[security-services] Minutes of OASIS Security Service TechnicalCommittee Conference Call on March 4, 2003

[Jahan Moreh <jmoreh@sigaba.com>]

Minutes of  OASIS Security Service Technical Committee Conference Call on
March 4, 2003

Votes
Committee approved the co-chairs formally soliciting the Liberty alliance
for permission to use Liberty’s spec for creating derivative work in SAML.

New Action Items
SSTC should start a discussion and try to resolve the issue around
conformance language on profile vs. extension. See Jeff Hodges posting to
this list.

Jeff will draft a request for soliciting permission to use Liberty’s spec.
Jeff will send this SSTC co-chair for their review and sending to the
secretary of Liberty. [note from editor: Jeff published an email shortly
after the call]

Scott will boil down his previously publish paper to some bullet points that
will help us drive discussion around schema changes. Scott will then publish
proposed changes to schema after group provides feedback on exiting proposal
(see AI-44).


Agenda and discussions
1. Acceptance of Minutes from February 18 Conference Call.
http://lists.oasis-open.org/archives/security-services/200302/msg00049.html
Accepted with no objections

2. Announcements
We will vote on items 2, 3, 4 and 8 of
http://lists.oasis-open.org/archives/security-services/200303/msg00002.html
at the next conference call.
Prateek announced that the above items will be voted on at the next
conference call on March 18th.

3. Open Actions
AI-6.  Jeff to determine if conformance language around the notions of
profiles vs. extensions is really an issue

Closed.
Jeff posted a message to the list. Short answer is yes, this is an issue.
This may be something to be done for 1.1. This dove-tails with the
discussion on versioning.

Action Item: SSTC should start a discussion and try to resolve this new
issue.

AI-15. Editor (Eve) to update documents with Eve's fragment ID
recommendations.

Still open. Eve: will start this after work on 1.0 is done. Should be able
to complete this by the next call. In addition to Fragment ID, everything
that has been approved up to and including today’s should be included in the
documents.

AI-18. Irving to consult w/ Merlin Hughes on current XMLDSig issues
http://lists.oasis-open.org/archives/security-services/200302/msg00058.html

Closed.
Irving: we are waiting on how much schema changes are in 1.1 so that we can
determine if we can stick ID references in attributes (though this is a
separate issue and is being tracked separately). So, this item is closed.

AI-20. Eve to update specs to 1.0
Nearly done. Changes have been posted to the list. Group discussed proposed
changes. Eve will create new PDFs and by next week they will publish on the
web site.
Carlisle: why is there not an OASIS document ID number.
Eve: we will have a place holder and will wait for them for us to assign a
number. We will leave this out.

AI-31. Jeff to send email to list on his interpretation of IPR issues
surrounding using Liberty material

Closed.
Jeff sent message to the list this morning. Before we start creating
derivative work we should solicit permission. The Liberty management board
will need to give us permission. The standard OASIS procedure for soliciting
IPR is fine.
Jahan: Should we solicit Liberty to submit their spec?
Scott: I am in favor of that.
Prateek: Let’s open the floor for discussion. I am in support of this.
Bob: what are we specifically asking for? We are not asking for them to hand
over the spec?
Bob: so, we are asking for “blanket” permission to create derivative work
under the OASIS umbrella.
Scott: Motion: make a formal request to liberty to use their spec and
create derivative work under the OASIS umbrella within the present
IPR/licensing arrangements.
Jeff: seconded
Discussion: the SAML TC will determine exactly what it takes from Liberty
1.1 spec.
Prateek: Hearing no objections, the motion passes.
ACTION ITEM - Jeff: I will draft the language and send to SSTC co-chair for
their review and sending. The message should be sent to the secretary of
Liberty.


AI-32. Rob will draft a use case for an Attribute Authority, to be examined
by the TC for profiling
Still Open.

AI-33. Eve to update the charter based on discussion
Closed.

AI-36. Prateek to draft the 1.1 doc set list
http://lists.oasis-open.org/archives/security services/200303/msg00002.html
Closed.
Message sent to the list this morning. Eight document/messages/fragments
were identified  as items for incorporation to 1.1.

Prateek: we need to track to these items, including whether they have been
voted on or not.

Eve: item 8 on that list has been approved.

AI-37. Scott to email list with intent and proposal to modify core around
signature recommendations
Still open.
Scott: I have text that has been done. Scott will submit final draft
depending on the closure of “ID attribute” issue. There are other proposals
to make schema changes. During the discussion of schema changes we will need
to debate the “ID Attribute”.

NEW ISSUE: Will there be schema changes in SAML 1.1?
The group needs to have a discussion on schema changes. Scott: suggest that
the document(s) published to the list should be used as a starting point for
discussion.

ACTION: Scott will published proposed changes to schema after group provides
feedback on exiting proposal (see AI-44).


AI-39. Prateek to propose WSDL along with metadata
Still open.

AI-42. Carlisle to investigate SAML errors specification and impact on
interoperability.
Still open.
Carlisle will get something out for next call.


AI-43. Eve to repost standing rule 3
http://lists.oasis-open.org/archives/security-services/200302/msg00054.html
Closed.
No motion will be made at this time.

AI-44. Scott to write summary/position paper of how to treat schema changes

Still open.
Paper has been published. Hal had noted that he will circulate this document
among people with pure XML expertise.

Hal: I think we had some discussions last year on the namespace issue.

Eve: We should treat this as a “new” discussion

Phil: 1.1 should synchronize with the result of this discussion. It is quite
possible that by the time the discussion ends we will be in 2.0 time-frame.

Hal: the paper does not included any discussion on non-electronic
implications of version changes.

Eve: It would be great if Scott could list options and then recommend
options.


Scott will produce another draft with more clarity on assumptions and
issues. For example: are we approaching Schema changes from the perspective
that the schema is frozen for a long time.

Action: Scott will boil down the paper to some bullet points that will help
us drive the discussion.

AI-45. Prateek will update SSTC Bindings Extension 01 with URL-centric flow

Still open.
AI-46. Prateek to incorporate changes for PE-4

Still open.
AI-47. Rob to propose replacement text for PE-9
Still open.
AI-48. Jahan to start discussion on list for PE-10
http://lists.oasis-open.org/archives/security-services/200302/msg00047.html

Closed. Further discussion on Errata document will be held during the next
call when Rob is present.

Other items
Jahan: will we discuss/vote the destination-site-first?

Action: Prateek will add an item to discuss destination-site-first on the
next call and if appropriate, solicit SSTC voting on this.


Attendees (members):
Allen Rogers, Authentica
Irving Reid, Baltimore
Hal Lockhart, BEA
Ronald Jacobson, Computer Associates
Carlisle Adams, Entrust
Jason Rouault, HP
Prateek Mishra, Netegrity
Charles Knouse, Oblix
Jahan Moreh, Sigaba
Bhavna Bhatnagar, Sun
Jeff Hodges, Sun
Eve Maler, Sun
Emily Xu, Sun
Phillip Hallam-Baker, Verisign
Scott Cantor (individual)
Simon Godik (individual)
Bob Morgan (individual)

Attendees (prospective members)
Robert Griffin, Entrust
John Hughes, Entegrity Solutions
Fredrick Hirsch, Nokia
Dipak Chopra,SAP Labs




----------------
Jahan Moreh
Chief Security Architect
310.286.3070

----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>