security-services message

Subject: [security-services] Minutes for Telecon, Tuesday 12 Mar 2002

From: sanderson@opennetwork.com (Steve Anderson)
To: oasis sstc <security-services@lists.oasis-open.org>
Date: Wed, 13 Mar 2002 12:46:29 -0500

Minutes for SSTC Telecon, Tuesday 12 Mar 2002
Dial in info: +1 334 262 0740 #856956
Minutes taken by Steve Anderson


>
> Agenda - Assessing Last Call comments and getting to completion...
>
> 1. Roll call
>

- Attendance attached to bottom of these minutes
- Quorum achieved.

>
> 2. Implementation / Use
>

- Jeff: again waiving flag for need here
- awaiting word on when to make some received attestations public
- Eve: raises question on correctness of her attestation matrix
- Jeff: table this for end of call / focus group?

>
> 3. Action items update
>
> AI-1: Phill HB to "produce text with both indeterminate and error
>       code"
>   WRT: SAP-1
>   Status: OPEN
>

- Hal: statement is not accurate, doesn't think Phill was present when
  action item was assigned to him
- RLBob: disagrees, recalls Phill's presence
- Phill: recalls after short recap
- Irving: one of the alternatives was to return a deny with an error
  code indicating your "wishy-wash-ness"
- Jeff: details be covered at end of call
- Jeff: Phill, can this be done this week?
- yes
- Hal: if someone wants to champion an alternative (as Irving did),
  they need to step forward right away

>
> AI-2: Eve to resubmit "AssertionID element naming" (was "agreed to
>       but unimplemented")
>   WRT: SAP-2
>   Status: DONE (?)
>
>   in Eve's msg entitled "Live ISSUEs from Eve"
>   < http://lists.oasis-open.org/archives/security-services
>     /200203/msg00042.html >
>
>     ELM-2. Remove AssertionSpecifier -- is this the applicable
>     resolution?
>

- Eve: not sure if the AI is the same as in ELM-2
- thinks AI has been done
- Hal: doesn't think it is same as SAP-2
- Eve: so there are 3 different things floating here
- Hal: feels that correct response to SAP-2 is an explanation, but no
  change to spec
- Jeff: so where did this AI get dealt with?
- Eve: this has been discussed but never voted on
- Hal: is now an issue, DS-14-17
- Eve: ELM-2 is actually a proposal (after all) to address the issue
- Hal: so the agenda entry is correct, except for the SAP-2 reference
- so, this is done via issue ds-14-17

>
> AI-3: RLBob to send "audience vs target" language to the list (was
>       "agreed to but unimplemented"?)
>   WRT: SAP-5
>   Status: OPEN
>

- Hal: this basically a question of difference between audience and
  target
- RLBob: post profile to use response, and to use receipient in the
  response
- Jeff: so this is done, and text included in
  < http://lists.oasis-open.org/archives/security-services
    200203/msg00030.html >

>
> AI-4: Prateek to craft responses to SAP comments 24-30
>   Status: DONE
>
>   in "RE: ... SAP Comments On SAML Core-27 and Bindings-11
>   < http://lists.oasis-open.org/archives/security-services
>     /200203/msg00045.html >
>

- Jeff: appears done

>
> AI-5: Hal to craft responses to SAP comments 13-23
>   Status: DONE
>

- Jeff/Hal: done in
  < http://lists.oasis-open.org/archives/security-services
    /200203/msg00049.html >

>
> 4. "agreed to but unimplemented" changes to documents  -- recap
>
>    < http://lists.oasis-open.org/archives/security-services
>      /200203/msg00046.html >
>

- Jeff: doesn't seem that any of Eve's recent items fully reached
  "agreed to but unimplemented" state
- Hal: there was also a msg from Scott
- Scott: just commenting on what he knew of, but doesn't think it was
  agreed to either
- Jeff: just waiving this flag again
- Irving: what do we do with discussed open issues, but not agreed to?
- Jeff: verify that they are in issues list and have proper state, and
  work thru as usual
- Irving: how do we deal with fact that we are trying to call this doc
  done, but there are open items?
- Hal: believes that will be addressed in agend item 6
- Jeff: do we add the following to the list of changes that editors
  are to make?
    - Core changes for ISSUE: Actions and Action elements
    - Proposed text for NameIdentifier (re-spun)
- general consensus: yes, both were voted on
- Irving: sent final text to list for Actions & Action elements
- Jeff: Phill, those will be in next ver of core?
- Phill: yes

>
> 5. Editorial comments summary - recap
>
>    < http://lists.oasis-open.org/archives/security-services
>      /200203/msg00058.html >
>

- [ACTION ITEM] Hal to go thru this list and compare with issues list
- Jeff: on items that do intersect, we should consider them issues,
  leaving purely editorial items that editors can work on
- AuthenticationLocality to SubjectLocality  -- which SAP issue? SAP-8

>
> 6. Hal: updated Issues list summary
>
>
>    How many open ISSUES are now on our plate?
>

- 22 or so new issues

>
>    Suggested outline process for handling them..
>
>          internally-generated ISSUES
>           have champions by definition
>           clearly delineated resolution proposal?
>            yes - goto vote
>            no - champion(s) signed up to produce one?
>             if yes, when?
>
>
>          externally-generated ISSUES
>           champion signed up?
>           clearly delineated resolution proposal?
>            yes - goto vote
>            no - champion(s) signed up to produce one?
>             if yes, when?
>
>
>          vote..
>           ..for one of the below dispositions..
>
>             1. incorp resolution
>             2. defer
>             3. close
>

- summary sent last night by Hal
  < http://lists.oasis-open.org/archives/security-services
    200203/msg00062.html
- Hal: summary
    - we have comments from outside that have no TC champion
    - nothing has been closed or deferred recently
    - basically all new issues are marked in red, with exception of
      some of Eve's issues that she said should be deferred
- Hal: signed himself up as champion for one of the external issues
- Prateek: the "Additional Verbiage" thread is ready for resolution
  < http://lists.oasis-open.org/archives/security-services
    /200203/msg00044.html >
- Hal: "green" and "yellow" issues from issues list can be closed, and
  should be  done first
    - Jeff: had question on DS-9-11, is shows agreement, and ready
      for closure, but haven't seen in core yet
    - Scott: it is in core now
    - Irving: DS-11-08 isn't in core yet, so shouldn't be closed
    - Scott: suggests voting to accept "green" & "yellow", and let
      people raise exceptions to the list
    - Hal: need exeption for new green/yellow issues, like Eve's,
      which is to say all green/yellow from status-03
    - Hal: moves to close and defer, respectively, those in status-03
    - Hal: asserts that green ones haven't changed in status-04
    - Scott: amends by referring to status-04, excluding DS-9-12
    - Hal: complete list of exclusions from status-04 for this vote
      are
        - DS-9-12
        - DS-4-15
        - DS-14-14
        - DS-14-16
        - DS-14-18
        - DS-14-19
        - DS-14-20
    - Hal: the items we are voting to close have been on the list for
      more than a month
    - Irving: the motion is to close and defer all "greens" and
      "yellows" from status-04, excluding those listed by Hal
    - [VOTE] no objections
    - Jeff: so now we can issue a status-05
    - Hal: there are a few issues on issues list without champions,
        - DS-11-07 indeterminate result
        - DS-8-05
        - DS-12-08
        - MS-5-05
    - Jeff: if no one signs up to champion them, we drop them
    - Hal: proposes that if they don't have champion by 1 week from
      today, we drop them
    - Irving: since these were external, we need to respond to the
      submitter
    - Jeff: and the response may be that we don't feel the issue
      merits the time to address
    - Jeff: some one could step up as a champion, and say that the
      issue should be deferred

>
> 7a. Which ISSUES are ready to call to vote today?
>

- Jeff: taking nominations for red issues in status-04 that have
  proposals that can be voted on, either to accept proposed changes,
  defer, etc
    - Scott: believes DS-1-12 has been dealt with thru the
      "NameIdentifier" msg thread, and accepted
    - Prateek agrees
    - Hal: since we can't vote to close these until the proposals get
      incorporated into doc, let's defer this dicussion to focus
      group

