untrusted Service Provider Profile
> http://lists.oasis-open.org/archives/security-services/200702/msg00075
> .html
No action.
> (b) Assertion signing confusion
> http://lists.oasis-open.org/archives/security-services/200703/msg00003
> .html
No action. The confusion was cleared up in errata already.
> (c) AuthnContextDecl and AuthnContextDeclRef
> http://lists.oasis-open.org/archives/security-services/200703/msg00004
> .html
No action; we think the spec text is as good as we can make it. If
someone (Eric?) wants to suggest better text, we can entertain it.
AI: Eric to either propose text to improve AuthnContextDecl/Ref
confusion or indicate that there's no need.
> (d) Comments on Tech Overview rev 13
> http://lists.oasis-open.org/archives/security-services/200703/msg00019
> .html
This link is to a followup; the original comments in totality are at:
http://lists.oasis-open.org/archives/security-services/200703/msg00016.h
tml
First issue: Should the two outermost steps in flows ("access resource"
and "supply resource") use dotted lines or solid lines?
Currently the first is solid and the last is dotted! So regardless,
something has to change. The sentiment on the call was to make them
solid, so as not to needlessly confuse people about what's being
accomplished by the flow. (The "challenge for credentials" and "user
login" steps are appropriately dotted because it could be multiple
challenge steps etc. We're not willing to change it to be a single
dotted-double arrow line, though, since that would change the numbering
and be very invasive to the spec text.)
AI: Editor (Paul) to change final arrows to solid in Tech Overview
diagrams throughout.
Second issue: Should the swoopy redirect arrows be changed to a pair of
arrow steps, the way POST is? No, it's not that important and anyway it
shows at a glance which binding is being used in the diagram. No
action.
> (e) NZ gov use case
> http://lists.oasis-open.org/archives/security-services/200703/msg00022
> .html
No action; Collin isn't on the call.
> 5. AIs
>
> #0279: Investigate relationship between ID-WSF and SOAP SSO profile
> Owner: Greg Whitehead
> Status: Open
> Assigned: 2007-03-12
> Due: ---
Greg continues to investigate (though he is not at the Liberty interim
meeting this week and is hampered from pursuing it right away
therefore). Keep AI open. Eve will ask Hubert to bring it up in the
interim meeting.
> #0278: Ari to respond to comments on x.509-attribute profile version
> 11
> Owner: Ari Kermaier
> Status: Open
> Assigned: 2007-03-12
> Due: ---
Ari and Tom agreed that Tom will produce rev 12, including lots of
editorial corrections and some resolutions on Tom's more substantive
comments.
AI: Website editor (Paul -- but can delegate back to Eve if
necessary) to add links to all the latest new documents, most
particularly the errata redlines so that new readers of the specs see
that first.
AI: Ashish Patel to report on next steps on his/Paul's draft that has
gone through public review.
ADJOURNED at x:43.
--
Eve Maler +1 425 947 4522
Technology Director eve.maler @ sun.com
CTO Business Alliances group Sun Microsystems, Inc.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]