[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Minutes for Telecon, Tuesday 1 April 2003
Due to administrative blunders on my part, RLBob has not lost voting status after all. My apologies. -- Steve -----Original Message----- From: Steve Anderson Sent: Tuesday, April 01, 2003 3:27 PM To: oasis sstc (E-mail) Subject: [security-services] Minutes for Telecon, Tuesday 1 April 2003 Minutes for SSTC Telecon, Tuesday 1 April 2003 Dial in info: +1 334 262 0740 #856956 Minutes taken by Steve Anderson ====================================================================== Summary ====================================================================== Votes: - Minutes from 18 March 2003 call accepted - Add optional ID attributes, of type id, to request, response and assertion - Accept option 1 for PE2 - Accept option 1 for PE3 - Add wording strongly discouraging the use of empty URIs, and re-address in 2.0, possibly forbidding their use Previous Action Items Still Open: - #0002: [AI-32] Attribute Authority use case (Rob) - #0004: [AI-39] Propose WSDL for metadata (Prateek) - #0008: [AI-46] Incorporate changes for PE-4 (Prateek) - #0009: [AI-47] Provide text for PE-9 (Rob) - AI-51: Scott to propose changes to treatment of digital signatures AFTER ID attribute discussion is complete - AI-53: Make progress on Jahan's errata list New Action Items: - Rob to add link to SAML-Comments & SAML-Dev lists from site, and to follow-up with OASIS where necessary - Prateek to publish draft for Destination Site First Flow, soliciting review and comments - Maryann to get responses to requested use of WS-Trust for CC proposal - Eve to search for instances of "assertion type" and clarify as appropriate - Rob to provide text describing some of the degenerate cases of using RespondWith - Eve to produce draft text for PE11 ====================================================================== Raw Notes ====================================================================== > > Agenda: > > 1. Roll call > - Attendance attached to bottom of these minutes - Quorum achieved > > 2. Accept minutes from previous meeting, 18 March > < http://lists.oasis-open.org/archives/security-services/200303/ > msg00007.html > > - [VOTE] unanimous consent, accepted > > 3. Kavi issues > > [Action for Rob] Ensure that Jeff Hodges has appropriate Kavi > status to upload documents into Kavi > - Rob: still working several issues, such as document repository - has reposted official 1.0 specs to repository - Jeff does indeed have appropriate Kavi status - Prateek: seems that SAML-Comments list isn't operating - Rob: believes it is there - Prateek: link to it is missing from site - Rob can add it - Hal: current mail list link is broken - we should also have a link to SAML-Dev - Jeff: there are multiple links to things, including mail list links, and some of the mail list links do work - [ACTION] Rob to add link to SAML-Comments & SAML-Dev lists from site, and to follow-up with OASIS where necessary - Jeff: we need an archived documents folder - Jeff: we should also comment to Kavi folks that the doc repository is just one monolithic folder - > > 4. General issues: > > (0) Vote on updating SAML 1.0 schema in SAML 1.1 to allow use of > ID attributes > - Prateek: sent message describing consequences to SAML-Dev, and have received a few comments, mostly supportive - [MOTION] SAML 1.1 extend the SAML 1.0 schema so as to permit the use of ID attributes with all SAML 1.0 elements that are relevant to digital signatures (request, response, & assertion) - Eve: are we adding signature processing options or making more things mandatory? - not sure that we can do more than adding things that are 'strongly recommended' - Scott: yes, but what's in 1.0 is badly broken - Eve: true, and it has been noted (by Carlisle?) that we are early enough in SAML's lifecycle to accommodate some traumatic change - Jeff: what's there now must be fixed - [MOTION] add optional ID attributes, of type id, to request, response and assertion - [VOTE] no objections, passed > > (1) Destination Site First, Flows --- Schedule vote on text on > April 16? > - Prateek: this is a good-sized addition, so we need a little more review, and scheduling a vote should accomplish that - Jeff: date would actually be 15 April - Jeff: suggests sending warning email to list - [ACTION] Prateek to publish draft for Destination Site First Flow, soliciting review and comments > > (2) Final list of SAML 1.1 items > (+) currently accepted items > (+) Jahan's errata list > (+) ID attribute inclusion > (+) "Destination Site First" Flows > (+) Signature Re-spin > - Prateek: if anyone believes that more should be included, speak up > > (3) Credential Collector Proposal and discussion > Any new actions from discussion? > - Carlisle: discussion moved a lot this morning, and there are responses that will follow from that > > 5. Action Items > - Prateek: there are two sets of numbers now? The Kavi-style, and our classic style? - Rob: was hoping we'd just switch > > #0014: Tell saml-dev of ID Attributes decision > Owner: Prateek Mishra > Status: Closed > Assigned: 23 Mar 2003 > Due: --- > Closed: 01 Apr 2003 > Comments: > Rob Philpott 2003-03-24 02:34 GMT > The 18-March meeting agreed that V1.1 would include the use of ID > Attributes. This impacts implementations as discussed in the > minutes. > Prateek to write a note to saml-dev describing the proposal. > > Prateek Mishra 2003-04-01 15:43 GMT > < http://lists.oasis-open.org/archives/security-services/200303/ > msg00043.html > > - done - CLOSED > > #0013: Request use of WS-Trust for CC Proposal > Owner: Carlisle Adams > Status: Open > Assigned: 23 Mar 2003 > Due: --- > > Carlisle published message on: > < http://lists.oasis-open.org/archives/security-services/200303/ > msg00010.html > > - Carlisle: this was intended to be a draft message, but got no response - Maryann: can give me new action - CLOSED - [ACTION] Maryann to get responses to requested use of WS-Trust for CC proposal > > #0009: [AI-47] Provide text for PE-9 > Owner: Rob Philpott > Status: Open > Assigned: 16 Mar 2003 > Due: --- > - still open > > #0008: [AI-46] Incorporate changes for PE-4 > Owner: Prateek Mishra > Status: Open > Assigned: 16 Mar 2003 > Due: --- > - still open > > #0007: [AI-45] Add URL-centric flow to Bindings Extension 01 > Owner: Prateek Mishra > Status: Open > Assigned: 16 Mar 2003 > Due: --- > > Published by Prateek in > < http://lists.oasis-open.org/archives/security-services/200303/ > msg00011.html > > - CLOSED > > #0004: [AI-39] Propose WSDL for metadata > Owner: Prateek Mishra > Status: Open > Assigned: 16 Mar 2003 > Due: --- > - Prateek: pending, needs re-spin - Maryann: is there a reference to this somewhere? - Prateek: yes, there is an existing example in the mail archives - realizing that this becomes an item for the 1.1 deliverables list - still open > > #0002: [AI-32] Attribute Authority use case > Owner: Rob Philpott > Status: Open > Assigned: 16 Mar 2003 > Due: --- > - still open > > [AI-50] > [ACTION: Scott to propose text changes to the Versioning section > of the Core document] > - done - CLOSED - also needs to go in 1.1 deliverables list > > [AI-51] > Scott to propose changes to treatment of digital signatures AFTER > ID attribute discussion is complete. > - Scott: will try to get some text submitted by next week > > [AI-52] > Close on PE-10. Jahan published a note on this topic. Can we > close it today? > > < http://lists.oasis-open.org/archives/security-services/200302/ > msg00047.html > > - Rob: wants to figure out how we can be more clear on RespondWith - Prateek: you must return an assertion that meets the RespondWith criteria - Rob: and if the RespondWith conflicts with the query? - Prateek: an empty assertion seems appropriate - <some mild complaining about this> - Need to clarify use of 'assertion' term vs. 'statement' term - [ACTION] Eve to search for instances of "assertion type" and clarify as appropriate - Eve: would be happy to deprecate RespondWith in the spec - Rob: would like to deprecate it - Prateek: concern about its removal, taking a conservative stance - one could argue that there is no insistence that clients use it, but simple clients that can only deal with certain statement types could use it - Jahan: re-read text, and the rules are quite explicit -- the responder MUST NOT respond with anything other than what is specified in the request - Rob: yes, that is clear, must have missed it - Rob: suggests we add an explicit text for degenerate cases where the query and its included RespondWith restriction can't produce a useful response - [ACTION] Rob to provide text describing some of the degenerate cases of using RespondWith - CLOSED > > [AI-53] > Make progress on Jahan's errata list. > - Eve: hasn't incorporated bindings & profiles errata yet, but errata for assertions & protocols has been incorporated - Jahan: going thru -05 list (sent with meeting agenda) - PE2 - Prateek: believes we concluded that there was no issue - Eve: then we are opting for option 1, and we need to do so explicitly - [MOTION] accept option 1 for PE2 - [VOTE] no objections, passed - PE3 - similar case with PE2 - [MOTION] accept option 1 for PE3 - [VOTE] no objections, passed - PE11 - Rob: had repeated gotten questions on AssertionIDReference, so some text on it would be useful - Eve: can produce some draft text for us to consider next time - [ACTION] Eve to produce draft text for PE11 - PE12 - Eve: can accept these first two as editorial - line 1085 requires discussion (now it's line 1088) - [MOTION] add wording strongly discouraging the use of empty URIs, and re-address in 2.0, possibly forbidding their use - [VOTE] no objections, passed - item 4 is editorial, as with first 2 - PE13 - Scott: second item will be superceded by text he will soon submit - Prateek: authZdecision queries are different - means that PE12 item 4 shouldn't be treated like first 2 - Eve: not sure how authZdecision query is different - Prateek: right, there is a subject match here, so it isn't different after all - Eve: will produce editorial changes for review - PE14 - Eve: let's please use "-er" - Rob: is it used is schema anywhere? - Scott: no, but it's in the normative area of <Status>, and it uses "-er" - Eve: SOAP 1.2 has provided definitions for such things, so we should make our definitions distinct from theirs - Eve: will attempt to provide edits by next call - PE15 - Eve: has colleague that is a unicode and encoding expert that she can consult - Hal: does this apply to the artifact? - Scott: no, this applies to the POST profile, and the new destination-site-first profile - will leave this item pending - so only one PE left open > > 6. Any other business > - Eve: we should add an agenda item for next time for setting end for 1.1 - may also want to alert Dee Schur - Jahan: meeting in two weeks is right in middle of RSA conference, so will that be a problem - doesn't appear so - We are meeting weekly, so next meeting will be 8 April, at regular time > > 7. Adjourn > - Adjourned ---------------------------------------------------------------------- Attendance of Voting Members: Irving Reid Baltimore Hal Lockhart BEA John Hughes Entegrity Solutions Carlisle Adams Entrust Robert Griffin Entrust Jason Rouault HP Prateek Mishra Netegrity Steve Anderson OpenNetwork Rob Philpott RSA Security Dipak Chopra SAP Jahan Moreh Sigaba Bhavna Bhatnagar Sun Jeff Hodges Sun Eve Maler Sun Emily Xu Sun Phillip Hallam-Baker Verisign Scott Cantor (individual) Simon Godik (individual) Attendance of Observers or Prospective Members: Frederick Hirsch Nokia Senthil Sengodan Nokia Maryann Hondo IBM Membership Status Changes: Frederick Hirsch Nokia - Granted voting status after call Senthil Sengodan Nokia - Granted voting status after call -- Steve
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]