>
> 7b. discuss & vote as appropriate.
>
>
> 7c. detailed discussion of remaing ISSUES during Focus group portion
>     of call (see below)
>
>
> 8. Working out timeline for bringing all open ISSUES to resolution
>

- Hal: proposes that unchampioned issues must have champions within
  one week
- RLBob: seems overly generous
- RLBob: moves that unchampioned issues get closed by COB Thursday
- [VOTE] no objections
- [ACTION] Hal to generate:
    - list of issues with agreement and text
    - list of issues with agreement and no text
    - list of issues with no agreement
- will shoot for end of tomorrow, giving people opportunity to voice
  modification

>
> 8a. Another call this week?
>

- Jeff: when do we update the docs?  could try for next week, but
  before doing that, we need to vote on which issues on the table
  should be given to editors for incorporation
- Hal: thinks we should come to closure on "agreed upon with text"
- Hal: moves that he generate such a list by COB tomorrow, and give
  everyone til COB Thursday to add or subtract, and editors integrate
  by Friday?
- Phill: due to travel, his part needs to be done by Monday
- Jeff: can Phill include editorial changes?
- Phill: yes
- [VOTE] no objections
- Jeff: so no need for additional call this week
- Jeff: issue champions need to drive to closure
- Irving: so if issue needs voting, it's hung until next week
- Jeff: so do need another call this week?
- Irving: given his issues, comfortable without additional call this
  week
- Jeff: so no call
- in mean time, we will try to get discussion on list moving to
  agreement
- Prateek: wants vote on innocuous text in "Additional
  Verbiage" msg thread
  < http://lists.oasis-open.org/archives/security-services
    /200203/msg00044.html >
    - Jeff: asserts that this satisfies DS-9-13, which is a red issue
    - [AD-HOC VOTE] consensus achieved

>
> 9. Planning for revision & re-publication of Spec Set
>
>
> 9a. Planning for Committee Specification vote and OASIS submission
>

- Phill: need to change URI for schemas, and need help from OASIS for
  that
- [ACTION ITEM] RLBob to contact Karl for schema URI/URN
- Phill: can cycle core again on Fri 22 Mar
- Jeff: proposed schedule
    - revision on Fri 15 Mar, as discussed already
    - a 'final' votable revision on Mon 25 Mar
    - vote on Tues 23 Mar
- Rob: WRT IPR statements, his legal department should have statement
  later this week or next
- Jeff: again soliciting from other companies

>
> Adjourn
>

- Adjourned
- continuing call as focus group

-----------------------------------------------------------------------

Attendance of Voting Members:

  Allen Rogers Authentica
  Irving Reid Baltimore
  Krishna Sankar Cisco
  Gil Pilz E2open
  Hal Lockhart Entegrity
  Jason Rouault  HP
  Chris McLaren Netegrity
  Prateek Mishra Netegrity
  Charles Knouse Oblix
  Steve Anderson OpenNetwork
  Rob Philpott RSA Security
  Jahan Moreh Sigaba
  Bhavna Bhatnagar Sun
  Jeff Hodges Sun
  Eve Maler Sun
  Emily Xu Sun
  Bob Morgan UWashington
  Phillip Hallam-Baker Verisign


Attendance of Observers or Prospective Members:

  Scott Cantor OSU


Membership Status Changes:

  Marc Chanliau Netegrity - Granted voting status after call
  Bob Blakley Tivoli - Lost voting status due to inactivity
  Marlena Erdos Tivoli - Lost voting status due to inactivity
  Sridhar Muppidi Tivoli - Lost voting status due to inactivity

--
Steve

begin:vcard 
n:Anderson;Steve
tel;fax:727-561-0303
tel;work:727-561-9500 x241
x-mozilla-html:FALSE
url:www.opennetwork.com
org:OpenNetwork Technologies
version:2.1
email;internet:sanderson@opennetwork.com
title:Product Architect
adr;quoted-printable:;;13577 Feather Sound Drive=0D=0ASuite 390;Clearwater;Florida;33762;USA
x-mozilla-cpt:;-6352
fn:Steve Anderson
end:vcard