OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [security-services] Minutes for Telecon, Tuesday 23 July 2002

Minutes for SSTC Telecon, Tuesday 23 July 2002
Dial in info: +1 334 262 0740 #856956
Minutes taken by Steve Anderson

> Agenda:
> 1. Roll call

- Attendance attached to bottom of these minutes
- Quorum achieved

> 2. Accept Phill as Chair Pro Tem

- [VOTE] no objections, accepted

> 3. Minutes of last meeting

- No comments
- motion to approve
- [VOTE] no objections, accepted

> 4. Action items from last meeting

- either nothing to report, or will be covered later in call

> 5. Errata to TC Document
>      5.1 Pure typos
>      5.2 XML Signatures
>      5.3 Fragment identifiers
>      5.4 Other errata

- Phill spoke to Karl Best
    - he didn't see any problem having errata, provided it came early
      in the approval process, which we are in
    - OASIS is considering changing the process wrt errata
    - if we put out errata agreed to in this meeting, it would be
    - Eve: so if we produce SAML v02 today, it will be accepted?
    - Phill: yes
    - discussion of what errata is, which isn't specified by OASIS
    - gravitating toward what we previously discussed as "purely
      editorial" changes, such as typos and contradictory statements
      where the intent was fairly clear
    - Eve: couple of points
        - if we are to entertain the notion of doing this by end of
          month, we are at the end of the month and she will not have
          cycles to contribute
        - was concerned that SAML might fail vote if it had obvious
          interop issues, however, we've had a very successful couple
          of weeks, so there shouldn't be any serious negative votes
        - so, level of comfort has increased releasing spec as is
        - we can proceed, with issues clearly identified
    - Phill also will be too busy to work on errata immediately
    - Phill: how did we inadvertently force the use of XPath in the
      signatures rather than XPointer?
        - Eve: XPointer is not a recommendation yet
        - discussion of suitability of making this normative
        - Rob: can we just provide guidance to implementors rather than
          change the spec
        - discussion goes back to XPointer
        - Phill: sounds like this goes beyond errata, and should be
          taken up in v.next
        - discussion returning to Rob's suggestion of guidance doc
        - Prateek: so we are deferring this whole signature discussion
          to a "best practices" doc?
        - Phill: yes
        - motion to treat all errata as advice to implementors, in a
          separate doc, rather than attempt to amend SAML 1.0 at all
        - i.e., we don't produce an errata doc, and that interop
          advice be produced in a separate doc
        - [VOTE] no objections, accepted

> 6. WS Security Report

- Prateek: on the hook to provide an 02 version of the doc, and will do
  so today
- will not have substantial changes
- still looking for comments
- Maryann: possible to get you comments after today?
- Prateek: absolutely, this is a work in progress, and will be modified
  further beyond the 02 version
- Hal: we'll need to liaise with the new TC once it's formed to see how
  we want to divide work
- this may not become a spec of this TC
- Prateek: this is a question of whether we feel this upcoming doc
  accurately represents our view of adding SAML to WS-Sec, which is
  important to determine before the new TC forms
- Hal: throwing out suggestion of adding a new header that addresses the
  "purpose" of the assertion
    - left as something to consider in later discussions
- Hal: asking Prateek if his document discusses roles or actors
    - Prateek: stayed with SOAP terminology, so uses "actors"
    - Hal: recent work on SOAP now uses "roles", yet another meaning of
      the term
- Eve: hasn't heard any discussion of who will own this profile
    - Hal: thinks it can't be decided on until new TC is formed
    - Maryann: indicates IBM will support it being owned by new TC
    - Rob: will SJC take this discussion up any time soon?
    - Hal: until new TC is formed, it's moot
    - and it's not so much "them vs. us", since "them" will be made up
      of a lot of us
    - Phill: side note that XKMS F2F will be going on day after WSS F2F
      in same area
- Hal: does anyone here care to speak strongly in favor of this new
  profile being handled in this TC?
    - Eve: just wants to see it done properly, as a first-class citizen
      in WS-Sec

> 7. AOB (Any Other Business)

- Eve: other documents
    - hasn't looked at interop docs used for the demo, but we had
      previously discussed such a doc for implementors
    - wondering if we should elevate this interop doc
    - Hal: there have been discussions of striping out a few things
      that were specific to the event, adding in a few other things,
      and publishing it, obviously non-normative
    - mainly need a volunteer
    - Eve: cites need for new website maintainer, and the one page FAQ
      being accessible from the SSTC site
    - Hal: working on a FAQ doc
    - (not getting a site maintainer volunteer ...)
- Eve: Discuss WSDL for SAML
    - has been talking with her folks about a normative WSDL doc
    - she's asking her folks to make concrete improvement proposals
    - hopes to have those by next meeting
    - discussion of how to make normative, and what it should be tied
      to, e.g. binding, profile, etc
    - Irving: recalling that current WSDL was intended to describe the
      SOAP binding
    - binding-specific WSDL seems to have consensus
    - Irving: perfectly happy to pass ownership of that doc to someone
      more fluent in WSDL
    - Eve: comments from her folks have been on the level of granularity
    - just wants to get people thinking about it, so that someone will
      be leaning toward taking ownership of this
    - how does this relate to JSR155?
        - not clear, as JSR155 work had stalled, but is alleged to be
          getting back on track shortly
        - the most interesting thing JSR155 could do is take a SAML
          assertion apart and to semantically interesting things
        - the least interesting thing JSR155 could do is the actual
          sending and receiving of SAML protocol messages, which should
          come easily from a WSDL doc
        - stalling within JSR155 could have been from all early
          proposals being centered on the exchange of samlp messages,
          which doesn't offer as much value
    - Phill: soliciting volunteer to take ownership of WSDL
        - no takers
        - Eve: suggests we bounce it (and the update suggestions)
          around first
        - Prateek: offers to provide review
        - leaving it at that for now
- Date of next meeting: 6 Aug
    - should have one or both chairs back
    - Hal: OASIS and W3C are jointly sponsoring one-day symposium on
      web services (around 26 Aug) as part of XML Web Services One
      < http://www.oasis-open.org/committees/security-jc/#Events >

> 8. Adjourn

- Adjourned


Attendance of Voting Members:

  Allen Rogers Authentica
  Irving Reid Baltimore
  Krishna Sankar Cisco
  Hal Lockhart Entegrity
  Don Flinn Hitachi
  Jason Rouault HP
  Prateek Mishra Netegrity
  Charles Knouse Oblix
  Steve Anderson OpenNetwork
  Rob Philpott RSA Security
  Jahan Moreh Sigaba
  Eve Maler Sun
  Aravindan Ranganathan Sun
  Bob Morgan UWashington
  Phillip Hallam-Baker Verisign

Attendance of Observers or Prospective Members:

  Mingde Xu CrossLogix
  Maryann Hondo IBM
  Scott Cantor OSU

Membership Status Changes:

  Marc Chanliau Netegrity - lost voting status due to inactivity


Attachment: sanderson.vcf
Description: Card for Steve Anderson

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC