OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Focus Group Minutes - 2001-aug-14


Focus Group Meeting - 14 August 2001

Minutes - recorded by Joe Pato




Joe Pato

Phillip Hallam-Baker

Don Flinn

Hal Lockhart

Prateek Mishra

Marlena Erdos

Carlisle Adams

Micah Lerner

Irving Reid

Tim Moses

Chris McLaren

Simon Godik

Helmut (VS)

Gil Pilz

Thomas Hardjono

Dave Orchard




1)      administrivia

2)      current discussion items

3)      f2f #4 planning


1) Administrivia:

Don Flinn: will try to set aside 5 additional rooms for f2f #4 (initial 10 already booked)

Prateek: When to freeze documents for F2F? Tuesday end of business.

Latest binding doc? - 04 (but plan to have a new revision next week)


F2F Agenda - items and duration

Dinner plans - joe put out e-vite on cuisine and interest


2) Discussion points:


Dave Orchard:

A)    Introduction of the object element as a container for resources and actions

a.      Prateek doesn't have issue; Phill would like to reorganize that section to make it maximally reusable by XACML.

b.      Prateek would like to keep the simple adjustments suggested by Dave for core-13 and then consider broader changes.

c.      Chris - intent is for the diagram to reflect the F2F; would rather get the document to represent the agreement, and to make broader changes at the next F2F (agreed)

B)     We should require an explicit authentication code and then address how to represent a query that represents <any>

a.      Phill views the agreement that the response needed to carry the code - not the query

b.      Dave - don't want to have an implicit wildcard want to have this explicit.

c.      Issue to be raised at the F2F <action: JOE>

C)    Min-occurs

D)    Attribute Queries - attributes must have a value, min-occurs of 0 for value should not be allowed.

a.      Prateek - there is enthusiastic re-use of attribute element in both query and assertion. Suggestion is that the attribute query type should not refer to an unbounded number of attributes, possibly should refer to attribute name type (a single attribute name - not a collection; the query has a set of 0 or more attribute names) This would be coupled with making the cardinality of attribute type be changed to min-occurs 1.

b.      Dave - would prefer to have a distinguished value that would indicate the wildcard rather than to have an implicit value indicated by a min-occurs of 0. This to be an issue rather - <action: Hal will record as an issue>

c.      Phill would like to have agreement on the renaming changes before applying this change. Cf  Phill's message on renaming proposal.

d.      General agreement on the name changes - <action: Prateek will send e-mail with the proposed resolution in (b) above>.



Phill H-B

A)    Use of substitution groups - use of these by consumers of SAML will not be deterred by our avoidance. We should address the use of substitution groups by the SAML spec as an issue at the next F2F.

a.      Prateek - request for assistance in "schematology" in XML. Looking for a separate evaluation of the aesthetics and practical (implementation) implications of the choices.

b.      Dave won't be at the F2F, but will comment on the results.

c.      While there isn't always enough experience, we need to make best attempt



A)    working on a write-up on anonymity issues and on the configuration of the subject element

a.      issues around the use of the word "authentication"

b.      <action: marlena should be sending out a note shortly>



B)     Issues with "signing" for the binding group

a.      SAML profile of DSIG - need to identify which kind of signature to be used, enveloping or not, attached or not, ... this is a blocking issue for now. Need a broader discussion of this issue.

b.      PHB - this needs to be part of the specification and part of  protocol probably - and good to coordinate with XKMS

C)    Box-caring of SAML request

a.      Will the core group address packaging multiple requests into a single object or is this resolved as a binding issue?

b.      Hal - what is the semantics, can there be cross component references

c.      Simon - concern that the absence of box-caring will lead to clear performance issues

d.      <action: PHB will write a note on how 1.0 might have some difficulties in expressing multiples - and possible directions to relieve this issue>.


3) F2F #4 Planning


 We will work on identifying items and time durations over the next week. <action: Joe will send out a solicitation for agenda items>


We expect to review active issues - but want people to establish clear priorities <action: Hal to make a first pass at prioritization of open issues and correlate to recent document revisions>


Some Items discussed during focus group are of clear interest for the face-to-face:

  1. Address XML style issues: secure someone to lead us through both the aesthetic niceties as well as the practical consequences of making certain representation choices
  2. DSIG use - develop a profile for how we should use XML DSIG
  3. Box-caring - consider how to deal with aggregation (if at all) of messages - as a core issue, as a bindings issue
  4. Address versioning considerations
  5. Bindings and protocol issues - summary of current status. Prateek requested that we address this topic early in the face-to-face
  6. Walk through of Schema and identification of new issues from the draft specifications



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC