OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes for Telecon, Tuesday 28 October 2003

Minutes for SSTC Telecon, Tuesday 28 October 2003
Dial in info: +1 (865) 673-3239 #238-3466
Minutes taken by Steve Anderson


    - Minutes from 14 October 2003 call accepted
  Previous Action Items Still Open:
    - #0072: Authentication Context
    - #0069: Baseline Attribute Namespaces
    - #0068: Delegation and Intermediaries

  New Action Items:
    - Chairs to update 14 October minutes to reflect 19-2 vote
                             Raw Notes

> Agenda:
> 1. Roll call

- Attendance attached to bottom of these minutes
- Quorum achieved

> 2. Accept minutes from previous con call, 14 October
>    < http://lists.oasis-open.org/archives/security-services/
>      200310/msg00102.html >

- MikeM: item about charter revision doesn't list how many voted for, 
  only who against
    - Prateek: minutes included voting members in attendance, all of
      whom voted for, except for 2 dissenting votes
    - MikeM: would like it to be made clear
    - Prateek: will mark vote 19-2
    - [ACTION] Chairs to update 14 October minutes to reflect 19-2 vote
    - MikeM: believes vote did not pass according to TC process, which
      requires 2/3 of voting membership
    - Chairs corrected, it only requires 2/3 of attendance
    - MikeM: still does not believe charter vote passed
    - noted by Chairs
- [VOTE] unanimous consent, accepted

> 3. Summarize Oct 22-24 SSTC Face-to-Face 
>    a. Partial minutes: < http://lists.oasis-open.org/archives/
>                          security-services/200310/msg00182.html >
>        i.   Friday afternoon (10/24) minutes are being cleaned up
>             and will be sent out soon...
>    b. Many issues and action items described in the minutes - Not yet
>       entered into Kavi. 
>    c. Votes/Concensus items: 
>        i.  Target for next V2.0 f2f is week of Jan 12th
>        ii. Motion: SAML TC recommends that XACML TC derive types from
>            SAML schema, saml:statement and samlp:query to support
>            authorization decision, and that liaison be established to
>            follow up on this.  Passed unanimously

- Rob: calling for any corrections
- will approve these at next meeting

> 4. Next steps: 
>    Review published list of Use Cases and vote for final inclusion in
>    V2.0 at 11-Nov con-call. 

