[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] SSTC Agenda for 11 Dec 2001
Agenda:
0. Approve Minutes from last call: < http://lists.oasis-open.org/archives/security-services/200111/msg00064.html >
1. Confirm Last-Call process < http://lists.oasis-open.org/archives/security-services/200112/msg00009.html > as amended by Eve: I think sec-conform and glossary must be part of the deliverables.
2. Confirm
Editor Availability:
All editors and the issue list editor will have to confirm their high
availability in December and January to make this work.
3. Review status of milestones
4. Review status of action items - and move to resolution
5. Additional items?
Outreach status
6. Adjourn
Milestones to accomplish:
Publication and Review:
[M1 - Prateek] - publish bindings-07 during week of Dec 3.
Status: Document available 6-Dec < http://lists.oasis-open.org/archives/security-services/200112/msg00028.html > Comments due 12-Dec.
[M2 - Tim, Simon, Irving] - detailed reviews: Tim - section 4.1; Simon - section 3.1; Irving - section 4.2
Status: Comments due 12-Dec.
Simon: http://lists.oasis-open.org/archives/security-services/200112/msg00038.html
[M3 - Prateek] - publish bindings-08 during week of Dec 17.
Open Action Items:
[A3: Prateek] - Section 3.1.5, need to further define error cases
Status: Still open pending issuance of bindings-07, need to confirm core reflects changes
[A4: Prateek] - Section 4.1.1, create a diagram for this section
Status: still open pending -07
[A5: BobB] - Section 4.1.3 472-473, text to clarify construction of ID (w.r.t. uniqueness)
Status: open
[A6: Prateek] - Line 565, capture the threat (leading to requiring a <saml:audience>, then decide to leave it, change it, or strike it
Status: open pending -07
[A7: Simon] - text for "things you might do in step 6"
Staus: proposed text < http://lists.oasis-open.org/archives/security-services/200112/msg00040.html >
[A9: Irving] - line 788-791, provide clarifying language for application level error handling. Tied to Scott's status code proposal
< http://lists.oasis-open.org/archives/security-services/200111/msg00049.html >
Status: open pending -07
[A11: Irving] - line 824-829, Irving to research and propose language to weaken requirement on signing over entire message (body and headers). The proposal is to require signing over assertion headers and body only. Other components are to be signed by agreement between sender and receiver (out of scope for us).
Status: < http://lists.oasis-open.org/archives/security-services/200112/msg00020.html >
pending -07
[A12: Irving] - line 847-848, change "subject" to "sender"
Status: pending -07
[A13: Prateek] - add text on threat model and security counter measures
[A15: Chris] - Write up advice on how to use current approach to generic slots for attributes
Status: Thread beginning: < http://lists.oasis-open.org/archives/security-services/200112/msg00006.html >
[A18: Phill] - completion of error code specification for core
Status: still open
[A20: Prateek] - Need for additional ConfirmationMethod identifiers (Prateek and Phil)
Bindings-06 uses two identifiers not found in core: HolderOfKey and SenderVouches. It is important to understand that no change in schema is being proposed, only new text and constants for Section 5 of core. Prateek to send Phil necessary text.
Status - Still open
[A22: Irving] - core line 752, return code for completeness specifier:
< http://lists.oasis-open.org/archives/security-services/200111/msg00031.html >
Status: still open
[A24: Phill] - Bring together Tim's etc. text for the Authentication mechanism section.
Status - [In progress] still open
[A25: Phill & Eve] - Eve's reorganization of preamble
Status - still open - in Eve's control this week
[A26: Phill] - text on the <RespondWith> option voted for at F2F#5
Status - still open
Closed Issues:
[A1: RLBob] - section 2.4, Bindings/profile registry; Prateek will work with Eve to see if OASIS could serve
< http://lists.oasis-open.org/archives/security-services/200111/msg00044.html >
[Resolution - approved by vote at SSTC telecon Nov. 27]
[A2: Prateek] - Section 3.1.9.2, need to capture SSL version, cipher suites, etc
Resolution - in bindings-07
[A8: RLBob] - Section 4.1.6.1 732-733, provide text for new "for your eyes only" condition element
The FORM Post architecture should not rely on the <Audience> element for target information. A <ForYourEyesOnly> tag is to be included
within core. Bob will provide needed text to Phil.
[Resolution: renamed
targetRestrictions, text submitted to Phill, item closed]
[A10: N/A]
[A14: Phill] - will post to list to try to recover original intent for AssertionSpecifier as subject
[A16: RLBob] - adding context to attribute query; provide text for core document including recommendations for minimum behavior.
[A17: Charles] - to complete proposal for adding failure "reason" for SAML response.
Status: < http://lists.oasis-open.org/archives/security-services/200111/msg00037.html >
closed
[A19: Chris] - eliminate <assertion> and rename <MultipleAssertion> Assertion. Draft text to deal with multiple assertions that are contradictory or cannot be reconciled.
Status: Thread beginning: < http://lists.oasis-open.org/archives/security-services/200112/msg00006.html >
[A21: Simon] - Section 3.1, SAML SOAP binding. Simon to review and add text to reflect F2F#4 discussion.
[A23: Chris] - explain use of xsi:type attribute to introduce element of basic XML schema type to avoid the need to introduce new schemas for the sole purpose of specifying a string attribute value.
Status - covered by A15 (closed)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC