[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for Telecon, Tuesday 1 April 2003
Minutes for SSTC Telecon, Tuesday 1 April 2003
Dial in info: +1 334 262 0740 #856956
Minutes taken by Steve Anderson
======================================================================
Summary
======================================================================
Votes:
- Minutes from 18 March 2003 call accepted
- Add optional ID attributes, of type id, to request, response
and assertion
- Accept option 1 for PE2
- Accept option 1 for PE3
- Add wording strongly discouraging the use of empty URIs, and
re-address in 2.0, possibly forbidding their use
Previous Action Items Still Open:
- #0002: [AI-32] Attribute Authority use case (Rob)
- #0004: [AI-39] Propose WSDL for metadata (Prateek)
- #0008: [AI-46] Incorporate changes for PE-4 (Prateek)
- #0009: [AI-47] Provide text for PE-9 (Rob)
- AI-51: Scott to propose changes to treatment of digital
signatures AFTER ID attribute discussion is complete
- AI-53: Make progress on Jahan's errata list
New Action Items:
- Rob to add link to SAML-Comments & SAML-Dev lists from site,
and to follow-up with OASIS where necessary
- Prateek to publish draft for Destination Site First Flow,
soliciting review and comments
- Maryann to get responses to requested use of WS-Trust for
CC proposal
- Eve to search for instances of "assertion type" and clarify
as appropriate
- Rob to provide text describing some of the degenerate cases
of using RespondWith
- Eve to produce draft text for PE11
======================================================================
Raw Notes
======================================================================
>
> Agenda:
>
> 1. Roll call
>
- Attendance attached to bottom of these minutes
- Quorum achieved
>
> 2. Accept minutes from previous meeting, 18 March
> < http://lists.oasis-open.org/archives/security-services/200303/
> msg00007.html >
>
- [VOTE] unanimous consent, accepted
>
> 3. Kavi issues
>
> [Action for Rob] Ensure that Jeff Hodges has appropriate Kavi
> status to upload documents into Kavi
>
- Rob: still working several issues, such as document repository
- has reposted official 1.0 specs to repository
- Jeff does indeed have appropriate Kavi status
- Prateek: seems that SAML-Comments list isn't operating
- Rob: believes it is there
- Prateek: link to it is missing from site
- Rob can add it
- Hal: current mail list link is broken
- we should also have a link to SAML-Dev
- Jeff: there are multiple links to things, including mail list links,
and some of the mail list links do work
- [ACTION] Rob to add link to SAML-Comments & SAML-Dev lists from site,
and to follow-up with OASIS where necessary
- Jeff: we need an archived documents folder
- Jeff: we should also comment to Kavi folks that the doc repository
is just one monolithic folder
-
>
> 4. General issues:
>
> (0) Vote on updating SAML 1.0 schema in SAML 1.1 to allow use of
> ID attributes
>
- Prateek: sent message describing consequences to SAML-Dev, and have
received a few comments, mostly supportive
- [MOTION] SAML 1.1 extend the SAML 1.0 schema so as to permit the use
of ID attributes with all SAML 1.0 elements that are relevant to
digital signatures (request, response, & assertion)
- Eve: are we adding signature processing options or making more things
mandatory?
- not sure that we can do more than adding things that are 'strongly
recommended'
- Scott: yes, but what's in 1.0 is badly broken
- Eve: true, and it has been noted (by Carlisle?) that we are early
enough in SAML's lifecycle to accommodate some traumatic change
- Jeff: what's there now must be fixed
- [MOTION] add optional ID attributes, of type id, to request, response
and assertion
- [VOTE] no objections, passed
>
> (1) Destination Site First, Flows --- Schedule vote on text on
> April 16?
>
- Prateek: this is a good-sized addition, so we need a little more
review, and scheduling a vote should accomplish that
- Jeff: date would actually be 15 April
- Jeff: suggests sending warning email to list
- [ACTION] Prateek to publish draft for Destination Site First Flow,
soliciting review and comments
>
> (2) Final list of SAML 1.1 items
> (+) currently accepted items
> (+) Jahan's errata list
> (+) ID attribute inclusion
> (+) "Destination Site First" Flows
> (+) Signature Re-spin
>
- Prateek: if anyone believes that more should be included, speak up
>
> (3) Credential Collector Proposal and discussion
> Any new actions from discussion?
>
- Carlisle: discussion moved a lot this morning, and there are responses
that will follow from that
>
> 5. Action Items
>
- Prateek: there are two sets of numbers now? The Kavi-style, and our
classic style?
- Rob: was hoping we'd just switch
>
> #0014: Tell saml-dev of ID Attributes decision
> Owner: Prateek Mishra
> Status: Closed
> Assigned: 23 Mar 2003
> Due: ---
> Closed: 01 Apr 2003
> Comments:
> Rob Philpott 2003-03-24 02:34 GMT
> The 18-March meeting agreed that V1.1 would include the use of ID
> Attributes. This impacts implementations as discussed in the
> minutes.
> Prateek to write a note to saml-dev describing the proposal.
>
> Prateek Mishra 2003-04-01 15:43 GMT
> < http://lists.oasis-open.org/archives/security-services/200303/
> msg00043.html >
>
- done
- CLOSED
>
> #0013: Request use of WS-Trust for CC Proposal
> Owner: Carlisle Adams
> Status: Open
> Assigned: 23 Mar 2003
> Due: ---
>
> Carlisle published message on:
> < http://lists.oasis-open.org/archives/security-services/200303/
> msg00010.html >
>
- Carlisle: this was intended to be a draft message, but got no
response
- Maryann: can give me new action
- CLOSED
- [ACTION] Maryann to get responses to requested use of WS-Trust for
CC proposal
>
> #0009: [AI-47] Provide text for PE-9
> Owner: Rob Philpott
> Status: Open
> Assigned: 16 Mar 2003
> Due: ---
>
- still open
>
> #0008: [AI-46] Incorporate changes for PE-4
> Owner: Prateek Mishra
> Status: Open
> Assigned: 16 Mar 2003
> Due: ---
>
- still open
>
> #0007: [AI-45] Add URL-centric flow to Bindings Extension 01
> Owner: Prateek Mishra
> Status: Open
> Assigned: 16 Mar 2003
> Due: ---
>
> Published by Prateek in
> < http://lists.oasis-open.org/archives/security-services/200303/
> msg00011.html >
>
- CLOSED
>
> #0004: [AI-39] Propose WSDL for metadata
> Owner: Prateek Mishra
> Status: Open
> Assigned: 16 Mar 2003
> Due: ---
>
- Prateek: pending, needs re-spin
- Maryann: is there a reference to this somewhere?
- Prateek: yes, there is an existing example in the mail archives
- realizing that this becomes an item for the 1.1 deliverables list
- still open
>
> #0002: [AI-32] Attribute Authority use case
> Owner: Rob Philpott
> Status: Open
> Assigned: 16 Mar 2003
> Due: ---
>
- still open
>
> [AI-50]
> [ACTION: Scott to propose text changes to the Versioning section
> of the Core document]
>
- done
- CLOSED
- also needs to go in 1.1 deliverables list
>
> [AI-51]
> Scott to propose changes to treatment of digital signatures AFTER
> ID attribute discussion is complete.
>
- Scott: will try to get some text submitted by next week
>
> [AI-52]
> Close on PE-10. Jahan published a note on this topic. Can we
> close it today?
>
> < http://lists.oasis-open.org/archives/security-services/200302/
> msg00047.html >
>
- Rob: wants to figure out how we can be more clear on RespondWith
- Prateek: you must return an assertion that meets the RespondWith
criteria
- Rob: and if the RespondWith conflicts with the query?
