[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Minutes of 20 March 2001 Security Services TC telecon
Minutes of the OASIS Security Services Technical Committee telecon 20 March 2001 Please note the ACTION items below. If you see anything that needs correction, please reply to this message. Administrative ============== - Membership report: new/removed members (Heather) No new members. Two members voluntarily moved to observer: Tim Winston and Greg Wilson. - Roll call (Heather) Attendance list appears at the end of these minutes. Quorum reached. - Approval of minutes for F2F #1: http://lists.oasis-open.org/archives/security- services/200103/msg00015.html Accepted. - Approval of minutes for the last telecon: http://lists.oasis-open.org/archives/security- services/200103/msg00024.html Accepted. - Approval of/additions to this agenda Accepted, with a note that that minutes can be found on the group page: http://www.oasis-open.org/committees/security/ F2F #2 ====== - Location/date information Hosted by Netegrity. Information available from the meeting page, which is linked from the group page. - Hotel room requirements Netegrity has group rate at DoubleTree which is walking distance Reserve earlier and get cookies in bed. - Goals for this F2F: . Settle on the final scope issues ("Strawman #5") . Come to final agreement about terminology and models . Enable the subgroups to dig deeply into design work - Attendance requirements: Attendance on first day counts towards good standing. Attendance on second day ONLY does not count towards good standing as you will miss too much information. The 2 days count as one meeting. Note: this is not intended to be an incentive to leave after day 1, but to not punish those FEW people who cannot make both days due to prior commitments. Bob B pointed out that we could move to a "committee as a whole" mode for design work for day 2, meaning that quorum is not as much of an issue. Discussion of models ==================== Models are for the whole TC to decide, though subgroups are doing good work. We may settle on several models, each of which provides a different "view" of the problem space and/or design solution. Much discussion, of which only a very small portion is noted: Hal's diagram answers who has the info and who needs it. It doesn't show a flow. David's diagram captures all static relationships and their cardinality. Bob B. objected to use of the term "credential" in place of what he claims is "authorization information". Some people objected to Bob's raising this issue after all the mailing list discussion. Some people nevertheless agreed with Bob's point. ACTION: Use Case subgroup to discuss again and present their recommendations to the TC. If there is still debate, we may need to move to a TC vote on the appropriate term. Discussion on whether a Policy Enforcement Point (PEP) is allowed to receive more than a Y/N input. Many people came close to categorically stating that if the PEP receives anything more than Y/N, then the PEP must include authorization decision information and is therefore a PDP. Discussion then moved to the possibilibilty of sending the PEP an "entitlement" type piece of information (such as "Heather is entitled to each chips while on the phone") as a more detailed form of a Y/N input (where Heather eating chips is a Y, and "Heather is NOT entitled to eat chips while on the phone" would be a N). ACTION: Use Case subgroup to add examples to the definitions of all the terms found in David's model. ACTION: Use Case subgroup to try to cast each box in Hal's diagram as a (logical) function. The Protocol subgroup's model showed administrative domains, not security domains. Though two domains are shown, we think we should assume that any SAML construct should be standalone enough to survive crossing domains at each stage. In Phill's three-cornered model, we discussed ticket size and usage. ACTION: Bindings group to research and determine the size constraints on a ticket, considering the different versions of browsers, other devices like cell phones, etc. Liaison reports =============== - Should we identify official liaisons for the Shibboleth work? Bob Morgan and Marlena Erdos will be our representatives. Attendance List =============== Bill Perry Aventail Stephen Farrell Baltimore Irving Reid Baltimore Alex Ceponkus Bowstreet Krishna Sankar Cisco Ken Yagen Crosslogix Brian Eisenburg DataChannel Hal Lockhart Entegrity Carlisle Adams Entrust Alex Berson Entrust Robert Griffin Entrust Tim Moses Entrust Ed Simon Entrust Nigel Edwards HP Jason Rouault HP Maryann Hondo IBM Kelly Emo Jamcracker David Orchard Jamcracker Marc Chanliau Netegrity Prateek Mishra Netegrity Adam Prishtina Netscape Jeff Hodges Oblix Charles Knouse Oblix Duane Hamilton OpenNetwork Michael Lyons OpenNetwork Evan Prodromou Outlook Eric Olden Securant Darren Platt Securant Eve Maler Sun Ron Monzillo Sun Aravindan Ranganathan Sun Bob Blakley Tivoli Marlena Erdos Tivoli Heather Hinton Tivoli Sridhar Muppidi Tivoli Mark Vandenwauver Tivoli Bob Morgan UWashington Philip Hallam-Baker Verisign Alan Byrne Vordel Jeremy Epstein webMethods Voting Members removed after missing today's meeting: Taylor Boon Bionetrix Dave Jablon Netegrity Paul Ashley Tivoli Sumner Blount Netegrity Tony Palmer Vordel -- Eve Maler +1 781 442 3190 Sun Microsystems XML Technology Development eve.maler @ east.sun.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC