[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [security-services] Minutes of OASIS Security Service TechnicalCommittee Conference Call on March 4, 2003
Minutes of OASIS Security Service Technical Committee Conference Call on March 4, 2003 Votes Committee approved the co-chairs formally soliciting the Liberty alliance for permission to use Liberty’s spec for creating derivative work in SAML. New Action Items SSTC should start a discussion and try to resolve the issue around conformance language on profile vs. extension. See Jeff Hodges posting to this list. Jeff will draft a request for soliciting permission to use Liberty’s spec. Jeff will send this SSTC co-chair for their review and sending to the secretary of Liberty. [note from editor: Jeff published an email shortly after the call] Scott will boil down his previously publish paper to some bullet points that will help us drive discussion around schema changes. Scott will then publish proposed changes to schema after group provides feedback on exiting proposal (see AI-44). Agenda and discussions 1. Acceptance of Minutes from February 18 Conference Call. http://lists.oasis-open.org/archives/security-services/200302/msg00049.html Accepted with no objections 2. Announcements We will vote on items 2, 3, 4 and 8 of http://lists.oasis-open.org/archives/security-services/200303/msg00002.html at the next conference call. Prateek announced that the above items will be voted on at the next conference call on March 18th. 3. Open Actions AI-6. Jeff to determine if conformance language around the notions of profiles vs. extensions is really an issue Closed. Jeff posted a message to the list. Short answer is yes, this is an issue. This may be something to be done for 1.1. This dove-tails with the discussion on versioning. Action Item: SSTC should start a discussion and try to resolve this new issue. AI-15. Editor (Eve) to update documents with Eve's fragment ID recommendations. Still open. Eve: will start this after work on 1.0 is done. Should be able to complete this by the next call. In addition to Fragment ID, everything that has been approved up to and including today’s should be included in the documents. AI-18. Irving to consult w/ Merlin Hughes on current XMLDSig issues http://lists.oasis-open.org/archives/security-services/200302/msg00058.html Closed. Irving: we are waiting on how much schema changes are in 1.1 so that we can determine if we can stick ID references in attributes (though this is a separate issue and is being tracked separately). So, this item is closed. AI-20. Eve to update specs to 1.0 Nearly done. Changes have been posted to the list. Group discussed proposed changes. Eve will create new PDFs and by next week they will publish on the web site. Carlisle: why is there not an OASIS document ID number. Eve: we will have a place holder and will wait for them for us to assign a number. We will leave this out. AI-31. Jeff to send email to list on his interpretation of IPR issues surrounding using Liberty material Closed. Jeff sent message to the list this morning. Before we start creating derivative work we should solicit permission. The Liberty management board will need to give us permission. The standard OASIS procedure for soliciting IPR is fine. Jahan: Should we solicit Liberty to submit their spec? Scott: I am in favor of that. Prateek: Let’s open the floor for discussion. I am in support of this. Bob: what are we specifically asking for? We are not asking for them to hand over the spec? Bob: so, we are asking for “blanket” permission to create derivative work under the OASIS umbrella. Scott: Motion: make a formal request to liberty to use their spec and create derivative work under the OASIS umbrella within the present IPR/licensing arrangements. Jeff: seconded Discussion: the SAML TC will determine exactly what it takes from Liberty 1.1 spec. Prateek: Hearing no objections, the motion passes. ACTION ITEM - Jeff: I will draft the language and send to SSTC co-chair for their review and sending. The message should be sent to the secretary of Liberty. AI-32. Rob will draft a use case for an Attribute Authority, to be examined by the TC for profiling Still Open. AI-33. Eve to update the charter based on discussion Closed. AI-36. Prateek to draft the 1.1 doc set list http://lists.oasis-open.org/archives/security services/200303/msg00002.html Closed. Message sent to the list this morning. Eight document/messages/fragments were identified as items for incorporation to 1.1. Prateek: we need to track to these items, including whether they have been voted on or not. Eve: item 8 on that list has been approved. AI-37. Scott to email list with intent and proposal to modify core around signature recommendations Still open. Scott: I have text that has been done. Scott will submit final draft depending on the closure of “ID attribute” issue. There are other proposals to make schema changes. During the discussion of schema changes we will need to debate the “ID Attribute”. NEW ISSUE: Will there be schema changes in SAML 1.1? The group needs to have a discussion on schema changes. Scott: suggest that the document(s) published to the list should be used as a starting point for discussion. ACTION: Scott will published proposed changes to schema after group provides feedback on exiting proposal (see AI-44). AI-39. Prateek to propose WSDL along with metadata Still open. AI-42. Carlisle to investigate SAML errors specification and impact on interoperability. Still open. Carlisle will get something out for next call. AI-43. Eve to repost standing rule 3 http://lists.oasis-open.org/archives/security-services/200302/msg00054.html Closed. No motion will be made at this time. AI-44. Scott to write summary/position paper of how to treat schema changes Still open. Paper has been published. Hal had noted that he will circulate this document among people with pure XML expertise. Hal: I think we had some discussions last year on the namespace issue. Eve: We should treat this as a “new” discussion Phil: 1.1 should synchronize with the result of this discussion. It is quite possible that by the time the discussion ends we will be in 2.0 time-frame. Hal: the paper does not included any discussion on non-electronic implications of version changes. Eve: It would be great if Scott could list options and then recommend options. Scott will produce another draft with more clarity on assumptions and issues. For example: are we approaching Schema changes from the perspective that the schema is frozen for a long time. Action: Scott will boil down the paper to some bullet points that will help us drive the discussion. AI-45. Prateek will update SSTC Bindings Extension 01 with URL-centric flow Still open. AI-46. Prateek to incorporate changes for PE-4 Still open. AI-47. Rob to propose replacement text for PE-9 Still open. AI-48. Jahan to start discussion on list for PE-10 http://lists.oasis-open.org/archives/security-services/200302/msg00047.html Closed. Further discussion on Errata document will be held during the next call when Rob is present. Other items Jahan: will we discuss/vote the destination-site-first? Action: Prateek will add an item to discuss destination-site-first on the next call and if appropriate, solicit SSTC voting on this. Attendees (members): Allen Rogers, Authentica Irving Reid, Baltimore Hal Lockhart, BEA Ronald Jacobson, Computer Associates Carlisle Adams, Entrust Jason Rouault, HP Prateek Mishra, Netegrity Charles Knouse, Oblix Jahan Moreh, Sigaba Bhavna Bhatnagar, Sun Jeff Hodges, Sun Eve Maler, Sun Emily Xu, Sun Phillip Hallam-Baker, Verisign Scott Cantor (individual) Simon Godik (individual) Bob Morgan (individual) Attendees (prospective members) Robert Griffin, Entrust John Hughes, Entegrity Solutions Fredrick Hirsch, Nokia Dipak Chopra,SAP Labs ---------------- Jahan Moreh Chief Security Architect 310.286.3070 ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]