- Prateek: an empty assertion seems appropriate
- <some mild complaining about this>
- Need to clarify use of 'assertion' term vs. 'statement' term
- [ACTION] Eve to search for instances of "assertion type" and clarify
as appropriate
- Eve: would be happy to deprecate RespondWith in the spec
- Rob: would like to deprecate it
- Prateek: concern about its removal, taking a conservative stance
- one could argue that there is no insistence that clients use it, but
simple clients that can only deal with certain statement types could
use it
- Jahan: re-read text, and the rules are quite explicit -- the responder
MUST NOT respond with anything other than what is specified in the
request
- Rob: yes, that is clear, must have missed it
- Rob: suggests we add an explicit text for degenerate cases where the
query and its included RespondWith restriction can't produce a useful
response
- [ACTION] Rob to provide text describing some of the degenerate cases
of using RespondWith
- CLOSED
>
> [AI-53]
> Make progress on Jahan's errata list.
>
- Eve: hasn't incorporated bindings & profiles errata yet, but errata
for assertions & protocols has been incorporated
- Jahan: going thru -05 list (sent with meeting agenda)
- PE2
- Prateek: believes we concluded that there was no issue
- Eve: then we are opting for option 1, and we need to do so
explicitly
- [MOTION] accept option 1 for PE2
- [VOTE] no objections, passed
- PE3
- similar case with PE2
- [MOTION] accept option 1 for PE3
- [VOTE] no objections, passed
- PE11
- Rob: had repeated gotten questions on AssertionIDReference,
so some text on it would be useful
- Eve: can produce some draft text for us to consider next time
- [ACTION] Eve to produce draft text for PE11
- PE12
- Eve: can accept these first two as editorial
- line 1085 requires discussion (now it's line 1088)
- [MOTION] add wording strongly discouraging the use of empty
URIs, and re-address in 2.0, possibly forbidding their use
- [VOTE] no objections, passed
- item 4 is editorial, as with first 2
- PE13
- Scott: second item will be superceded by text he will soon
submit
- Prateek: authZdecision queries are different
- means that PE12 item 4 shouldn't be treated like first 2
- Eve: not sure how authZdecision query is different
- Prateek: right, there is a subject match here, so it isn't
different after all
- Eve: will produce editorial changes for review
- PE14
- Eve: let's please use "-er"
- Rob: is it used is schema anywhere?
- Scott: no, but it's in the normative area of <Status>, and
it uses "-er"
- Eve: SOAP 1.2 has provided definitions for such things, so
we should make our definitions distinct from theirs
- Eve: will attempt to provide edits by next call
- PE15
- Eve: has colleague that is a unicode and encoding expert that
she can consult
- Hal: does this apply to the artifact?
- Scott: no, this applies to the POST profile, and the new
destination-site-first profile
- will leave this item pending
- so only one PE left open
>
> 6. Any other business
>
- Eve: we should add an agenda item for next time for setting end
for 1.1
- may also want to alert Dee Schur
- Jahan: meeting in two weeks is right in middle of RSA conference, so
will that be a problem
- doesn't appear so
- We are meeting weekly, so next meeting will be 8 April, at regular
time
>
> 7. Adjourn
>
- Adjourned
----------------------------------------------------------------------
Attendance of Voting Members:
Irving Reid Baltimore
Hal Lockhart BEA
John Hughes Entegrity Solutions
Carlisle Adams Entrust
Robert Griffin Entrust
Jason Rouault HP
Prateek Mishra Netegrity
Steve Anderson OpenNetwork
Rob Philpott RSA Security
Dipak Chopra SAP
Jahan Moreh Sigaba
Bhavna Bhatnagar Sun
Jeff Hodges Sun
Eve Maler Sun
Emily Xu Sun
Phillip Hallam-Baker Verisign
Scott Cantor (individual)
Simon Godik (individual)
Attendance of Observers or Prospective Members:
Frederick Hirsch Nokia
Senthil Sengodan Nokia
Maryann Hondo IBM
Membership Status Changes:
Frederick Hirsch Nokia - Granted voting status after call
Senthil Sengodan Nokia - Granted voting status after call
Bob Morgan (individual) - Lost voting status due to inactivity
--
Steve
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]