OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes for Telecon, Tuesday 06 May 2003

Minutes for SSTC Telecon, Tuesday 06 May 2003
Dial in info: +1 865 673 3239  #238-3466
Minutes taken by Steve Anderson


    - Minutes from 29 April 2003 call accepted
  Previous Action Items Still Open:
    - AI-0004: Propose WSDL for Meta-data
    - AI-0013: Request use of WS-Trust for CC Proposal
    - AI-0033: Generative non-normative "Differences between SAML 1.1
      and SAML 1.0" document
    - AI-0038: Continue developing Metadata specs
    - AI-0034: Correct document use of xsd:ID

  New Action Items:
    - (none)
                             Raw Notes

> Agenda:
> 1. Roll call

- Attendance attached to bottom of these minutes
- Quorum achieved

> 2. Accept minutes from previous meeting, 29 April
>    < http://lists.oasis-open.org/archives/security-services/
>      200304/msg00209.html >

- [VOTE] unanimous consent, accepted

> 3. Kavi Proposal:
>    Rob has suggested that notification to users every time a document 
>    is posted to Kavi be turned off by default. Users should be
>    notified only for selected document updates.

- Rob: if we're doing large numbers of updates, just send one manual
  email notice
    - Steve: all for this
    - Rob: there's no way to change the default, so just have to make
      this a matter of procedure

> 4. Last call notice has gone out Saturday, May 3, 2003
>    < http://lists.oasis-open.org/archives/security-services/
>      200305/msg00067.html >
>    Stays within guidelines proposed in (updates 
>    < http://lists.oasis-open.org/archives/security-services/
>    200304/msg00133.html >) with the exception that last call ends 
>    on May 15.

- Rob: actually ends Friday 16 May
- Original timeline had the cut-off on 13 May, which would have limited
  the comments, but we're still shooting for a Candidate Spec 20 May

> 5. Open Action-Items
>    AI-0004
>    Propose WSDL for Meta-data
>    Prateek Mishra

- Prateek: has not had a chance to catch up with Jahan's metadata
- stays open

>    AI-0013
>    Request use of WS-Trust for CC Proposal
>    Maryann Hondo

- not on call
- Rob: can provide update
    - there was a call between number of authors last week
    - VeriSign, RSA, IBM, but no MS folks
    - one clarification needed from TC: are we asking them to submit
      specifically as a reference doc or for future derivative works
      by the TC
    - believes we only wanted it as a reference doc
    - Hal: not sure he sees the distinction in practice
    - Irving: do we want to base work on it or do we want to take over
      furthering that document
    - Rob: because MS wasn't on call, couldn't reach conclusion on
      timeframe for submitting to a standards body
        - feeling was that July may not be feasible
        - it is moving forward, however
    - Carlisle: trouble is that we're stuck until we get an answer
    - Jeff: we're not guaranteed to use WS-Trust anyway
    - Carlisle: what if we extend our request to Aug/Sept?
    - Hal: would that delay 2.0?
    - not necessarily
    - Jeff: we can explore other alternatives, including inventing our
      own, and if they get their act together, great
    - Carlisle: can Rob give any timeline indication?
    - Rob: gets feeling of strong desire to get it in an org in the Fall
    - Carlisle: can we wait that long?
    - Jeff: thinks so
    - Steve: is a commitment from the WS-Trust authors to bring it to
      a standards body sufficient for us to continue working against
      it, or is it necessary to wait for the actual submission?
    - Jeff: can do some work based on commitment, but would prefer to
      hedge until it actually happens
    - Carlisle: having it submitted to an org is the beginning of that
      process, and the doc will change
    - Steve: that's true of any referenced standard
    - [discussion of 'by value' vs. 'by reference']
    - Irving: reluctant to head down 'derivative' route
- Carlisle: what do we think is best course of action
    - Jeff: the welcome mat is out to bring the spec to this TC
    - Steve: didn't recall it that way
    - Carlisle: seems extremely unlikely this spec would be ratified
      by a standards body by end of year
    - Steve: can we not reference an input draft to another group?
    - Jeff: wouldn't be good
    - Rob: we could chose to not release the credential collector 
      functionality with 2.0, and release it afterwards
    - Carlisle: do we think end of 2003 is reasonable timeline for 2.0
    - Scott: seems very aggressive
- Rob: we don't have to decide this today
    - could have some of the WS-Trust authors on one of our calls
    - WS-Trust authors will probably need to meet and discuss this
      on their own before that
    - our joint call doesn't have to happen right away
    - Carlisle: what seems to be the inhibitors to submitting WS-Trust
    - Rob: thinks they may want to produce another draft first
    - [discussion of the usefulness of that]
    - Jeff: not sure that it wouldn't be acceptable (IPR & copyright-
      wise) to point to their doc and describe uses of it, basically
      profiling it
- stays open

>    AI-0032
>    Write text for non-use of artifact confirmation data
>    Rob Philpott


>    AI-0033
>    Generative non-normative "Differences between SAML 1.1 and SAML 
>    1.0" document
>    Prateek Mishra

- Prateek: hopes to generate sometime today

>    AI-0038: Continue developing Metadata specs
>    Owner: Jahan Moreh

- Jahan: published draft 6 on Friday
- significantly changed from previous version
- appendix lists issues addressed and their resolutions
- awaiting comments

>    AI-0037: Example text on use of XML DSIG
>    Owner: Scott Cantor
- Scott: provided to Eve, not sure if in docs
- Rob: yes, it is in docs

>    AI-0036: Glossary updates - SSO Assertion, attribute assertion
>    Owner: Eve Maler

>    AI-0035: Refer to Liberty and WSS SAML Profile
>    Owner: Eve Maler


>    AI-0034: Correct document use of xsd:ID
>    Owner: Eve Maler

- still open
- Scott: sent email this morning
  < http://www.oasis-open.org/archives/security-services/
    200305/msg00070.html >
    - in the course of implementing 1.1, encountered the 2 issues 
      described in the email
    - was going to raise as a last call issue
    - if we need to rectify while Eve is out, he can do it
    - most serious mistake is in schema, using IDREF, which is only
      for references within the doc
    - we may need to move up the hierarchy to a xsd:NCName type
- Rob: is this a true technical issue?
    - Scott: thinks so
    - Rob: does that mean we'll need to restart the Last Call process?
    - Jeff: we made the rules up
    - suggests after last call, put all the comments together and have
      a vote to determine whether you passed last call or not
    - is leery of schema changes
- Frederick: thinks WS-Security had similar situation
    - Scott: anything derived from IDREF implies the reference points to
      something in the document
    - the use cases in WS-Security are different than here
    - Jeff: section 7 of WS-Security is where this arises
- Scott: described 2nd issue in this morning's email
    - people whose parsers choke on this will either have to patch 
      their parsers or change the schema in order to use our schema
    - tossed around with Eve question of what we get out of our layer
      of indirection (saml:IDType)
    - currently, there isn't any value
    - would be invasive to change
    - Steve: not changing it would seem to have big impact

> 6. Any other business

- Prateek: issues with DoNotCache
    - will send note to list
- Jahan: will we continue with weekly calls?
    - Prateek: thinks we should through at least 20 May
- Errata
    - everything is closed

> 7. Adjourn

- Adjourned


Attendance of Voting Members:

  Irving Reid Baltimore
  Hal Lockhart BEA
  Carlisle Adams Entrust
  Scott Cantor Individual
  Bob Morgan Individual
  Prateek Mishra Netegrity
  Frederick Hirsch Nokia
  Timo Skytta Nokia
  Steve Anderson OpenNetwork
  Rob Philpott RSA Security
  Dipak Chopra SAP
  Jahan Moreh Sigaba
  Bhavna Bhatnagar Sun
  Jeff Hodges Sun
  Emily Xu Sun
  Phillip Hallam-Baker Verisign

Attendance of Observers or Prospective Members:

  Jason Rouault HP

Membership Status Changes:

  Trevor Perrin Individual - Granted voting status after call

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]