OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [security-services] Minutes, SSTC Concall, Feb 12, 2008 (WithAttendance Data)


Please ignore the "*" after some of the attendees. It is a result of the 
copy/paste, find/replace exercise from the Oasis website.

Anil Saldhana wrote:
> 
> 
> Tom Scavo wrote:
>> On Feb 11, 2008 6:24 PM, Hal Lockhart <hlockhar@bea.com> wrote:
>>> Proposed Agenda SSTC Concall, Feb 12, 2008
>>>
>>> Dial in info: +1 865 673 6950
>>> Access code: 270-9441#
>>>
>>> Roll Call & Agenda Review
> 
> Voting Members:
> Hal Lockhart     BEA Systems, Inc.
> Rob Philpott     EMC Corporation
> Scott Cantor     Internet2
> Bob Morgan     Internet2
> Eric Tiffany     Liberty Alliance Project
> Tom Scavo     National Center for Supercomputing Applica...
> Frederick Hirsch Nokia Corporation*
> Paul Madsen     NTT Corporation*
> Ari Kermaier     Oracle Corporation
> Brian Campbell     Ping Identity Corporation*
> Anil Saldhana     Red Hat
> Emily Xu     Sun Microsystems
> Kent Spaulding     Tripod Technology Group, Inc.
> David Staggs     Veterans Health Administration
> 
> Quorum Achieved: 14 out of 21 voting members.
> 
> Non Voting Members:
> George Fletcher      AOL*
> 
> Observer:
> Sampo Kellomki     Symlabs, S.A.
> 
> Lost Voting Status:
> Steve Anderson, BMC
> 
> 
>>
>> Anil took roll (for the first time!).
>>
>> Hall asked if there were any additions/corrections to the Agenda.
>> There were none.
>>
>>> Need a volunteer to take minutes
>>
>> Tom Scavo volunteered.
>>
>>> 1. Approve minutes from Jan 29, 2008
>>> http://lists.oasis-open.org/archives/security-services/200802/msg00001.html 
>>>
>>
>> Minutes approved unanimously by SSTC.
>>
>>> 2. Administrative
>>>
>>> 2.1 SAML XML.org Focus Area
>>>
>>> Question posted
>>> http://lists.oasis-open.org/archives/security-services/200802/msg00002.html 
>>>
>>
>> Encourage members to respond to questions on saml.xml.org.  How does
>> this compare to saml-dev mailing list?  Should we bridge the two
>> mailing lists somehow?
>>
>>> 3. Document Status
>>>
>>> 3.1 Public Review of Five specifications ended on February 9th
>>> http://lists.oasis-open.org/archives/security-services/200712/msg00040.html 
>>>
>>>
>>> I can find no comments posted. Next Step?
>>
>> No public comments.  Some internal comments.  Another round of CDs is
>> not necessary.  Next step is Committee Specification?  Can't vote
>> until after 7 days.  Do nothing until next meeting.
>>
>>> 3.2 Technical Overview
>>> http://www.oasis-open.org/committees/download.php/25411/sstc-saml-tech-overview-2.0-draft-14.pdf 
>>>
>>>
>>> Ready for CD vote?
>>
>> The Tech Overview has been dormant since last fall.  Brian recently
>> posted some comments:
>>
>> http://www.oasis-open.org/archives/security-services/200802/msg00005.html
>>
>> Discussion regarding Brian's comments should be redirected to the 
>> mailing list.
>>
>> Frederick H. also has some comments.  He will post them to the mailing 
>> list.
>>
>> Action regarding the Tech Overview is deferred until the next call.
>> SSTC members are encouraged to read the document and provide feedback
>> on the mailing list.
>>
>>> 3.3 Subject-based Profiles for SAML V1.1 Assertions
>>> http://lists.oasis-open.org/archives/security-services/200801/msg00003.h
>>> tml
>>> and definition of "strongly matches"
>>> http://lists.oasis-open.org/archives/security-services/200801/msg00025.h
>>> tml
>>>
>>> Awaiting further discussion.
>>
>> No substantive discussion has occurred on the mailing list.  Scott has
>> read the document and is fine with it as long as other folks agree
>> that it's okay to tweak some ambiguous definitions in the SAML V1.1
>> spec in the interest of interoperability?  Prime example is
>> SubjectConfirmation.  As long as conformance to the Subject-based
>> Profiles is optional, such alternative definitions should be okay.
>>
>> Hal suggested we let this document stand for the time being.  No
>> action will be taken today.
>>
>>> 4 Errata
>>>
>>> Errata: namespace prefix not defined in [SAML2Prof]
>>> http://lists.oasis-open.org/archives/security-services/200802/msg00000.h
>>> tml
>>
>> Moving forward, has Abby agreed to be responsible for errata?  [Hal
>> thinks so.  Does Abby agree?]  It would be good if all outstanding
>> errata were summarized, perhaps on the mailing list.  [Will Abby do
>> this?  Is this an Action Item?]
>>
>> Scott has a PE assigned to him, but not sure why.  Will be discussed 
>> below.
>>
>>> 5 Other business
>>
>> SSTC observer Sampo Kellomki (Symlabs, S.A.) has a question.  The SSTC
>> has agreed to give informal advice to Sampo.
>>
>> Sampo:  There are gaps in deployments, which SAML addresses.
>> E-governments are developing local profiles.  How do we identify these
>> third-party profiles in SAML so that relying parties interpret the
>> SAML appropriately?
>>
>> Scott:  Identify the profiles, yes, but avoid the versioning problem.
>>
>> Rob:  Specifying attributes in an AuthnRequesst bloats the request and
>> makes it difficult to use the redirect binding, e.g.
>>
>> Hal: Don't we have attribute query that can be used in this case?
>>
>> Scott: One possibility is to write and propose an extension document.
>>
>> Hal: Better yet, begin with an e-mail that defines the problem and its
>> proposed solution.  If sufficient buy-in is not obtained in this
>> manner, then by all means write a document.
>>
>> Sampo: Should I go through Liberty?  (That's one possible avenue, but
>> the consensus seems to be:  no, it may be easier to go one of the
>> routes suggested above.)
>>
>>> 6 Action Items (Report created 11 February 2008 06:20pm EST)
>>>
>>> #0311: Propose specific document changes required for PE-65
>>> Owner: Scott Cantor
>>> Status: Open
>>> Assigned: 2007-10-23
>>> Due: 2007-12-01
>>
>> PE-65 involves documentation regarding second-level status codes.  The
>> specs should make it clear that second-level status codes are optional
>> and consistent throughout.  Scott doesn't know how he ended with that,
>> perhaps the PE number wrong?
>>
>> After some discussion, Scott agreed to carry this AI forward in any 
>> event.
>>
>>> #0322: Bring Anil up to speed as secretary
>>> Owner: Hal Lockhart
>>> Status: Open
>>> Assigned: 2008-01-29
>>> Due: 2008-02-10
>>
>> Closed.
>>
>>> #0323: Make errata on orig spec with correct reference in place of
>>> draft-mealling-uuid-urn-05.txt
>>> Owner: Jeff Hodges
>>> Status: Open
>>> Assigned: 2008-02-11
>>> Due: ---
>>
>> JeffH not on the call.  To provide actual errata text.  This AI 
>> remains open.
>>
>>> #0324: Update doc with correct reference in place of
>>> draft-mealling-uuid-urn-05.txt
>>> Owner: Scott Cantor
>>> Status: Open
>>> Assigned: 2008-02-11
>>> Due: ---
>>
>> Closed (duplicate).
>>
>> Meeting adjourned.  Next call in two weeks (Feb 26, 2008)
>>
>>> Hal
>>
>> Respectfully submitted,
>   Tom Scavo
>   NCSA


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]