[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] Minutes -- 8 January teleconference Agenda
Attendance - call to order quorum reached. Approval of Minutes for 18 Dec Meeting < http://lists.oasis-open.org/archives/security-services/200112/msg00078.html > Approved Status review of document set for 9 Jan Security Considerations Conformance Bindings Core Glossary Added Issues Doc to this item for discussion Documents: General Comment: Documents should note burning issues in the status section at the beginning of the document. Contributors: if your name is missing from a document, please send a message to the list and the editor for the document. ==Security Considerations - so far Chris McClaren has only received one comment on the list (aside from stylistic considerations). - Irving is near end of his review and will be sending comments - A number of others expect to have content discussion soon. - Eve: A fair amount of text exists in "red" which duplicates text in the bindings doc. - Chris: intention was to expand on what exists in the bindings doc, but is ok with removing it. - Prateek: The thinking is that the specific threats and countermeasures would stay in bindings doc, and more general background would be in the security consideration document. - Eve: much of the text that was copied from bindings contains normative text and inappropriate for security considerations document we decided that the stuff that's in bindings-model-08 should stay there because it's normative. - Joe: Chris do you have time to go ahead and add the additional content? - Chris: needs input from the rest of the committee to augment the content. - Nothing in security considerations should be normative. - for more general issues, bindings should have pointers to security considerations document. ** Joe: please pay special attention to this document to make sure we haven't left stones unturned - at F2F#5 we were concerned that this review process may require substantive changes in core and binding. - Prateek: bindings sub-group has done some of this, so not as concerned, but agrees that committee should pay attention here soon. - Hal: what of the "yellow highlight" text - Chris & Eve: this must come out and will be addressed - Hal: what about privacy considerations - Chris: he has only been considering security considerations - Chris: Commits to taking the privacy material from the document and the list and integrating into a more clearly privacy note. ==Conformance - december meeting has led to a third model reflecting bindings rather than a partition of assertions - this has led to both an easier model for working and for developing test cases. This document needs review as it has first emerged this week. There are several detailed editorial items (e.g., references in the body of text and stylistic concerns). - Jeff: are there near term "must dos" before the last call working draft set? - Bob: two sections need to move up, test suite - first version of document explicitly states that there is no commitment to a suite; third party certification - not developed in this generation of the doc. Plan is to leave these section headers with text that states that this will be addressed in later revisions of the spec. send issues to list by noon ET tomorrow , then can get out by end of day tomorrow. - (Forward reference, philosophical note on what aspects of spec are mandatory to implement will appear in the status section of Conformance document) == Bindings Doc No known outstanding issues, Prateek has a note from Tim covering non-normative text. Would have liked to have seen some level of review in the last few weeks, but this has not really happened - but Prateek does not see any issues in the doc. - Eve: now that we have two web-browser profiles, wonders if we need to variants of the SOAP profile. (one each for holder-of-key and sender-vouches) - Jeff: from F2F#5 recollects - but can't find in minutes a discussion that we were only going to do one profile... - Prateek: at one time Hal had been concerned with the plurality of profiles, but we have continued to proceed with multiple. - Discussion on the philosophy driving the number of mandatory to implement bindings, profiles etc. will appear in the conformance document. - Mods from Tim will appear before Last Call - prateek asserts that there are no substantive issues outstanding == Core Doc Eve will produce rough text for section 1.3 (Phill will send some rough notes) Phill will cycle a core-24 that will integrate Krishna's core-23 with some additional rough items. == Glossary We will go with -02 as a base note, and there will be some editorial changes applied - in particular notes from Marc Chanliau (won't happen this week, but will go in during the next 3 week review and edit period). == Issues List Document Hal - published document hasn't kept current with closed issues or with new issues added. This should be done by tomorrow, then Hal will produce a list of recommended resolutions for "obvious" issues. - Jeff: particularly interested in the sweeping of the mailing list for championed issues. Want to make sure that nothing falls through the cracks that has been discussed over the past few months. - Prateek: there are a small number of issues (mostly amendments to core23/22) which will be the beginning of the process to last call. - Jeff: 5 normative documents produced, Hal prepares Issues List document, and an additional issue tracking note. This is what we will move from for last call. - Reminder: if you have an issue that has not been addressed by any of the documents, resend an alert to the mailing list. Action Tracking 4 -- Review status of action items - and move to resolution [A3: Phill] - Section 3.1.5, need to further define error cases - Joe would like comments on the alternatives between the proposals on the list - If no comments, power left to Phill and Eve to choose during editing - Status: we have proposal on table, open to comments, no consensus established Scott will issue a new "final" proposal for a more complete error structure to be considered before issuing last call Phill has gone through doc to coalesce reason codes from document - is in core-22. [A5: BobB] - Section 4.1.3 472-473, text to clarify construction of ID (w.r.t. uniqueness) - Joe has not contacted Bob yet - stays open [A15: Chris] - Write up advice on how to use current approach to generic slots for attributes - Just waiting on integration into doc - Chris not sure if Eve has included yet or not - Joe to Chris: please sent note to list when you see it in draft Still not in. This is the problem with removing attribute value type. Bob, Chris and Phill will caucus and send resolution to mailing list. [A20: Prateek and Phil] - Need for additional ConfirmationMethod identifiers (Prateek and Phil) - Scott: was there a previous issue from Eve over the use of URIs versus strings? - Need to ask Eve - Joe: We will re-confirm this in Jan Prateek, these are now included. Eve comfortable with closure. issue closed. > > [A22: Irving] - core line 752, return code for completeness specifier: > - Joe: directs Phill (and Eve) to go ahead and integrate this change - verify status eve had sent a proposal to the list. if there're no objections, we should include this. add a new return code "incomplete" phill believes it is done. scott believes that status reason field is being used to carry additional codes, but it's supposed to be used for a textual message. phill - ah. > > [A24: Phill] - Bring together Tim's etc. text for the Authentication > mechanism section. > - Still open, for tracking in core-22 > > [A26: Phill] - text on the <RespondWith> option voted for at F2F#5 > - Phill has updated the schema for this - Believes he updated core - Stays open in core-22, discussion on list Closing note: We will hold weekly voting meetings through March to close the spec.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC