OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [security-services] Draft minutes from 7 Apr 2009 SSTC call


Eve Maler wrote:
> On Apr 6, 2009, at 7:49 PM, <Mail Display Name> 
> <hal.lockhart@oracle.com> wrote:
>> Roll Call & Agenda Review
Voting Members
=============
> Hal Lockhart Oracle Corporation (Co-Chair)
> Rob Philpott  EMC Corporation
> John Bradley Individual
> Jeff Hodges Individual
> Scott Cantor Internet2
> Nathan Klingenstein Internet2
> Bob Morgan Internet2
> Tom Scavo NCSA
> Frederick Hirsch Nokia Corporation
> Paul Madsen NTT Corporation
> Ari Kermaier Oracle Corporation
> Kent Spaulding Skyworth TTG Holdings Limited
> Eve Maler Sun Microsystems
> Emily Xu Sun Microsystems
> David Staggs Veterans Health Administration
>
> Members
==============
> Brian Campbell Ping Identity Corporation
> Srinath Godavarthi Nortel
> Thomas Hardjono M.I.T.  (Co-chair)
Quorum:  15 out of 17 voting members
Membership Status Change:  Thomas has been elected co-chair but needs 
next meeting attendance to gain voting status.
> Official attendance to be supplied.  Quorum reached handily.
>
>> Need a volunteer to take minutes
>
> Eve agreed to take minutes.
>
>> 1. Minutes
>>
>> 1.1 Minutes from SSTC/SAML conference call March 24, 2009
>> http://lists.oasis-open.org/archives/security-services/200903/msg00059.html 
>>
>
> Minutes APPROVED by unanimous consent.
>
>> 2. Announcements
>>
>> 2.1 Public Review of SAML 2.0 Profiles
>> http://lists.oasis-open.org/archives/security-services/200903/msg00062.html 
>>
>> Review ends May 25th
>>
>> 2.2 Thomas Hardjono has nominated himself for Co-Chair
>> http://lists.oasis-open.org/archives/security-services/200904/msg00005.html 
>>
>>
>> 2.3 Reminder - Meetings will be every four weeks - Next call May 5
>
> If there's a period of intense work, we can always increase the 
> frequency temporarily, but Hal has removed the alternate meetings from 
> our online calendar through August.
>
>> 3. Document Status
>>
>> 3.1 Diff version of LOA Authncontext Profile Draft 2 uploaded
>> http://lists.oasis-open.org/archives/security-services/200903/msg00053.html 
>>
>>
>>
>> 4. Discussion
>>
>> 4.1 Election of Co-Chair
>
> Hearing no other nominations besides Thomas, a motion was made by Rob 
> and seconded by Bob to accept Thomas Hardjono as co-chair.  Eve spoke 
> in favor.  Motion APPROVED by unanimous consent.
>
> Thomas introduced himself.  Starting in December 2008, he's been 
> working with the MIT Kerberos Consortium.  He started to work with 
> SAML in 2002, while at VeriSign.  (Phill Hallam-Baker was his peer in 
> the CTO's office there.)  Thomas had spent more time on the XACML and 
> XRML efforts at OASIS in that era.  His motivation for nominating 
> himself was to begin contributing more actively to the community, and 
> a formal co-chair role is recognized as constructive contribution by 
> his new employer.
>
> Hal with work with Thomas to get him up to speed on procedures and such.
>
>> 4.2 question on MNI request for SP Lite/IdP Lite
>> http://lists.oasis-open.org/archives/security-services/200903/msg00055.html 
>>
>
> (Kyle Meadors isn't on the call.)
>
> Ari notes that the Liberty folks are still discussing the matter.  The 
> MUST NOT clauses in question seem ill-considered in retrospect.  At 
> the time, the discussion had to do with relieving SPs of an MNI burden 
> if they didn't generally deal with any kind of persistent state.  
> Scott recalls that we didn't want to set this as OPTIONAL because it 
> would somehow make second-class citizens of some implementations (in 
> marketing terms), which indeed does seem weird.  But given experience 
> with last year's conformance testing, Ari observes that some 
> implementors do seem committed to testing both full and lite.
>
> Hal suggests that the answer is to define some additional 
> conformance/operational mode.  Dealing with this in errata doesn't 
> seem appropriate.  Scott isn't not heavily focused on this issue, and 
> so isn't offering assistance to do this.
>
> There's a difference between the capability of supporting a feature 
> and deployment with the feature turned on (or otherwise explicitly 
> exposed).  We don't want to get into deployment 
> configuration/variation questions.
>
>> 5. Other business
>
> XSPA Profile of SAML:
>
> http://lists.oasis-open.org/archives/security-services/200904/msg00007.html 
>
>
> David will add a column to his spreadsheet (attached to the message 
> referenced above) where he'll propose dispositions, in such a way that 
> people can easily track and comment on those proposals.  Hal suggests 
> that we field responses to comments on the list.
>
> Don't miss David's mail, which has a photo from the floor of HIMSS.
>
> Distinguishing Basic HTTP authentication mechanisms from form-auth:
>
> http://lists.oasis-open.org/archives/security-services/200904/msg00008.html 
>
>
> In a project to use SAML with WebDAV, a question has come up.  Let's 
> continue the discussion on the list.
>
> RSA conference:
>
> Hal is speaking on XACML on the Friday.  Come on down!  And the big 
> day-long identity workshop being held on the Monday had 1000 signups.
>
>> 6. Action Items
>>
>> None open
>
> Scott agreed to clean up the errata, so this is pending.
>
>
> Eve Maler                                          eve.maler @ sun.com
> Emerging Technologies Director                    cell +1 425 345 6756
> Sun Microsystems Identity Software                www.xmlgrrl.com/blog



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]