[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Agenda for 6-Jan-2004 SSTC Quorum con-call meeting
Agenda for 6-Jan-2004 SSTC Quorum con-call meeting
1. Roll Call
2. Agenda bashing
3. Updates for upcoming Boston F2F (Feb 3-5, 2004)
4. SAML 1.1 Interop update (week of Feb 23)
5. Charter questions/comments/suggestions (Tony)
a. http://www.oasis-open.org/archives/security-services/200311/msg00062.html
6. SAML extensibility options (if Eve/Scott are prepared to discuss...)
7. Roles and metadata (from list discussion)
8. Recent document postings:
a. [Eve] Scope: http://www.oasis-open.org/apps/org/workgroup/security/download.php/4749/sstc-saml-scope-2.0-draft-12.pdf
b. [Eve] Core: http://www.oasis-open.org/apps/org/workgroup/security/download.php/4866/sstc-saml-core-2.0-draft-02-diff.pdf
c. [Eve] Glossary: http://www.oasis-open.org/apps/org/workgroup/security/download.php/4877/sstc-saml-glossary-2.0-draft-01.pdf
d. [Eve] Issues: http://www.oasis-open.org/apps/org/workgroup/security/download.php/4595/sstc-saml-2.0-issues-draft-05.pdf
e. [Frederick] Bindings: http://www.oasis-open.org/apps/org/workgroup/security/download.php/4647/sstc-saml-bindings-2.0-draft-02.pdf
f. [Frederick] Sec-Consider: http://www.oasis-open.org/apps/org/workgroup/security/download.php/4644/sstc-saml-sec-consider-2.0-draft-01.pdf
9. Work item/solution proposals - Which are we ready to discuss? Our current deadline is 20-Jan to receive first drafts. How are we doing?
a. [Tony] W-27 SAML security vulnerability analysis paper from IBM (http://www.acsac.org/2003/abstracts/73.html)- Are enhancements needed to address the raised issues?
b. [Rebekah] W-28b Attributes: http://www.oasis-open.org/apps/org/workgroup/security/download.php/4884/draft-sstc-attribute-02.pdf
c. [Frederick] LECP: http://www.oasis-open.org/apps/org/workgroup/security/download.php/4641/hirsch-sstc-lecp-draft-05.pdf
d. [Scott] NameID: http://www.oasis-open.org/apps/org/workgroup/security/download.php/4587/draft-sstc-nameid-07.pdf
e. W-2a SSO with Attribute Exchange (Owner: Prateek Mishra)
f. W-5: SSO Profile Enhancements (Owner: Prateek Mishra)
g. W-5b: SOAP Client Profile (Owner: Tony Nadalin)
h. W-8: Authentication Context (Owner: Bill Howard)
i. W-9: XML Encryption (Owner: Hal Lockhart)
j. W-14: SAML Server Trust (Owner: Jeff Hodges)
k. W-15: Delegation and Intermediaries (Owner: Bob Morgan, Scott Cantor)
l. W-17: credentials collector and assertions (Owner: Tim Moses --- BUT Tim no longer wishes to pursue this item here. Maybe this is the call to announce this change and move it to inactive in the scope document?)
m. W-19: HTTP-based Assertion referencing (Owner: Scott Cantor)
n. W-21: Baseline Attribute Namespaces (Owner: Bob Morgan)
o. W-25: Keberized Browser Profile (Owner: John Hughes)
p. W-27: Security analysis enhancements(Owner: Tony Nadalin)
q. W-28a1: Existing Attribute Usage Codification (Owner: we need an owner for this -- maybe it's Rob or Rebekah?)
r. W-28a2: Reconciling Atribute usage with XACML (Owner: Rebekah Lepro)
s. W-28d: Issuername Enhancement (Owber: Rebekah Lepro)
t. W-30: Migration Paths (SAML 1.X, ID-FF 1.X) (Owner: Scott, Prateek)
10. Action item review (see below) - Kavi AI's have not been updated recently - Also see minutes from 22-Dec focus group con-call
11. Any other business?
12. Adjourn
Current open action items:
#0093: Discovery Protocol Solution Proposal
Owner: Scott Cantor
Status: Open
Assigned: 23 Nov 2003
Due: ---
Comments:
Prateek Mishra 2003-11-24 04:36 GMT
AI: Scott Cantor: AI is to take relevant spec from Liberty and produce draft proposal
----------------------------------------------------------------------------
#0096: Find an owner for W28a1: Existing attribute Usage Codification
Owner:
Status: Open
Assigned: 08 Dec 2003
Due: ---
Comments:
----------------------------------------------------------------------------
#0086: Non-HTTP use-cases related to the LECP profile
Owner: Bob Morgan
Status: Open
Assigned: 23 Nov 2003
Due: ---
Comments:
Prateek Mishra 2003-11-24 03:27 GMT
ACTION: Bob Morgan - more use cases. More generic use cases, may be not involving HTTP. May involve web dav.
----------------------------------------------------------------------------
#0084: Reconcile terminology in glossary and current use-case document
Owner: John Kemp
Status: Open
Assigned: 23 Nov 2003
Due: ---
Comments:
Prateek Mishra 2003-11-24 03:19 GMT
Terminology used in sstc-saml-2.0-issues-draft-01.pdf is not consistent with terminology found in the current SAML glossary.
----------------------------------------------------------------------------
#0087: UCs for Making Assertions about Issuers of Assertions
Owner: Irving Reid
Status: Open
Assigned: 23 Nov 2003
Due: ---
Comments:
Prateek Mishra 2003-11-24 03:51 GMT
ACTION: Scott, Bob, and Irving will develop UCs for Making Assertions about Issuers of Assertions
Prateek Mishra 2003-12-08 22:25 GMT
Scott has published a note on this issue:
http://lists.oasis-open.org/archives/security-services/200310/msg00213.html
Bob and Irving will comment.
----------------------------------------------------------------------------
#0088: Understanding ID-FF AuthNContext Elements
Owner: Scott Cantor
Status: Open
Assigned: 23 Nov 2003
Due: ---
Comments:
Prateek Mishra 2003-11-24 03:56 GMT
Scott will find someone who understands ID-FF AuthNContext work to explicate difference between statementRef and class. Ref is reallife URI that implies context. Class notion is some sort of higher order
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]