OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [security-services] Agenda for Tuesday, January 21 Conference Call

Agenda Summary:


  1. Agenda bashing
  2. Approval of minutes from Tue, Jan 7 conference call.
  3. Review (and approve?) V1.1 work items
  4. Action Item review
  5. Any other business
  6. Adjourn



  1. V1.1 Work Items (see http://lists.oasis-open.org/archives/security-services/200208/msg00010.html)
    • Bugs that are backwards-compatible (targeted to 1.1)
    • Functionality that's backwards-compatible/orthogonal and high-priority
    • The list as a whole can be completed in 3-6 months
    • Any decision that needs to be made in the short term


The below items are in no particular order [A.* numbering taken from original list]:

·         [A.1] Metadata for formalizing operational agreements between sites.

1.    See AI-27 below.

2.    http://www.oasis-open.org/committees/security/docs/draft-sstc-saml-meta-data-00.pdf

3.    http://lists.oasis-open.org/archives/security-services/200212/msg00018.html

·         [A.2] WS-Security profile ([3], possibly to go to WSS TC)

1.    Closed.

·         [A-3] Figure out versioning of modularly published profile and binding specs

1.    See AI-19 below and separate mail sent to list last night.

·         [A-4] Sharpen conformance language around the notions of profiles vs. extensions

1.    See AI-6 below

·         [A-5] Express that an assertion should not be cached

1.    Hal Lockhart's proposal: http://lists.oasis-open.org/archives/security-services/200211/msg00011.html

·         [A-6] Fix fragment identifier gaffe [4]

1.    Approved proposal on this.

2.    Needs to be incorp'd in specs.

3.    See AI-15.

·         [A-7] Standardize issuer name formats

1.    See AI-25 below.

2.    Original request came from XACML: http://lists.oasis-open.org/archives/security-services/200211/msg00012.html

·         [A-8] Fix xmldsig issues (might turn out to be a V2.0 item)

1.    For 1.1, Scott's dsig doc to become a non-normative component of the spec set.

2.    Doc needs careful review & update as necessary.

3.    Need to vote on finalized wording and adding additional doc to spec set

4.    Also see AI-18.


Additional Proposed V1.1 Work Items:

·         [A-9] Fix items from the Errata List (see AI-29)

·         [A-10] XML Encrypotion analysis (see AI-12)

·         [A-11] Mike Just's Credential Collector Proposal (see AI-26)

1.    Original mail: http://lists.oasis-open.org/archives/security-services/200209/msg00007.html



4. Action Items carried over from previous conference call:


  • AI-6. Jeff to determine if conformance language around the notions of profiles vs. extensions is really an issue
  • AI-12. Prateek to draft analysis of use of XML Encryption in SAML
  • AI-15. Editor (Eve) to update documents with Eve's fragment ID recommendations
  • AI-18. Irving to consult w/ Merlin Hughes on current XMLDSig issues
  • AI-19. RobP will go back and look in issues list and see what he can come up with wrt item [A.3] in the SAML v1.1 to-do list.
  • AI-20. Eve to update specs to 1.0
  • AI-25. Eve to respond to Hal's IssuerName proposal with an attribute-based & an element-based solution
  • AI-26. Carlisle to update Mike Just's credentials collection proposal
  • AI-27. Prateek to rev draft-sstc-meta-data-00 and add in schema.
  • AI-28. RobP to have RSAS convey a new "statement of licensing intent" to the SSTC that documents the additional two claimed applicable patents in addition to the prior two.
  • AI-29. Jahan to start and own Errata list for current specs
  • AI-30. Scott to produce use case document for destination site first flow using Web Browser Profiles (Target late January)
  • AI-31. Jeff to send email to list on his interpretation of IPR issues surrounding using Liberty material
  • AI-32. Rob will draft a usecase for an Attribute Authority, to be examined by the TC for profiling
  • AI-33. Eve to update the charter based on discussion
  • AI-34. Rob will pull single list of v1.1 To Do items


Rob Philpott
RSA Security Inc.
The Most Trusted Name in e-Security
Tel: 781-515-7115
Mobile: 617-510-0893
Fax: 781-515-7020


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC