RE: Agenda for Security Services TC 20 March 2001 telecon/Comments onUC Domain Model

[Krishna Sankar <ksankar@cisco.com>]

Hi,

	Sorry for multiple e-mails, but I wanted to segregate the comments so that
the e-mail chain could make sense.

	The UC Domain Model (affectionately called as the Hal/David Model) is an
excellent start point. Here is my first attempt to combine the four
documents to form a cohesive doc.

	As I write this e-mail, I am not so sure it is clear. Please let me know
what you think.

	In the future, we should have line numbers in all our documents and that
would make it easier for us to discuss.

	0.	The top-level/driving document would be the Architecture
Document(a.k.a.Core group V model)

	1.	The UC Domain Model should contain the sum of all actors and all
relevant entities from the use cases.

	2.	It also should contain *ALL* the assertions which are exchanged between
these entities. As Hal/David pointed out, this gives us all the assertions
we need to model.

	3.	Then the Hal/David diagram would be added to Section 3. of the
Architecture document (a.k.a. Group V Model)
	3.a.	At this point, we would need to have a single glossary, and
definitions.

	4.	We would need to add text to define and explain the relationships and
the assertions at an Architecture level in Section 3. The current Section 4
would be consumed as a sub-section here.

	5.	The protocol section (a.k.a Protocol group model) (Section 5) then
elaborates the protocol for these exchanges, including the acks and other
biz signals, as required. (Now I see the rationale behind the two groups
merge more clearly (duh !))
	6.	We would need to merge the Model sub-section of the protocol group
document in Section 2/3 of the Architecture Document. The Architecture doc
now does not have the concept of security domains and so we should be able
to do a straightforward merge.

	7.	The data structures in the Protocol group Model document (model section)
need to be reconciled with the assertions in the UC domain model. After all,
we are concerned about these data structures and their manifestation.

	8.	Of course, we would merge the Group V model and example documents.

	9.	At this point, we should have one combined document, which could be
version 0.1 of the SAML specification.

	10.	To tell the truth, now I am totally confused ;-) Hope it all make sense

	11.	I am sure all of us would have the documents in front of us during the
con call. I will also have a printed copy and could mark-up the changes as
the discussion progresses. (Not a good idea for all of us to print copies -
too many dead trees ;-0)


cheers
|-----Original Message-----
|From: Eve L. Maler [mailto:eve.maler@east.sun.com]
|Sent: Friday, March 16, 2001 7:59 AM
|To: security-services@lists.oasis-open.org
|Subject: Agenda for Security Services TC 20 March 2001 telecon
|
|
|The theme for this telecon is MODELS.  See below for some homework
|you must
|do for next Tuesday.
|
|Meeting date: Tuesday, 20 March 2000
|Meeting time:
|        GMT         5pm-7pm
|        Eastern     12noon-2pm
|        Central     11am-1pm
|        Pacific     9am-11am
|
|Call-in information (good through 15 May):
|	Domestic call-in number: (800) 377-5653
|	Overseas call-in number: +1 (706) 634-7017
|	Conference name:         OASIS Teleconference
|	Conference leader:       Marc Chanliau
|
|
|Administrative
|==============
|- Membership report: new/removed members (Heather)
|- Roll call (Heather)
|- Approval of minutes for F2F #1:
|
|http://lists.oasis-open.org/archives/security-services/200103/msg00015.html
|- Approval of minutes for the last telecon:
|
|http://lists.oasis-open.org/archives/security-services/200103/msg00024.html
|- Approval of/additions to this agenda
|
|
|F2F #2
|======
|- Location/date information
|- Hotel room requirements
|- Goals for this F2F:
|   . Settle on the final scope issues ("Strawman #5")
|   . Come to final agreement about terminology and models
|   . Enable the subgroups to dig deeply into design work
|
|
|Discussion of models
|====================
|Working on models and terminology is a whole-TC activity; it is not owned
|by any one subgroup, though the subgroups are making excellent progress in
|defining models and working to make them converge.
|
|In this telecon, we will review the three different models submitted so
|far.  Ahead of time, please review the following proposals and the
|comments
|made on them to date (and, if you wish, send additional comments to this
|list).  We are not necessarily looking to end up with a single
|picture, but
|possibly with several pictures, all of which express one "view" onto our
|problem space.  We especially want to test all terminology used in the
|pictures against the common terms we're using elsewhere.
|
|   Use Case domain model (originated Lockhart/Orchard):
|
http://www.oasis-open.org/committees/security/docs/draft-sstc-use-domain-01.
pdf
(or .doc)

   Protocol group model:

http://www.oasis-open.org/committees/security/docs/draft-sstc-protocol-model
-00.pdf
(or .doc)

   Core group V model (originated by Hallam-Baker):

http://www.oasis-open.org/committees/security/docs/draft-sstc-core-vmodel-01
.pdf
(or .doc)

   Core group V model examples:

http://www.oasis-open.org/committees/security/docs/draft-sstc-core-vmodel-ex
amples-01.pdf
(or .doc)


Liaison reports
===============
If you are a liaison, please respond to this message to indicate your
interest in submitting a report at the meeting.

- Should we identify official liaisons for the Shibboleth work?


Next meeting
============
- 3 April 2001 telecon (security-leaders meets on 27 March)
--
Eve Maler                                             +1 781 442 3190
Sun Microsystems XML Technology Development  eve.maler @ east.sun.com


------------------------------------------------------------------
To unsubscribe from this elist send a message with the single word
"unsubscribe" in the body to: security-services-request@lists.oasis-open.org