- Prateek: had an AI to enumerate use cases, did that
- encourages posting of any additional use cases
- we will be prioritizing use cases after 11 Nov call
- John: asking about Kerberos use case, which he didn't see in list
- Prateek: recent list came from F2F discussions
- consolidated list will be posted before 11 Nov call
- Prateek: would like to run through last night's posting
  < http://lists.oasis-open.org/archives/security-services/
    200310/msg00190.html >
    - W1
        - MikeB: has already provided
          < http://lists.oasis-open.org/archives/security-services/
            200310/msg00166.html >
        - Tony: posted last night to list
          < http://lists.oasis-open.org/archives/security-services/
            200310/msg00188.html >
        - needs a little more work
        - RLBob: are we thinking this precludes any more use cases 
          coming in describing sessions?
        - Prateek: yes, this one is essentially frozen now
    - W2
        - Tony: posted last night, in same email as W1
          < http://lists.oasis-open.org/archives/security-services/
            200310/msg00188.html >
    - W5
        - Tony: posted last night, in same email as W1 & W2
          < http://lists.oasis-open.org/archives/security-services/
            200310/msg00188.html >
    - W5a
        - RLBob: will get one done specifically on WebDAV
        - will see about others
        - Frederick: this is in addition to the LECP stuff?
        - Prateek: yes
    - W3
        - Scott: thinks other people were to submit for A3.1, rather
          than Jahan
        - actually was supposed to submit Shib material
        - Prateek: can provide for this as well
        - Jahan: didn't understand A3.2
        - not sure if there is anything to be written
        - Prateek: maybe just a 4-line write up of how metadata is to
          be used
    - W17 
        - Tim: working on A17.1
    - W15 
        - RLBob: has already sent an outline for A15.1
          < http://lists.oasis-open.org/archives/security-services/
            200310/msg00194.html >
        - is a container for more specific use cases, which others have
          indicated they have material for
        - those people can post directly, or contact RLBob
    - W28a
        - being worked on
    - W28d
        - RLBob: working on it
        - had also characterized attribute naming convention as a work
        - intends to respin as a use case
        - Prateek: will amend list for that
- Prateek: other use cases?
    - we have a stated intent of freezing the list today
    - would like to set a date for publishing docs on these items
    - suggests 4 Nov
    - discussion of how we will manage process of prioritization &
        - when is cutoff for dev of these use case scenarios?
        - need that so chairs can publish summaries, say on 7 Nov
        - Rob: makes sense
        - Prateek: want to go to vote on 11 Nov, so that would give a
          day or two for people to review
        - so if summaries are to come out 7 Nov, cutoff for scenarios 
          should be 4 Nov
        - Rob: sounds right, but will be tight
        - Proposal: all use case scenarios be completed by EOD 4 Nov,
          Chairs will provide summary of all scenarios by EOD 7 Nov,
          and vote will be taken on which scenarios will be in v2.0
          on 11 Nov
        - no objections
    - Prateek: so, how to handle 11 Nov vote?
        - Eve: expects that we will accept the general use cases for
          each work item, but some of the more esoteric use cases may
          not make the cut
        - ??: question of inter-dependencies
        - Hal: the decision to accept use cases may be dependent on
          having a proposal
        - Eve: concerned that, based on hallway talk at F2F, many do
          not understand some of these use cases
        - if true, would lead back to acceptance of general items over
          esoteric items
        - Rob: but we don't want to block solution of esoteric items
        - Prateek: so how would vote be conducted?
        - Eve: what was methodology of use case subcommittee way back?
        - Hal: don't remember, but was captured in the output doc
        - Eve: wants everyone to look at all of them, and derive their
        - could do email voting
        - Prateek: concerned about people voting to accept everything, 
          and v2.0 not meeting its dates
        - Eve: doesn't expect that to happen
        - RLBob: doesn't preclude revising direction later, if things
          can't all be completed
        - Proposal: straight thumbs up/down vote
        - no objections
        - RLBob: could be distinctions of what is in SAML v2.0 versus
          what are ancillary docs produced by the SSTC
        - Hal: non-normative docs can be published at any time, and
          don't need to go beyond committee draft
        - but normative docs should go as a bundle through the OASIS
          standardization process, to the degree possible
        - RLBob: example of SAML SASL mech, could be on separate timeline

> 5. Action Item Review (from Kavi - some were dealt with at the F2F):
>    #0072: Authentication Context
>    Owner: Jeff Hodges
>    Status: Open
>    Assigned: 16 Sep 2003
>    Comments:
>      Main task is to approrpiately move Liberty AuthContext
>      specification into OASIS (so it becomes a standard). 
>      Jeff will ping Paul Madsen to see if he is interested.

- Jeff: a gentleman from Vodafone, Bill Howard, is the owner, and
  Jeff will ping him for status
- understands that we are a breath away from being able to close this

>    #0069: Baseline Attribute Namespaces
>    Owner: Bob Morgan
>    Status: Open
>    Assigned: 16 Sep 2003
>    Comments:
>      Use-case discussed at F2F and generally supported. Waiting for
>      solution proposal.
>      For example, a DSML or X.500 profile for a person's attributes
>      expressed in SAML.

- RLBob: doc will be submitted

>    #0068: Delegation and Intermediaries
>    Owner: Bob Morgan
>    Status: Open
>    Assigned: 16 Sep 2003
>    Comments:
>      Delegation and Intermediaries
>      Use cases that support arbitrary multi-hop delegation. Liberty
>      WSF supports one-hop impersonation. The relationship of this to
>      WSS needs to be sorted out. This relates to the Fidelity need for
>      a WSRP profile. This is related to W-11. The item "multi-
>      participant transactional workflows" was folded into this one.
>      WAITING for Use-Case proposal.

- RLBob: posted msg
  < http://lists.oasis-open.org/archives/security-services/
    200310/msg00194.html >
- a refinement will follow soon
- will leave open

>    #0073: Extract enhancement requests from current issues list
>    Owner: Eve Maler
>    Status: Open
>    Assigned: 16 Sep 2003

- Eve: long since done

>    #0082: Promised V2.0 Changes
>    Owner: Eve Maler
>    Status: Open
>    Assigned: 16 Sep 2003
>    Comments:
>      Removing (core)
>      Removing (core)
>      Removing deprecated NameIdentifier URIs (core)
>      Requiring URI references to be absolute (core)
>      Disallowing as the only child of a SOAP (bindings)
>      Removing deprecated artifact URI (bindings)


>    #0070: SAML as a SASL security mechanism
>    Owner: Bob Morgan
>    Status: Open
>    Assigned: 16 Sep 2003
>    Comments:
>      Active work item -- waiting solution proposal.
>      Defining SAML as a SASL security mechanism.
>      Re-spun title of action item.

- Prateek: disposition was to close this, and to open an action to
  liaise with IETF
- RLBob and Jeff to be liaison

>    #0076: XACML Proposal for Policy Transport
>    Owner: Hal Lockhart
>    Status: Open
>    Assigned: 16 Sep 2003
>    Comments:
>      Waiting on a solution proposal. 
>      XACML has asked for a SAML-based solution to transporting
>      requests for policies and the policies themselves.

- Prateek: has been CLOSED and sent back to XACML TC

> 6. Any other business

- Scott: trying to drive to conclusion matter discussed in recent post
  regarding name ID
  < http://lists.oasis-open.org/archives/security-services/
    200310/msg00187.html >
    - thinks this is linchpin for many other work items
    - related to Irving's recent comments
    - not sure if people have had time to review email
    - question of whether we will generally derive new types to express
      new data
    - Irving: not religious about direction here
    - would like us to say "classification" when that's what we mean, 
      rather than alternatives like "format"
    - RLBob: need to provide examples to help clarify
    - Eve: thinks many of the names used are not as helpful as they 
      could be
    - if we move away from backwards compat, which is fair to do, we
      can improve that
    - prefers using choice groups for ourselves and leave type 
      substitution for use by outside parties to extend our work
    - Scott: we could move away from name id URIs, in favor of new
      individual elements
    - allows different attribute relationships as well
    - [more discussion, lots of trade offs]
    - Scott: thinks what was done originally works out in the end to be
      as good as any other option
    - Eve: sounds like we've come full circle, and current approach is
      pretty effective
    - could add a name identifier abstract time for additional 
    - Eve: will add an issue for 'any attribute' and 'any element'
    - Scott: will produce semi-final draft based on this discussion

> 7. Adjourn

- Adjourned


Attendance of Voting Members:

  Hal Lockhart BEA
  Peiyin Pai Computer Associates
  John Hughes Entegrity Solutions
  Tim Moses Entrust
  Irving Reid HP
  Jason Rouault HP
  Anthony Nadalin IBM
  Scott Cantor Individual
  Bob Morgan Individual
  Prateek Mishra Netegrity
  Peter Davis Neustar
  Frederick Hirsch Nokia
  Charles Knouse Oblix
  Steve Anderson OpenNetwork
  Eric Gravengaard Reactivity
  Jim Lien RSA
  John Linn RSA Security
  Rob Philpott RSA Security
  Dipak Chopra SAP
  Jahan Moreh Sigaba
  Jeff Hodges Sun
  Eve Maler Sun
  Emily Xu Sun
  Mike Beach The Boeing Company

Attendance of Observers or Prospective Members:

  Michael McIntosh IBM
  Gavenraj Sodhi CA
  Paula Austel IBM
  Senthil Sengodan Nokia
  Greg Whitehead Individual
  Conor Cahill AOL
  Timo Skytta Nokia
  John Kemp Individual
  Ronald Jacobson Computer Associates

Membership Status Changes:

  Michael McIntosh IBM - Granted voting status after 10/28/2003 call
  Gavenraj Sodhi CA - Granted voting status after 10/28/2003 call
  Paula Austel IBM - Granted voting status after 10/28/2003 call
  Conor Cahill AOL - Requested membership 10/24/2003
  Robert Aarts Nokia - Requested membership 10/25/2003
  Timo Skytta Nokia - Requested membership 10/28/2003

Steve Anderson

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]