OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes for Telecon, Tuesday 2 September 2003

Minutes for SSTC Telecon, Tuesday 2 September 2003
Dial in info: +1 865 673 3239  #238-3466
Minutes taken by Steve Anderson


    - Minutes from 5 August 2003 call accepted
    - Editors to update spec based on E10, from errata-15
  Previous Action Items Still Open:
    - [new, not numbered] Chairs to update F2F location info on SSTC
    - [new, not numbered] Jahan to create FAQ
    - #0055 Draft Goal Statement for SAML 2.0

  New Action Items:
    - Rob to send note to list about dial-in access needs
    - Eve to compare SAML v1.1 issues list with v2 work items
                             Raw Notes

> Agenda:
> 1. Roll call

- Attendance attached to bottom of these minutes
- Quorum achieved

> 2. Accept minutes from previous meeting, 5 August
>    < http://lists.oasis-open.org/archives/security-services/
>      200308/msg00026.html >

- [VOTE] unanimous consent, accepted

> 3. V1.1 is now an OASIS Standard (group cheer!).
>    a. Need to make final spec edits. 
>    b. Need web site update.

- Rob: 55 yes votes, 0 no votes
- Rob: will get with Eve to update with new status
- Eve: any other edits?
    - Jahan: one minor, editorial issue, changing a "less-than" to a
    - Draft 15 of errata doc, E10
    - Lines 236-237 core 1.1, CS-03
    - 2 places
    - Jahan: just noticed that disposition was to correct in 2.0
    - ??: it just prohibits 2 hash algorithms that you would want to use
    - Irving: in fact, we recommend using them
    - [MOTION] Editors to update spec based on E10, from errata-15
    - [VOTE] passes, unanimous consent

> 4. Face-to-face update: 
>    a. Facility/location update 
>       i.   Network access
>       ii.  Dial-in - do we need it? At what times?

- Rob: network access will be from behind a firewall, and should support
  most VPNs
- if there are any special requirements, send Rob mail
- Dial-in need will be based on expected attendance
- Eve: doesn't see need
- is there anyone who really, really wants to 'attend' and can't
  physically be there?
    - [no response]
    - [ACTION] Rob to send note to list about dial-in access needs
    - Jeff: should include a cut-off time for responses

>    b. Attendance: 
>       i.   Steve - What will we need for quorum?

- Steve: should be around 15

>       ii.  17 voting members have confirmed via ballot
>       iii. 16 not responded
>       iv.  Observers:
>            1.  Boeing: Steve Whitlock, Mike Beach
>            2.  Entrust: Tim Moses
>            3.  Fidelity: Patrick Harding
>            4.  Reactivity: Eric Gravengaard
>            5.  Sun: Ron Monzillo, Mohammad Akif, Tajesh Shah
>            6.  PingID: Darren Platt - attending?
>            7.  XACML: Anne Anderson, Seth Proctor, Frank Siebenlist, 
>                Rebekah Lepro, Von Welch, David Chadwick, Polar Humenn
>    c. Agenda discussion? 
>       i.   See Prateek's email: 
>            < http://lists.oasis-open.org/archives/security-services/
>              200308/msg00047.html >

- Prateek: walking through agenda
- John Hughes: what about time for Kerb use case I am creating?
    - Prateek: there is some time for that
    - John: will develop a few slides
- Frederick: has Ron published a new WSS SAML profile?
    - Prateek: is not aware of one
- Prateek: need more structure for 2nd day
    - Eve: has proposed using work item list for structure
    - if we can assign work item owners today, the owners can present
      their items
- Rob: will have separate room for XACML folks to work in on Tuesday
- Rob: Eve has published an updated work items list, v3
    - Eve: inclined to convert this work items doc into a SAML v2 issues
      list, to avoid letting things fall through the cracks
    - Rob: we still have a 1.1 issues list
    - Eve: so we need to do a comparison between the two
    - [ACTION] Eve to compare SAML v1.1 issues list with v2 work items
- Eve going through work items
    - Eve: believes Dale Moberg is interested in W-1
    - Prateek: W-1 through W-8 are all core ID-FF items
        - maybe too much to combine into 1 item
    - Prateek: volunteers to drive W-2
    - Scott & John Linn also volunteer for W-2
    - Scott: believes Peter Davis is interested in W-3
        - Eve: had Jahan penciled in as owner
        - Jahan: ok with that
    - Eve: Jahan for W-4 also
        - Jahan: ok
    - Prateek: will take W-5, will be important to them
    - Eve: just added W-5a, to handle Liberty-enabled clients
        - Frederick: will lead
    - Eve: had Krishna down tentatively
        - Scott: will take this one
        - Krishna: will work with Scott
    - Scott: W-7 needs to be labeled "Discovery" rather than "Introduction"
        - can put his name on W-7
    - Jeff: AuthN Context can be carved out, and handled quite separately
        - we need to decide whether to handle that here or spin off in
          another TC
        - needs an owner, but it doesn't need near-term work unless someone
          really demands it
        - not lessening its importance
        - Eve: needs an owner to help sort out how to treat this
        - Frederick volunteered
    - Eve: may not be much to say about W-9, but needs owner anyway
        - Hal had made some comments about this
        - may need to profile XML-Enc
        - Rob: let's solicit Hal to at least present on this at F2F
    - Eve: W-10 may be similar to W-20
        - [discussion, including W-20, and original/rejected SAML usecases]
        - Jahan offers to be owner
        - Darren offers to assist as possible
    - W-11 was Quadrasis-related
        - no volunteers
    - Eve: W-12 is more fine-grained attribute querying
        - there is a mixture of access control thoughts in this entry
        - "Retrieval Enhancement" is probably a better label
        - no owner volunteer
    - Jeff: thinks access management systems are orthogonal to SAML, and
      shouldn't be in list
        - W-13 deferred
    - John: doesn't think W-14 material is ready for standardization
        - Jeff: an enlightening doc could be helpful
        - could be material in security considerations or primer
        - Jeff: this is discussed in non-normative areas of Liberty
        - Jeff: volunteers for W-14 
    - Frederick: W-15 may be clearer after Ron's presentation at F2F
    - W-16 already has owners
    - W-17 owners no longer tentative
    - To answer "@@" comment in W-18: "Yes"
        - Jeff & RLBob volunteer
    - W-19 has owner
        - Steve: has this been accepted?
        - Eve: no, waiting for use case
    - Eve: W-20 has owners that aren't TC members, but doesn't see any
      problem with that (much like XACML folks coming to us with proposals)
    - W-21 has owners
    - Eve: there was a suggestion to combine W-22 with 13 through 15 (by
        - Krishna: not really combining, just a need to keep these in 
        - Scott: WSS SAML token profile seems to be defining a way to use
          a URL to deref a SAML token, and nothing in SAML permits that
    - Eve: no idea where w-23 came from
        - Rob: none either
        - no owner
    - W-24 should be merged with W-2
        - changing W-2 from candidate work item to active work item
    - W-25 has owner
    - W-26 has owner
    - W-27 is based on not-yet-published comments that we know are coming
    - Eve: W-28 has no owner, but lots of folks are working on it, so not
    - Eve: could drop W-29, since that will come in with XACML proposal
- Rob: planning to setup dinner reservations for Tuesday, for ~30 people
    - any suggestions, bring up quickly
>       ii.  FYI - Conflict with WSS-TC con-call on Tuesday 10-12 EST
>       iii. Additional updates from Prateek:
>            1. Scott Cantor and Jeff Hodges have agreed to cover ID-FF
>               1.X on Monday morning - noon. You may want to ping them
>               on what form this will take and how they want people to
>               prepare.
>            2. Ron Monzillo will present on the SAML Token Profile,
>               Monday PM
>            3. Boeing (Mike Beach), Fidelity (Patrick Lambert), 
>               Netegrity (TBD) will each present 20mins on "experience"
>               on Monday afternoon. There are some open slots still
>               available there.
>            4. How should Tuesday be structured? For example, there is
>               the Liberty meta-data proposal vs. Jahan's draft. Should
>               we request Jahan to drive a session on meta-data. 
>            5. Anne Anderson is aware of the Wednesday schedule. I assume
>               she will drive that session with other XACML members. 
>            6. Other work items: we should put together a "reading list"
>               of all relevant materials. I can work on this a little on
>               Wednesday. This includes:
>               - ID-FF 1.1, ID-FF 1.2
>               - Boeing note, Fidelity note, Netegrity use-case (i will
>                 publish on Wed),
>               - Eve's latest document on SAML 2.0 scope (will she revise
>                 after the call this week)
>               - XACML references (Anne has published list to SAML)
> 5. FAQ update

- Eve: made changes, and sent in to OASIS last Friday, ahead of deadline
- Jamie: got them, very happy
- Jahan: has seen more questions we need to answer

> 6. Action item review: 
>    New action items (not in Kavi) 
>    - Chairs to update F2F location info on SSTC homepage

- Rob: will do today

>    - Jahan to create FAQ

- already covered

>    Previous Action Items Still Open: 
>    #0055 Draft Goal Statement for SAML 2.0

- still open

>    #0013: Request use of WS-Trust for CC Proposal

- suggestion was to close this at last (non-quorum) meeting

> 7. Any other business

- Mission statement for V2.0 work -- approve today?
	- Eve: sent out revised version on 26 August 
	  < http://www.oasis-open.org/archives/security-services/
	    200308/msg00072.html >
	- [reading statement ...]
	- Jeff: was intending to respond to this via email
	- Jamie: recommends being careful about citing specific input from 
	  external organizations
	- Eve: we did request these submissions, and I specifically used term
	  "based on"
	- Jamie: suggests using "plan to" type wording
	- also suggests taking a vote to be clear
	- Jeff: the statement isn't finalized
	- let's nail it at F2F next week
- Audiences for SAML info and corresponding deliverable set
    - Rob: can put as lunch-time discussion
- Review and assign work items (at the F2F, each work item owner 
  should drive the discussion for that item; ideally, they should
  show up with a draft use case or design proposal, whatever's
- Jamie: what is this TC's intention for demo at XML2003?
    - Rob: was discussed briefly, but haven't given much thought recently
    - can discuss at F2F
    - Eve: also need other administrivia on agenda at F2F, such as whether
      we'll used Digital ID World for the next F2F

> 8. Adjourn

- Adjourned


Attendance of Voting Members:

  Irving Reid Baltimore
  Krishna Sankar Cisco
  Ronald Jacobson Computer Associates
  John Hughes Entegrity Solutions
  Jason Rouault HP
  Scott Cantor Individual
  Bob Morgan Individual
  Darren Platt Individual
  Prateek Mishra Netegrity
  Frederick Hirsch Nokia
  Senthil Sengodan Nokia
  Steve Anderson OpenNetwork
  Simon Godik OverXeer
  Rob Philpott RSA Security
  Edward Coyne SAIC
  Dipak Chopra SAP
  Jahan Moreh Sigaba
  Bhavna Bhatnagar Sun
  Jeff Hodges Sun
  Eve Maler Sun
  Emily Xu Sun
  Phillip Hallam-Baker Verisign

Attendance of Observers or Prospective Members:

  John Linn RSA Security
  Anthony Nadalin IBM
  Maryann Hondo IBM
  Mike White Individual
  Eric Gravengaard Reactivity
  Jamie Clark OASIS

Membership Status Changes:

  John Linn RSA Security - Granted voting status after call


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]