[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] Minutes for Telecon, Tuesday 29 October 2002
Minutes for SSTC Telecon, Tuesday 29 October 2002 Dial in info: +1 334 262 0740 #856956 Minutes taken by Steve Anderson ====================================================================== Summary ====================================================================== Votes: - Minutes from 15 October 2002 call accepted - Motion to approve Eve's fragment ID recommendations for 1.1 as described in < http://lists.oasis-open.org/archives/security-services/ 200210/msg00026.html > New Action Items: - Hal to get a proposal crafted to make this schema change for "Standardize Issuer Name Format" needed by XACML - Editors to update documents with Eve's fragment ID recommendations - Jeff & Eve to add parts of Eve's fragment ID recommendation to 2.0 item list - Hal to propose specific schema changes for proposed DoNotCache condition - Irving to consult w/ Merlin Hughes on current XMLDSig issues Previous Action Items Still Open: - Jeff to determine if conformance language around the notions of profiles vs. extensions is really an issue - Prateek & Jeff to look at Liberty provider metadata's applicability for SAML specs - Jeff to solicit comment on draft-sstc-xmlsig-guidelines-0{2|3} from Liberty arena - Eve, Rob and Jeff to draft amended SSTC charter - Prateek to draft analysis of use of XML Encryption in SAML ====================================================================== Raw Notes ====================================================================== > > Agenda: > > 1. Roll call > - Attendance attached to bottom of these minutes - Quorum achieved > > 2. Accept minutes from previous meeting > < http://lists.oasis-open.org/archives/security-services/ > 200210/msg00028.html > > - [VOTE] unanimous consent, accepted > > 3. Review of open Action Items (AIs)... > > AI-2. Carlisle Adams to take the "Standardize Issuer Name Format" > back to the XACML for more clear requirements and/or > proposal. > > [security-services] XACML Change request to SAML... > < http://lists.oasis-open.org/archives/security-services/ > 200209/msg00015.html > > - done - Jeff: this would be a schema change - do we want to do this in v1.1 or v2.0? - will it be backward-compatible? - Hal: XACML would prefer it sooner - [ACTION] Hal to get a proposal crafted to make this schema change > > AI-6. Jeff to determine if conformance language around the notions > of profiles vs. extensions is really an issue > > [still in progress (will try to before next meeting)] > > > AI-7. Prateek & Jeff to look at Liberty provider metadata's > applicability for SAML specs > > [in progress - can discuss on the call] > - Jeff: seems the notion and format is useful, but Liberty schema wouldn't map directly over - Jeff and Prateek will post message after further analysis - Prateek: has separate question of whether Liberty AuthN Context is relevant, but will address in separate posting > > AI-8. Jeff to solicit comment on > draft-sstc-xmlsig-guidelines-0{2|3} from Liberty arena. > > [in progress - have commitment from Jonathan Sergent to review the > -03 rev of the guidelines. Good news is that Liberty folk and SAML > folk are on same wavelength wrt to xmldsig. ] > - Rob: also asking his Liberty reps to review > > AI-9. Scott to rev the draft-sstc-xmlsig-guidelines-02 doc to -03. > > [security-services] Third draft of Signature document > < http://lists.oasis-open.org/archives/security-services/ > 200210/msg00034.html > > - posted and closed - please review & comment > > AI-10. Eve, Rob and Jeff to draft amended SSTC charter > - will try to do before next call > > AI-11. Eve to send mail msg that wraps up resolution on fragment > identifiers > > [security-services] Motion to approve fragment ID > recommendations for1.1 > < http://lists.oasis-open.org/archives/security-services/ > 200210/msg00026.html > > - Jeff: should add to agenda - Jeff: have folks reviewed? - Rob: yes, seems reasonable - motion to accept motion as posted in above reference - [VOTE] accepted - [ACTION] editors to update documents - Hal: note that part of her proposal is deferred to v2.0, so it needs to be remembered somehow - [ACTION] Jeff & Eve to add this to 2.0 item list > > AI-12. Prateek to draft analysis of use of XML Encryption in SAML. > - Prateek: has done some work, will send to Hal for review - should have something posted to list before next call > > AI-13. Hal to write up proposal on expressing that assertions are > not to be cached > > [security-services] Proposed DoNotCache Condition > < http://lists.oasis-open.org/archives/security-services/ > 200210/msg00035.html > > - done - resolution includes change to spec & schema - Hal: schema change is adding and optional element, which is inherently backward compatible - implementation aspects were somewhat arbitrary, but mainly cares about semantics - Jeff: posting needs review & comments - we will shoot for vote on next call - [ACTION] Hal to propose specific schema changes > > 4. SAML v1.0 OASIS-wide vote > > tally can be monitored here.. > > < http://lists.oasis-open.org/archives/tc-voting/ > > > Have 49 Yes votes, 3 abstains, no "No"s. > - as long as we don't get any "no"s, we are on track to pass > > 5. where are we at with a SAML v1.1? > > todo list from item [A] of.. > > [security-services] Proposed, categorized To-Do list for SAML 1.x > and2.0 (SAMLng/SAML.next) > < http://lists.oasis-open.org/archives/security-services/ > 200208/msg00010.html > > > [A] Feasible Near-term high-priority items, and bug fixes > > - Bugs that are backwards-compatible (targeted to 1.1) > - Functionality that's backwards-compatible/orthogonal and > high-priority > - The list as a whole can be completed in 3-6 months > - Any decision that needs to be made in the short term > - the below items are in no particular order (ie unprioritized) > > [A.1] - Formalizing operational agreements between sites (see > Liberty provider metadata schema (section 4 of [1]) and > the saml-dev work [2], for examples; this is > guidance/facilitation work rather than protocol work) > > - above will be initiated w/ AI-7 > > - who will take those results and fold-in what was learned from the > SAML interop event? > - progress under way > > [A.2] - WS-Security profile ([3], possibly to go to WSS TC) > > - done. > > > [A.3] - Figure out versioning of modularly published profile and > binding specs > > - TBD. > > - this one has to do with how do we define and version SAML as a > whole? > > - don't need to answer the below scenarios on this call, but need > someone to sign up to consider the question and write a proposal > > - presently we refer to the "SAML v1.0 specification set", and > have "version" elements in assertions, request msg, and > response msg. > > what should we do if we eg rev the bindings and profiles spec > in the future, w/o making changes to -core ? > > what should we do if we write a separate b2b profile spec -- > what's the version of that spec once approved as a OASIS std, > say? - Jeff: need either a champion or someone to justify why we don't need to worry about it - Prateek: challenges this, each profile/binding is connected to a unique URI that identifies it - as new ones are published, versioning is implicitly addressed - Rob: had made some comments in the past in this area, and will go back and review them > > [A.4] - Sharpen conformance language around the notions of > profiles vs. extensions > > - this is AI-6, in progress > > > [A.5] - Express that an assertion should not be cached > > - proposal on the table > > > [A.6] - Fix fragment identifier gaffe [4] > > - motion on the "email floor" to close this. > - Voted on moments ago - will be folded into spec > > [A.7] - Standardize issuer name formats (request came from XACML) > > - this is AI-2 > > > [A.8] - Fix xmldsig issues (might turn out to be a [B] item) [5] > > - for 1.1, this will be addressed by Scott's dsig doc (yes?) > - Jeff: for 2.0, the plan is to make normative changes to tighten this up? - RonM: So 1.1 won't say anything further normatively? - Jeff: that's what's on the table - Scott's doc (essentially a 'best practices' doc) will attempt to improve interop - Discussion of listing in our specs of C14N as SHOULD vs. MUST - appears to be a SHOULD in current spec - Discussion of whether the current problem is one where verification would succeed when it shouldn't or whether the verification would fail when it shouldn't - general uncertainty - [ACTION] Irving to consult w/ Merlin Hughes on this - Ron: sounds like whatever is recommended in the spec currently doesn't preclude anyone from doing the right thing, but it does recommend doing the wrong thing - Jeff: section 4 in doc is about sig verification, and it doesn't seem to address this aspect, and arguably it should - we need to get this sorted out and added to the doc - Jeff: exhorting people to review this so we can get it resolved > > 6. Discussion of xmldsig guidelines > - (generally done in previous agenda item) - Jeff: the door may be more open in 1.1 to change this problematic SHOULD into the more suitable MUST > > 7. Discussion of credentials collection (?) > - no discussion > > 8. any other business? > - Jeff: Specification editing duties - Eve has previously indicated some availability - need to double check with Phill on his availability - Prateek can also commit some time - Jeff: not a burning issue for a couple more weeks yet - we're making good progress toward 1.1 and we should be able to start editing soon > > 9. Adjourn > - Adjourned ----------------------------------------------------------------------- Attendance of Voting Members: Irving Reid Baltimore Ronald Jacobson Computer Associates Mingde Xu CrossLogix Hal Lockhart Entegrity Carlisle Adams Entrust Robert Griffin Entrust Jason Rouault HP Prateek Mishra Netegrity Charles Knouse Oblix Steve Anderson OpenNetwork Rob Philpott RSA Security Jahan Moreh Sigaba Bhavna Bhatnagar Sun Jeff Hodges Sun Emily Xu Sun Simon Godik (individual) Attendance of Observers or Prospective Members: (none) Membership Status Changes: Robert Standefer EDS - Lost voting status due to inactivity Aravindan Ranganathan Sun - Lost voting status due to inactivity -- Steve
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC