OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [security-services] Minutes for Telecon, Tuesday 9 April 2002

Minutes for SSTC Telecon, Tuesday 9 April 2002
Dial in info: +1 334 262 0740 #856956
Minutes taken by Steve Anderson

> Our intent for today is to see if we are satisfied with core-31 and
> bindings-model-14 as committee specifications.
> 1. Roll call

- Attendance attached to bottom of these minutes
- Quorum achieved
- [ACTION ITEM] Steve to send membership to the mail list for use in
  acknowledgement section of doc after vote confirming docs as committee

> 2. Issue Status Report - Hal

- Hal: Comments on new issues list
    - status list is generally uninteresting, lacking red issues
    - have been requests for more identifiers for authN methods, but
      didn't track as issues
        - Hal in favor of making process of getting identifiers for this
          purpose as easy as possible
- Jeff moves to follow Hal's recommendation in issue status (-06) report,
  closing and deferring as noted in that doc
- [VOTE] no opposition, passes

> 3. Are we ready to vote on committee specifications?
> Possible states:
> 3.a     We need more time to absorb the latest documents and look for
>         minor details - postpone voting on committee specification for
>         a week.
> 3.b     We are satisfied with the document, but there are the few last
>         issues outlined on the mailing list to be dealt with:
>         3.b.1 bindings-model-14 section numbering (word problem)
>         3.b.2 bindings-model-14 confirmation methods explanatory intro
>               text (final wording)
>         3.b.3 core-31 -- StatusMessage - schema bounds change & prose
>               explanation
>         3.b.k issues outlined in 2 above or otherwise appearing on
>               list
>         If we resolve these issues, then close the documents for new
>         issues and vote on committee specification maturity level
>         (assuming inclusion of text) and hold confirmation vote next
>         week once we've seen the text
> 3.c     We are satisfied with the documents, and we do not want any
>         additional changes - vote on committee specification maturity
>         level now.

- Joe: Open to other possible states than these
- Jeff: connotation to (3.a) is there could be changes to schema or
  prose, and door is generally wide open
- Krisha: are all issues resolved?
- Joe: there have been a few issues raised in last 2 days, captured in
  (3.b), but besides that, all are resolved
- Jeff: (3.b.3) is done with, by virtue of vote on issues status doc
- Hal: what is accepted procedure for correcting typos, etc, after vote?
- Jeff: connotation for (3.b) is that door is closed to schema and
  semantic changes, etc, but still open for editorial issues, grammar,
  language, etc.
- Joe: seeking support for any of these options
- larger sentiment toward (3.b) to start bringing closure
- [VOTE] for (3.b)
- 3.b.1
    - [ACTION] Prateek to investigate Word mechanical document issues
- 3.b.2
    - Jeff: just sent refinements to Prateek for Conf Methods
    - Prateek: fine with that, just down to language, not semantics
    - Hal: example had been dropped in his latter posting on the
      thread, because in became out of sync
    - Motion to accept this change as in Jeff's msg
      < http://lists.oasis-open.org/archives/security-services/
        200204/msg00076.html >
    - [VOTE] no opposition, passes
- 3.b.3
    - done
- 3.b.k
    - Hal: mentioned 2 things in his status, acknowledgements and authN
      method identifiers
    - Jeff sent msg on acknowledgements this morning
      < http://lists.oasis-open.org/archives/security-services/
        200204/msg00071.html >
        - exact form of acknowledgements is TBD
        - Eve: available to normalize format with editors
        - intent is to ensure people's contributions are acknowledged
    - Hal: authN methods issues started with Rob's request for an
      identifier for SecurID
        - wants to make mechanism for obtaining these easy
        - willing to make distinction between those endorsed by TC
          and those that are just established by third party
        - Phill: the tricky bit is when two are very similar and you
          want a common ID
        - Hal: commented that one org many see two as the same, but
          another org may see them as different, so leave it as a
          deployment-time configuration
        - Phill: question for today is whether we are going to add an
          ID for general 2 factor authN methods
        - Rob: wants something like X509, where X509 was established
          in general, and more specificity can be added
        - Jeff: schema doesn't provide that now
        - Prateek: concerned over public registry of these identifiers
        - Joe: can take that up as next work item
        - Rob: needs a value now to use for their SecurID
        - Hal: had been distinction between authN methods associated
          with standards and those that are proprietary
        - Rob: refers to RFC280, SecurID SASL spec
        - Phill: suggests taking authN methods and putting them in
          separate doc
        - Joe: prefers a future document supercede definition of authN
          methods in current spec, rather than putting forward reference
          in current spec to a document that doesn't yet exist
        - If an RSA-specific value goes in now, other vendors are ...
        - Phill: moves adding value "HardwareToken", which will be given
          its own section, where it will be cast into a SAML URN
          congruent with our other authN method URNs, with explanatory
          text of "authentication was performed by means of an
          unspecified hardware token."
        - [VOTE] no opposition, passes
    - Jeff: forwared comments by Bhavna, and responded to them
      < http://lists.oasis-open.org/archives/security-services/
        200204/msg00072.html >
        - these are non-normative, editorial fixes
        - Hal: only one seems controversial, re: line 464
        - Prateek: verifies Jeff's responses, will correct
        - Joe: any objections?
        - none
        - Jeff: Bhavna also had comments on core-31
        - Phill: will make changes as noted by Bhavna, and amended by
    - Jeff: there was one other change that he hasn't sent
        - core-31, lines 724-727
        - Phill retained the old explanatory text
        - we superceded that text with text matching 1658-1660
        - should omit words "committee approved"
        - editorial change only
        - no objections
        - Jeff will send text to list [sent right after telecon]
          < http://lists.oasis-open.org/archives/security-services/
            200204/msg00077.html >
- Joe: believes we have achieved successful resolution of the issues
- motion to close the documents and bring to committee spec level
- [VOTE] no opposition, **SPECIFICATION CLOSED**!!
- [WOO-HOO!]

> 4. Set next meeting date

- Joe: would like to schedule meeting for next Tues, just to confirm
  editorial changes we just discussed are effected
- after that, final rendering will be all that is left
- next activity is to outline next tasks, now that 1.0 is done
- Joe: would we like a breather, off a week, and reconvene 30 April?
- would be an organizational meeting, to prioritize deferred items, etc
    - Prateek will begin discussion of SOAP profile
    - need discussion of ID repository
- Eve: will cancel conf bridge on 23 April (since it costs $)
- Jeff: notice that we need new web site maintainer
- Hal: need to discuss issue tracking, numbering
- Jeff: thanks to all for hard work over last +year

> 5. Adjourn

- Adjourned


Attendance of Voting Members:

  Allen Rogers Authentica
  Irving Reid Baltimore
  Krishna Sankar Cisco
  Hal Lockhart Entegrity
  Carlisle Adams Entrust
  Don Flinn Hitachi
  Joe Pato HP
  Chris McLaren Netegrity
  Prateek Mishra Netegrity
  Charles Knouse Oblix
  Steve Anderson OpenNetwork
  Rob Philpott RSA Security
  Jahan Moreh Sigaba
  Bhavna Bhatnagar Sun
  Jeff Hodges Sun
  Eve Maler Sun
  Aravindan Ranganathan Sun
  Emily Xu Sun
  Phillip Hallam-Baker Verisign

Attendance of Observers or Prospective Members:

  Scott Cantor OSU
  Thomas Hardjono Verisign
  Robert Griffin Entrust

Membership Status Changes:



Attachment: sanderson.vcf
Description: Card for Steve Anderson

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC