OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [security-services] RE: Minutes for Telecon, Tuesday 30 September 2003






> Rob to draft charter changes
I will have to object to this Action Item as the SS-TC needs to re-charter
from scratch since they have completed their original deliverables. The TC
process states this at:
http://www.oasis-open.org/committees/process.php#closing.

Anthony Nadalin | work 512.436.9568 | cell 512.289.4122


|---------+---------------------------->
|         |           "Steve Anderson" |
|         |           <sanderson@openne|
|         |           twork.com>       |
|         |                            |
|         |           09/30/2003 04:22 |
|         |           PM               |
|---------+---------------------------->
  >----------------------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                                              |
  |       To:       "oasis sstc (E-mail)" <security-services@lists.oasis-open.org>                                                               |
  |       cc:                                                                                                                                    |
  |       Subject:  [security-services] RE: Minutes for Telecon, Tuesday 30 September 2003                                                       |
  >----------------------------------------------------------------------------------------------------------------------------------------------|




Omitted the following Membership Status Change:
  Mike Beach Boeing - Requested membership 9/19/2003
--
Steve

>  -----Original Message-----
> From:            Steve Anderson
> Sent:            Tuesday, September 30, 2003 2:25 PM
> To:        oasis sstc (E-mail)
> Subject:         Minutes for Telecon, Tuesday 30 September 2003
>
> Minutes for SSTC Telecon, Tuesday 30 September 2003
> Dial in info: +1 865-673-3239  #238-3466
> Minutes taken by Steve Anderson
>
> ======================================================================
>                               Summary
> ======================================================================
>
>   Votes:
>
>     - Minutes from 16 September 2003 call accepted
>     - To accept Eve's proposal to bulk close the remaining V1.1
>       deferred issues
>
>   Notable Decisions
>
>     - Work item list closed, and work items that have not made
>       progress by 14 Oct may also be terminated
>
>   Previous Action Items Still Open:
>
>     - #0072: Authentication Context
>     - #0077: Authorization Decision Reconciliation
>     - #0069: Baseline Attribute Namespaces
>     - #0074: Create SAML 2.0 issues list
>     - #0065: Credentials Collector
>         - REASSIGNED to Tim
>     - #0068: Delegation and Intermediaries
>     - #0061: Kerberos Use Cases for SAML 2.0
>     - #0064: Metadata and Exchange Protocol
>     - #0063: Profile Enhancements for Metadata
>     - #0082: Promised V2.0 Changes
>     - #0060: Publish pointer to SAML 1.0 Session Materials
>     - #0070: SAML as a SASL security mechanism
>     - #0059: Session Support
>     - #0066: SSO Profile Enhancements
>     - #0076: XACML Proposal for Policy Transport
>
>   New Action Items:
>
>     - Rob to post new F2F attendance ballot
>     - Eve to send out hotel info for F2F, and check on Sun rates
>     - Rob to draft charter changes
>     - Eve to update work items document to v08
>     - Prateek to ping Hal for a date for AI #0077 & #0060
>     - Eve to suggest categories for issues list
>     - Eve to indicate in the v2.0 issues doc what became of old
>       issues
>     - Prateek to ping Frederick on AI #0082
>     - RLBob to ping Jeff on keeping/closing AI #0070
>
> ======================================================================
>                              Raw Notes
> ======================================================================
>
> >
> > Agenda:
> >
> > 1. Roll call
> >
>
> - Attendance attached to bottom of these minutes
> - Quorum achieved
>
> >
> > 2. Accept minutes from previous meeting, 16 September
> >    < http://lists.oasis-open.org/archives/security-services/
> >      200309/msg00076.html >
> >
>
> - [VOTE] unanimous consent, accepted
>
> >
> > 3. October 22-24 SAML V2.0 F2F #2 logistics
> >
> >      Host?
> >      Attendance confirmation ballot
> >      Other?
> >
>
> - Rob: got mail from Jeff indicating that he can host at Sun
> - XACML TC is planning to meet at beginning of same week
> - Will XACML meet on of 22nd?
>     - Hal: yes, in morning, since SSTC planned to meet in PM
>     - discussion of location proximity
>     - XACML meeting in San Jose, SSTC meeting in Santa Clara
>     - seems to be less than 15 minutes away
> - [ACTION] Rob to post new F2F attendance ballot
> - Eve: suggests 2 hour lunch/travel break on 22nd
> - Hal: can make sure XACML breaks early enough
> - Rob: will plan SSTC F2F to run 1:30 - 4:30 on Wed, and 9:30 - 5:30
>   Thurs and Fri
> - Eve: someone had asked about hotels
>     - Scott: Marriott next to Sun
>     - Hal: suggests Yahoo, put in address,
>     - [ACTION] Eve to send out hotel info for F2F, and check on Sun rates
>     - Rob: would be useful to know whether cars would be necessary at
>       various hotels
>
> >
> > 4. V2.0 charter clarification
> >
> >    Now that we have agreed on a V2.0 goal statement, we need to update
> >    the SSTC charter (in OASIS TC process terms, it needs to be >
> >    "clarified"). Specifically, our list of deliverables needs to be
> >    updated now that we've completed 1.1.
> >
> >      Current charter is at
> >      < http://www.oasis-open.org/committees/security/charter.php >
> >
> >      OASIS TC process is at
> <      < http://www.oasis-open.org/committees/process.php#charter >
> >
> >      Needs recorded approval vote of 2/3 total membership (not just
> >      2/3 of a meeting with quorum) and notification/approval of OASIS
> >      TC Administration.
> >
>
> - Rob: what would 2/3 of current membership be?
>     - Steve: 18
> - Rob: need someone to pose charter wording to list
>     - [silence]
> - [ACTION] Rob to draft charter changes
>
> >
> > 5. V2.0 Work Item review
> >
>
> - Prateek: we had announced intention to close work item list about now
> - [RESOLVED] Work item list closed, and work items that have not made
>   progress by 14 Oct may also be terminated
>
> >
> >      Identify and discuss the top priority items from the work
> >      list/action item list to discuss on today's con-call
> >
> >      < http://www.oasis-open.org/committees/download.php/3530/
> >        sstc-saml-scope-2.0-draft-07.doc >
> >
>
> - [ACTION] Eve to update work items document to v08
> - Rob: still need owners for some of these
>     - W12
>         - Prateek: not clear that this was linked to XACML
>         - Rob: just looking at category keywords
>         - Scott: thinks this was just going to be influenced by XACML-
>           related work
>     - W13
>         - Eve: we deferred this, will update in v08
>     - W22
>     - W23
>     - W24
>     - W27
>     - need to make sure that there aren't unassigned items that people
>       feel strongly about, because they will get dropped
> - Rob: there have been several postings on work items
>            - Prateek: we had promises on dates on several action items at
last
>              meeting
>            - would like to 'crack the whip' a little
>            - suggests a focus group call next week, to complete some of
the
>              details discussions
>            - wants to clarify ownership of AIs
>            - Rebekah: has 2 solutions to submit, but wasn't sure how
>            - Rob: if you're a voting member (and she is), you can go to
>              'Documents' tab on TC home page
>            - in 'V2.0 Working Docs' section, can click 'Add doc'
>            - Rebekah: has had trouble on that page, may be related to
unusual
>              browser
>            - will send to list
>
>
> >
> >    #0075: Attribute Reconciliation
> >    Owner: Rebekah Lepro
> >    Status: Open
> >    Assigned: 16 Sep 2003
> >    Due: ---
> >    Comments:
> >      Active work item - Waiting for solution proposal
> >      XACML and SAML structure their attribute information differently.
> >        This needs to be addressed.
> >
>
> - Rebekah: has something to submit later today
> - [sent before end of call]
>   < http://lists.oasis-open.org/archives/security-services/
>     200309/msg00101.html >
> - CLOSED
>
> >
> >    #0072: Authentication Context
> >    Owner: Jeff Hodges
> >    Status: Open
> >    Assigned: 16 Sep 2003
> >    Due: ---
> >    Comments:
> >      Main task is to approrpiately move Liberty AuthContext
> >        specification into OASIS (so it becomes a standard).
> >      Jeff will ping Paul Madsen to see if he is interested.
> >
>
> - Prateek: need to find an owner
> - tentative date is still 14 Oct
> - Jeff will be trying to find an owner
>
> >
> >    #0077: Authorization Decision Reconciliation
> >    Owner: Hal Lockhart
> >    Status: Open
> >    Assigned: 16 Sep 2003
> >    Due: ---
> >    Comments:
> >      This includes issues of whether to make backwards-incompatible
> >        changes to the existing structure (and/or deprecate it).
> >
>
> - Prateek: there was no promised date on this
> - stays open
> - [ACTION] Prateek to ping Hal for a date for AI #0077 (along with #0060)
>
> >
> >    #0069: Baseline Attribute Namespaces
> >    Owner: Bob Morgan
> >    Status: Open
> >    Assigned: 16 Sep 2003>
> >    Due: ---
> >    Comments:
> >      Use-case discussed at F2F and generally supported. Waiting for
> >        solution proposal.
> >      For example, a DSML or X.500 profile for a person's attributes
> >        expressed in SAML.
> >
>
> - RLBob: still working, target date 7 Oct
> - Rob: in time for focus call?
> - RLBob: will try
>
> >
> >    #0074: Create SAML 2.0 issues list
> >    Owner: Eve Maler
> >    Status: Open
> >    Assigned: 16 Sep 2003
> >    Due: ---
> >
>
> - Eve: hasn't created formal list, but sent email before call listing
>   the ones she has
>   < http://lists.oasis-open.org/archives/security-services/
>     200309/msg00100.html >
>     - from email:
>                        - Null-value attributes (saml-dev)
>                        - Version skew confusion (between SAML and
Liberty)
>                            - Maryann: what is goal?  to synch them up?
>                            - Eve: maybe just something to be aware of as
we work,
>                              rather than a formal issue
>                            - could be covered in the Exec Overview
>                        - Multiple Kerb confirmation method URIs (came up
at F2F)
>                        - The individual promised V2.0 changes (see AI #83
below)
> - we had categories before, and we probably need to refresh those
>   categories
> - if anyone has suggestions, would welcome them
> - [ACTION] Eve to suggest categories for issues list
>
> >
> >    #0065: Credentials Collector
> >    Owner: Jeff Hodges
> >    Status: Open
> >    Assigned: 16 Sep 2003
> >    Due: ---
> >    Comments:
> >      Waiting on use-case proposal.
> >
>
> - Tim: working on use case proposal
> - REASSIGN to Tim
> - will have draft for F2F
>
> >
> >    #0068: Delegation and Intermediaries
> >    Owner: Bob Morgan
> >    Status: Open
> >    Assigned: 16 Sep 2003
> >    Due: ---
> >    Comments:
> >      Delegation and Intermediaries
> >      Use cases that support arbitrary multi-hop delegation. Liberty
> >        WSF supports one-hop impersonation. The relationship of this
> >        to WSS needs to be sorted out. This relates to the Fidelity
> >        need for a WSRP profile. This is related to W-11. The item
> >        "multi-participant transactional workflows" was folded into
> >        this one.
> >      WAITING for Use-Case proposal.
> >
>
> - RLBob: complexity can get out of hand here
> - Scott: can put use case forward
> - RLBob: will target week before F2F
>
> >
> >    #0071: Enhanced Client Profiles
> >    Owner: Frederick Hirsch
> >    Status: Open
> >    Assigned: 16 Sep 2003
> >    Due: ---
> >    Comments:
> >      Use-case discussed at F2F. Awaiting candidate solution.
> >
>
> - Frederick sent proposal
>   < http://lists.oasis-open.org/archives/security-services/
>     200309/msg00084.html >
> - CLOSED
>
> >
> >    #0073: Extract enhancement requests from current issues list
> >    Owner: Eve Maler
> >    Status: Open
> >    Assigned: 16 Sep 2003
> >    Due: ---
> >
>
> - Eve: sent email on this
>   < http://lists.oasis-open.org/archives/security-services/
>     200309/msg00091.html >
> - [MOTION] To accept Eve's proposal to bulk close the remaining V1.1
>   deferred issues
> - [VOTE] passes
> - [ACTION] Eve to indicate in the v2.0 issues doc what became of old
>   issues
> - CLOSED
>
> >
> >    #0078: IssuerName Enhancement
> >    Owner: Rebekah Lepro
> >    Status: Open
> >    Assigned: 16 Sep 2003
> >    Due: ---
> >    Comments:
> >      XACML would like to have "datatyping" of issuers.
> >
>
> - Rebekah: just submitted
>   < http://lists.oasis-open.org/archives/security-services/
>     200309/msg00102.html >
> - CLOSED
>
> >
> >    #0061: Kerberos Use Cases for SAML 2.0
> >    Owner: John Hughes
> >    Status: Open
> >    Assigned: 15 Sep 2003
> >    Due: ---
> >    Comments:
> >      John presented some Kerberos-SAML use-cases at the F2F. Next
> >        steps are to revise the materials and respond to comments.
> >        Meeting minutes describe the following next steps: (1) write up
> >        presentation to drill down details (2) also rollup to ensure>
> >        that business needs are met.
> >
>
> - John: hopes to post on Monday
>
> >
> >    #0064: Metadata and Exchange Protocol
> >    Owner: Jahan Moreh
> >    Status: Open
> >    Assigned: 15 Sep 2003
> >    Due: ---
> >    Comments:
> >      Means of publishing and communicating meta-data. Waiting on a
> >        solution proposal.
> >
>
> - Jahan: had promised by 7 Oct, which is still the target
>
> >
> >    #0063: Profile Enhancements for Metadata
> >    Owner: Jahan Moreh
> >    Status: Open
> >    Assigned: 15 Sep 2003
> >    Due: ---
> >    Comments:
> >      Waiting on a solution proposal.
> >
>
> - Jahan: will provide by 14 Oct
>
> >
> >    #0082: Promised V2.0 Changes
> >    Owner: Eve Maler
> >    Status: Open
> >    Assigned: 16 Sep 2003
> >    Due: ---
> >    Comments:
> >      Removing (core)
> >      Removing (core)
> >      Removing deprecated NameIdentifier URIs (core)
> >      Requiring URI references to be absolute (core)
> >      Disallowing as the only child of a SOAP (bindings)
> >      Removing deprecated artifact URI (bindings)
> >
>
> - Covered already on call
>   < http://lists.oasis-open.org/archives/security-services/
>     200309/msg00100.html >
> - Eve: assumes she is to implement these
> - some are hers, some are Frederick's
> - promises hers for 14 Oct
> - Frederick is on hook for part
> - [ACTION] Prateek to ping Frederick on AI #0082
>
> >
> >    #0060: Publish pointer to SAML 1.0 Session Materials
> >    Owner: Hal Lockhart
> >    Status: Open
> >    Assigned: 15 Sep 2003
> >    Due: ---
> >
>
> - [ACTION] Prateek to ping Hal for a date for AI #0060 (along with #0077)
>
> >
> >    #0070: SAML as a SASL security mechanism
> >    Owner: Bob Morgan
> >    Status: Open
> >    Assigned: 16 Sep 2003
> >    Due: ---
> >    Comments:
> >      Active work item -- waiting solution proposal.
> >      Defining SAML as a SASL security mechanism.
> >      Re-spun title of action item.
> >
>
> - RLBob: F2F discussion was that this wasn't necessarily an AI for this
>   group
> - to be an official IANA registered mech, it would have to be an IETF doc
> - not that it isn't useful to do here, but not necessary to track
> - Jeff may be the only one with strong feeling
> - [ACTION] RLBob to ping Jeff on keeping/closing AI #0070
>
> >
> >    #0059: Session Support
> >    Owner: John Kemp
> >    Status: Open
> >    Assigned: 15 Sep 2003
> >    Due: ---
> >    Comments:
> >      Use case document was presented at the Sep 2003 F2F and will be
> >        revised based on comments given there. Once that is complete, a
> >        gap analysis between the use cases and available material in
> >        Liberty is required. That will be followed by a solution
> >        proposal.
> >
>
> - Eve: he sent out doc
>   < http://lists.oasis-open.org/archives/security-services/
>     200309/msg00097.html >
> - Scott: more of a defining doc, than a solution proposal, etc
> - stays open
>
> >
> >    #0066: SSO Profile Enhancements
> >    Owner: Prateek Mishra
> >    Status: Open
> >    Assigned: 16 Sep 2003
> >    Due: ---
> >    Comments:
> >      Moved to Active work item after F2F discussion and presentation
> >        of use-case. Candidate solution should reference both Liberty
> >        and SAML 1.1 draft. Need to conduct survey of "typical" data
> >        items transf. from SP to IdP.
> >
>
> - Prateek: will publish by end of week
>
> >
> >    #0062: SSO with Attribute Exchange
> >    Owner: Prateek Mishra
> >    Status: Open
> >    Assigned: 15 Sep 2003
> >    Due: ---
> >    Comments:
> >      High level use-case was presented at the F2F. Next steps are to
> >        specify the use-case in detail.
> >
>
> - Prateek: use case doc has been published
>   < http://lists.oasis-open.org/archives/security-services/
>     200309/msg00092.html >
> - CLOSED
>
> >
> >    #0076: XACML Proposal for Policy Transport
> >    Owner: Hal Lockhart
> >    Status: Open
> >    Assigned: 16 Sep 2003>
> >    Due: ---
> >    Comments:
> >      Waiting on a solution proposal.
> >      XACML has asked for a SAML-based solution to transporting
> >        requests for policies and the policies themselves.
> >
>
> - Scott: major AI was for committee to determine whether it would own it
>   or defer to XACML
> - stays open until Hal can speak to it
>
> >
> > 6. Any other business
> >
>
> - Rob: focus group con call next week?
>     - Tony: what's purpose?
>     - Prateek: to work through proposals
>     - Eve: won't be able to attend
>     - Rob: agrees we need to make progress through submitted docs
>     - Prateek: there will be an agenda, but it won't be a quorate call
>     - will state what docs we'll review
>     - Prateek: just realized that he can't attend
>     - Jahan: can only attend after 1pm ET
>     - Eve: may be too late to plan
>     - had planned alternate week editorial calls, but only as necessary
>     - Rob: suggests, then, that at next formal call (14 Oct), we plow
>       through some of these
>     - will return to 2 hour calls
>     - really need people to be prepared, having read the docs
>     - Eve: can we get agendas out sooner?
>     - Rob/Prateek: will shoot for Fri before call
>     - Eve: will send out edited work item list shortly after this call
>     - Rob: will have link to this doc off TC home page
> - Eve: editorial stuff
>     - sent out email covering this before call
>              < http://lists.oasis-open.org/archives/security-services/
>                        200309/msg00100.html >
>     - from email:
>                        - Each lead editor to get his/her document up to
V2.0
>                          readiness, possibly changing the data format as
well
>                          (most people were interested in using
OpenOffice)
>                            - Jahan: where can we get OpenOffice?
>                            - Eve: openoffice.org
>                            - Jahan: is OpenOffice required?
>                            - Eve: left it open
>                            - discussion of adding notes to PDF, seems you
can with
>                              Distiller
>                        - Rob to update the website with additional
material
>                            - Eve: can talk offline about these items
>                        - John Hughes to produce drafts of the executive
and
>                          technical overviews.  (We brainstormed outlines
for
>                          these last week.)
>                        - Eve to send out links to handy resources.
(Done.)
>                        - Eve to enhance the FAQ with additional material.
>     - are there any others?
>         - John: took action to contact Burton to get quotes for
>           exec overview
>         - Eve: will track these as separate list, and will be reflected
>           in each call's agenda
> - Rob: when do we want F2F ballot to close?
>     - Eve: make it 15 Oct
>
> >
> > 7. Adjourn
> >
>
> - Adjourned
>
>
> ----------------------------------------------------------------------
>
> Attendance of Voting Members:
>
>   Hal Lockhart BEA
>   Ronald Jacobson Computer Associates
>   John Hughes Entegrity Solutions
>   Maryann Hondo IBM
>   Anthony Nadalin IBM
>   Scott Cantor Individual
>   Bob Morgan Individual
>   Rebekah Lepro NASA
>   Prateek Mishra Netegrity
>   Senthil Sengodan Nokia
>   Charles Knouse Oblix
>   Steve Anderson OpenNetwork
>   Eric Gravengaard Reactivity
>   John Linn RSA Security
>   Rob Philpott RSA Security
>   Dipak Chopra SAP
>   Jahan Moreh Sigaba
>   Eve Maler Sun
>   Emily Xu Sun
>
>
> Attendance of Observers or Prospective Members:
>
>   Jim Lien RSA
>   Tim Moses Entrust
>   Mike Beach Boeing
>
>
> Membership Status Changes:
>
>   Tim Moses Entrust - Requested membership 9/18/2003
               Mike Beach Boeing - Requested membership 9/19/2003
>   Timo Skytta Nokia - Requested membership 9/23/2003
>   Darren Platt Individual - Withdrew 9/30/2003
>   Peter Davis Neustar - Granted voting status after 9/30/2003 call>
>   Peiyin Pai CA - Granted voting status after 9/30/2003 call
>   Jim Lien RSA - Granted voting status after 9/30/2003 call
>
> --
> Steve
>

To unsubscribe from this mailing list (and be removed from the roster of
the OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave_workgroup.php
.





[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]