OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Minutes of 20 February 2001 Security Services TC telecon

Minutes of the OASIS Security Services Technical Committee telecon
20 February 2001

- Membership report: new/removed members (Heather)

   10 new members (effective at this meeting):

     Bill Perry (Aventail)
     Tim Winston (Aventail)
     Marc Fastiggi (Crosslogix)
     Ken Yagen (Crosslogix)
     Gilbert Pilz (Jamcracker)
     David McNeely (Netscape)
     Adam Prishtina (Netscape)
     Evan Prodromou (Outlook)
     Herb Erickson (SilverStream)
     Alan Byrne (Vordel)

   5 removed members (effective after this meeting's roll call):

     Norbert Mikula (DataChannel)
     Britta Glade (Securant)
     Arny Epstein (SilverStream)
     Sai Allavarpu (Sun)
     Brian Schussler (Sun)

- Roll call (Heather)

   Attendance list appears at the end of these minutes.  Quorum reached.

- Approval of minutes for the last telecon

   Original minutes:

   Dave Orchard's suggested corrections:

   No objections to David's modifications.  Eve will update minutes
   and will post "merged" minutes to TC list.  [DONE]

- Approval of/additions to this agenda

   No additions; current agenda approved.

- What do we think about creation of a new TC on an access control

   Simon Blackwell's proposal:

   Bob expressed concern that this will overload the current work effort
   and the participants, in part because these are the people that will
   want to be involved in any access control efforts.

   Eve reviewed OASIS rules, including the 45-60 day wait time to set up
   a new TC.

   Jeremy asked for clarification of what their access control policy is
   doing: Is it putting AC on an XML document, or is it attempting to use
   XML to describe access control requirements for other resources?
   Simon and Ernesto described their approach, which is to provide access
   control roles to the content in an XML document.

   Suggestion was made to start the 45-60 day countdown period and run
   discussions of the "role" of this proposal in parallel with TC work.
   Ideally we can provide a way to work in parallel with liaison between
   the groups.

   Question: Is this the right place for this work (over, say, W3C). Many
   want to be involved in this work but would like to overload our
   individual workloads.

- Naming of our specification suite

    Results of the Evite poll were roughly as follows:

      SAML   22
      A2ML   14
      XCES    5
      Sussex  3
      AXCES   2

   Motion to "Accept SAML (Security Assertion Markup Language) as the
   name of this working group" passed. Numbers provided below attendance

- Collecting contact info for everybody

   Bob suggested putting message on list asking people to volunteer their
   personal information (including time zones) and mark this information
   as for the chair's use or for the web site (and therefore public

   ACTION: Eve to ask people to send her private mail with their phone
   numbers and preferences, and collate and distribute it as appropriate.

- Considering the date for our next F2F(s)

   OASIS has a meeting in Chicago 14-17 May; do we want to consider
   holding a F2F at it?

   The OASIS May dates conflict with the Oakland IEEE Security and
   Privacy event, but maybe we can tack a meeting onto the end of that.
   (See ieee- security.org.)

   ACTION: F2F #1 attendees to bring up-to-date calendars with them so we
   can plan F2F #2 and beyond.

   ACTION: Eve to ask for lists of "no go" dates for those people who are
   not attending F2F #1.

F2F #1
- Any questions on administrative stuff?
- I'm looking for volunteers for recording secretary

   ACTION: Interested parties to contact Eve with their willingness to
   take minutes and roll at the F2F.

- Goals and mode of working at the F2F

   Much discussion on role of subcommittees and their role in making
   recommendations to the TC. Subcommittee should be able to make
   recommendations, including what is in and out of scope, and the whole
   TC has the option of accepting this work as is, modifying and then
   accepting, or referring the work back to the subcommittee.  We decided
   to let subgroups pick their own means of voting on recommendations.

   ACTION: Bob B. to distribute a document that describes the process,
   the Robert's Rules surrounding it, and his expectations on how to send
   back and forth between TC and subcommittees.  TC members should
   respond to this with their comments.

Subgroup reports

- Use Cases and Requirements (security-use) (Darren Platt)

   Strawman #2 distributed last Friday. Will roll in comments/revisions
   by this Friday. There are about 8 detailed scenarios. Majority of work
   is on issues list. Trying to come up with resolutions for these
   issues. Trying to create a process to define requirements so can make
   clear decision on whether to include in document or not. Focusing on
   single- sign-on, session management.

- Core Assertions (security-core) (Phil Hallam-Baker)

   Either do revocation properly or not at all. Biggest problem with
   X.509 is that CRLs were intended to be simple and this had other mind-
   boggling consequences. Phil was hoping to use a lot of the X-TASS text
   as a framework for this group, but we will probably have to consider
   it as an individual submission until the subgroup can meet on it.

- Protocols (security-protocol) (Tim Moses)

   First draft prepared. Has received no comments on the document.
   <sniff> It is roughly consistent with use cases.  Will make amendments
   and get a new draft to Bob by Monday.

- Bindings (security-bindings) (Prateek Mishra)

   Have put together a strawman document (several weeks ago) with
   discussion since then. Would like to have a con-call with bindings
   group and get revised document by Monday.

- Conformance Suite (security-conform) (Krishna Sankar)

   They are still dormant.  Bob B suggested that they review sections of
   the spec with an eye towards clarifying which parts are normative.

- Security Considerations (security-consider) (Jeremy Epstein)

   Have added Privacy Considerations to the scope of this subgroup.

- Coordinating editor (Bob Blakley)

   Bob will try to put together an initial draft of the entire document;
   he needs drafts from the relevant subcommittees by COB Monday so that
   he can put together a complete document for distribution to the TC
   prior to the F2F.

   Jeff gets a free dinner for being the only person submitting a report
   (glossary) in HTML! Everything has been PDF or Word.

   Document guidelines are progressing well and getting close to done. We
   will have consistent IETF-type naming standards for the documents.
   There will be requirements inside the documents for metadata that must
   be there. Documents will be posted by sending to
   mailto:security-editors@lists.oasis-open.org; one of the "publishing
   editors" will lick the document into shape and put it on the website.

Liaison reports
No report requests sent to Eve.

Encryption (Eve): has touched base with Joseph Reagle of W3C, who is
chairing the new Encryption WG.  We have an arrangement to review each
other's requirements documents.

ebXML (Brian Eisenberg): SOAP and EBMLX TRP message headers are now
working together.

XKMS Encryption (Phil): There is a developers' meeting immediately
following the XKMS meeting on March 1.

Next meeting
There will be a short "subgroup leaders" telecon on 27 February, but our
next official meeting will be 2 March.

ACTION: All to respond to Evite invitation for F2F #1.

ACTION: Heather to set up a call-in number for the informal telecon next

Adjourned at 2pm ET.

Tim Winston             Aventail
John Baker              Axent
Stephen Farrell         Baltimore
Patrick McLaughlin      Baltimore
Irving Reid             Baltimore
Greg Wilson             Baltimore
Krishna Sankar          Cisco
Zahid Ahmed             CommerceOne
Carlisle Adams          Entrust
Alex Berson             Entrust
Robert Griffin          Entrust
Tim Moses               Entrust
Nigel Edwards           HP
Joe Pato                HP
Maryann Hondo           IBM
Kelly Emo               Jamcracker
David Orchard           Jamcracker
Sumner Blount           Netegrity
Dave Jablon             Netegrity
Prateek Mishra          Netegrity
Adam Prishtina          Netscape
Jeff Hodges             Oblix
Charles Knouse          Oblix
Steve Anderson          OpenNetwork
Duane Hamilton          OpenNetwork
Michael Lyons           OpenNetwork
Evan Prodromou          Outlook
Eric Olden              Securant
Darren Platt            Securant
Eve Maler               Sun
Paul Ashley             Tivoli
Bob Blakley             Tivoli
Marlena Erdos           Tivoli
Heather Hinton          Tivoli
Sridhar Muppidi         Tivoli
Mark Vandenwauver       Tivoli
Philip Baker            Verisign
Alan Byrne              Vordel
Tony Palmer             Vordel
Jeremy Epstein          webMethods

Vote on Naming Results: (yes: 33, no: 2, abstain: 4)

Carlisle Adams          Y
Zahid   Ahmed           Y
Steve   Anderson        Y
John    Baker           Y
Philip  Baker           Y
Alex    Berson          Y
Bob     Blakley         Y
Alan    Byrne           Y
Nigel   Edwards         Y
Kelly   Emo             Y
Marlena Erdos           Y
Stephen Farrell         Y
Robert  Griffin         Y
Duane   Hamilton        Y
Jeff    Hodges          Y
Maryann Hondo           Y
Dave    Jablon          Y
Charles Knouse          Y
Michael Lyons           Y
Patrick McLaughlin      Y
Prateek Mishra          Y
Tim     Moses           Y
Sridhar Muppidi         Y
Eric    Olden           Y
David   Orchard         Y
Tony    Palmer          Y
Joe     Pato            Y
Darren  Platt           Y
Adam    Prishtina       Y
Irving  Reid            Y
Krishna Sankar          Y
Mark    Vandenwauver    Y
Tim     Winston         Y
Sumner  Blount          N
Evan    Prodromou       N
Jeremy  Epstein         A
Heather Hinton          A
Eve     Maler           A
Greg    Wilson          A
Eve Maler                                          +1 781 442 3190
Sun Microsystems XML Technology Center    eve.maler @ east.sun.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC