[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Minutes of 20 February 2001 Security Services TC telecon
Minutes of the OASIS Security Services Technical Committee telecon 20 February 2001 Administrative ============== - Membership report: new/removed members (Heather) 10 new members (effective at this meeting): Bill Perry (Aventail) Tim Winston (Aventail) Marc Fastiggi (Crosslogix) Ken Yagen (Crosslogix) Gilbert Pilz (Jamcracker) David McNeely (Netscape) Adam Prishtina (Netscape) Evan Prodromou (Outlook) Herb Erickson (SilverStream) Alan Byrne (Vordel) 5 removed members (effective after this meeting's roll call): Norbert Mikula (DataChannel) Britta Glade (Securant) Arny Epstein (SilverStream) Sai Allavarpu (Sun) Brian Schussler (Sun) - Roll call (Heather) Attendance list appears at the end of these minutes. Quorum reached. - Approval of minutes for the last telecon Original minutes: http://lists.oasis-open.org/archives/security-services/200102/msg00012.html Dave Orchard's suggested corrections: http://lists.oasis-open.org/archives/security-services/200102/msg00024.html No objections to David's modifications. Eve will update minutes and will post "merged" minutes to TC list. [DONE] - Approval of/additions to this agenda No additions; current agenda approved. - What do we think about creation of a new TC on an access control language? Simon Blackwell's proposal: http://lists.oasis-open.org/archives/security-services/200102/msg00023.html Bob expressed concern that this will overload the current work effort and the participants, in part because these are the people that will want to be involved in any access control efforts. Eve reviewed OASIS rules, including the 45-60 day wait time to set up a new TC. Jeremy asked for clarification of what their access control policy is doing: Is it putting AC on an XML document, or is it attempting to use XML to describe access control requirements for other resources? Simon and Ernesto described their approach, which is to provide access control roles to the content in an XML document. Suggestion was made to start the 45-60 day countdown period and run discussions of the "role" of this proposal in parallel with TC work. Ideally we can provide a way to work in parallel with liaison between the groups. Question: Is this the right place for this work (over, say, W3C). Many want to be involved in this work but would like to overload our individual workloads. - Naming of our specification suite Results of the Evite poll were roughly as follows: SAML 22 A2ML 14 XCES 5 Sussex 3 AXCES 2 Motion to "Accept SAML (Security Assertion Markup Language) as the name of this working group" passed. Numbers provided below attendance list. - Collecting contact info for everybody Bob suggested putting message on list asking people to volunteer their personal information (including time zones) and mark this information as for the chair's use or for the web site (and therefore public consumption). ACTION: Eve to ask people to send her private mail with their phone numbers and preferences, and collate and distribute it as appropriate. [DONE] - Considering the date for our next F2F(s) OASIS has a meeting in Chicago 14-17 May; do we want to consider holding a F2F at it? http://lists.oasis-open.org/archives/security-services/200102/msg00021.html The OASIS May dates conflict with the Oakland IEEE Security and Privacy event, but maybe we can tack a meeting onto the end of that. (See ieee- security.org.) ACTION: F2F #1 attendees to bring up-to-date calendars with them so we can plan F2F #2 and beyond. ACTION: Eve to ask for lists of "no go" dates for those people who are not attending F2F #1. F2F #1 ====== - Any questions on administrative stuff? - I'm looking for volunteers for recording secretary ACTION: Interested parties to contact Eve with their willingness to take minutes and roll at the F2F. - Goals and mode of working at the F2F Much discussion on role of subcommittees and their role in making recommendations to the TC. Subcommittee should be able to make recommendations, including what is in and out of scope, and the whole TC has the option of accepting this work as is, modifying and then accepting, or referring the work back to the subcommittee. We decided to let subgroups pick their own means of voting on recommendations. ACTION: Bob B. to distribute a document that describes the process, the Robert's Rules surrounding it, and his expectations on how to send back and forth between TC and subcommittees. TC members should respond to this with their comments. Subgroup reports ================ - Use Cases and Requirements (security-use) (Darren Platt) Strawman #2 distributed last Friday. Will roll in comments/revisions by this Friday. There are about 8 detailed scenarios. Majority of work is on issues list. Trying to come up with resolutions for these issues. Trying to create a process to define requirements so can make clear decision on whether to include in document or not. Focusing on single- sign-on, session management. - Core Assertions (security-core) (Phil Hallam-Baker) Either do revocation properly or not at all. Biggest problem with X.509 is that CRLs were intended to be simple and this had other mind- boggling consequences. Phil was hoping to use a lot of the X-TASS text as a framework for this group, but we will probably have to consider it as an individual submission until the subgroup can meet on it. - Protocols (security-protocol) (Tim Moses) First draft prepared. Has received no comments on the document. <sniff> It is roughly consistent with use cases. Will make amendments and get a new draft to Bob by Monday. - Bindings (security-bindings) (Prateek Mishra) Have put together a strawman document (several weeks ago) with discussion since then. Would like to have a con-call with bindings group and get revised document by Monday. - Conformance Suite (security-conform) (Krishna Sankar) They are still dormant. Bob B suggested that they review sections of the spec with an eye towards clarifying which parts are normative. - Security Considerations (security-consider) (Jeremy Epstein) Have added Privacy Considerations to the scope of this subgroup. - Coordinating editor (Bob Blakley) Bob will try to put together an initial draft of the entire document; he needs drafts from the relevant subcommittees by COB Monday so that he can put together a complete document for distribution to the TC prior to the F2F. Jeff gets a free dinner for being the only person submitting a report (glossary) in HTML! Everything has been PDF or Word. Document guidelines are progressing well and getting close to done. We will have consistent IETF-type naming standards for the documents. There will be requirements inside the documents for metadata that must be there. Documents will be posted by sending to mailto:security-editors@lists.oasis-open.org; one of the "publishing editors" will lick the document into shape and put it on the website. Liaison reports =============== No report requests sent to Eve. Encryption (Eve): has touched base with Joseph Reagle of W3C, who is chairing the new Encryption WG. We have an arrangement to review each other's requirements documents. ebXML (Brian Eisenberg): SOAP and EBMLX TRP message headers are now working together. XKMS Encryption (Phil): There is a developers' meeting immediately following the XKMS meeting on March 1. Next meeting ============ There will be a short "subgroup leaders" telecon on 27 February, but our next official meeting will be 2 March. ACTION: All to respond to Evite invitation for F2F #1. ACTION: Heather to set up a call-in number for the informal telecon next Tuesday. Adjourned at 2pm ET. Attendees ========= Tim Winston Aventail John Baker Axent Stephen Farrell Baltimore Patrick McLaughlin Baltimore Irving Reid Baltimore Greg Wilson Baltimore Krishna Sankar Cisco Zahid Ahmed CommerceOne Carlisle Adams Entrust Alex Berson Entrust Robert Griffin Entrust Tim Moses Entrust Nigel Edwards HP Joe Pato HP Maryann Hondo IBM Kelly Emo Jamcracker David Orchard Jamcracker Sumner Blount Netegrity Dave Jablon Netegrity Prateek Mishra Netegrity Adam Prishtina Netscape Jeff Hodges Oblix Charles Knouse Oblix Steve Anderson OpenNetwork Duane Hamilton OpenNetwork Michael Lyons OpenNetwork Evan Prodromou Outlook Eric Olden Securant Darren Platt Securant Eve Maler Sun Paul Ashley Tivoli Bob Blakley Tivoli Marlena Erdos Tivoli Heather Hinton Tivoli Sridhar Muppidi Tivoli Mark Vandenwauver Tivoli Philip Baker Verisign Alan Byrne Vordel Tony Palmer Vordel Jeremy Epstein webMethods Vote on Naming Results: (yes: 33, no: 2, abstain: 4) Carlisle Adams Y Zahid Ahmed Y Steve Anderson Y John Baker Y Philip Baker Y Alex Berson Y Bob Blakley Y Alan Byrne Y Nigel Edwards Y Kelly Emo Y Marlena Erdos Y Stephen Farrell Y Robert Griffin Y Duane Hamilton Y Jeff Hodges Y Maryann Hondo Y Dave Jablon Y Charles Knouse Y Michael Lyons Y Patrick McLaughlin Y Prateek Mishra Y Tim Moses Y Sridhar Muppidi Y Eric Olden Y David Orchard Y Tony Palmer Y Joe Pato Y Darren Platt Y Adam Prishtina Y Irving Reid Y Krishna Sankar Y Mark Vandenwauver Y Tim Winston Y Sumner Blount N Evan Prodromou N Jeremy Epstein A Heather Hinton A Eve Maler A Greg Wilson A -- Eve Maler +1 781 442 3190 Sun Microsystems XML Technology Center eve.maler @ east.sun.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC