[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Agenda for 20-Jan-2004 SSTC Quorum con-call Meeting
1. Roll call 2. Accept minutes from previous quorum meeting http://lists.oasis-open.org/archives/security-services/200401/msg00019.html 3. Updates for upcoming Boston F2F (Feb 3-5, 2004) 4. SAML 1.1 Interop update (week of Feb 23) 5. Work items WITHOUT solution proposals or "next step" action items: W-2a SSO with Attribute Exchange (Owner: Prateek Mishra) W-5: SSO Profile Enhancements (Owner: Prateek Mishra) W-5b: SOAP Client Profile (Owner: Tony Nadalin) W-8: Authentication Context (Owner: Bill Howard) W-9: XML Encryption (Owner: Hal Lockhart) W-14: SAML Server Trust (Owner: Jeff Hodges) W-15: Delegation and Intermediaries (Owner: Bob Morgan, Scott Cantor) W-17: credentials collector and assertions (Owner: Tim Moses --- BUT Tim no longer wishes to pursue this item here. Maybe this is the call to announce this change and move it to inactive in the scope document?) W-19: HTTP-based Assertion referencing (Owner: Scott Cantor) W-21: Baseline Attribute Namespaces (Owner: Bob Morgan) W-30: Migration Paths (SAML 1.X, ID-FF 1.X) (Owner: Scott, Prateek) 6. Work in progress (open action items) #0115: Update metadata drafts with ID-FF 1.2 materials Owner: Jahan Moreh Status: Open Assigned: 19 Jan 2004 Due: --- Comments: Prateek Mishra 2004-01-20 03:27 GMT Jahan: ACTION: Update the metadata draft if necessary according to the latest ID-FF V1.2 materials. (Scott will also review for this purpose.) http://lists.oasis-open.org/archives/security-services/200312/msg00064.html ---------------------------------------------------------------------------- ---- #0114: Propose language to address attribute-based federation Owner: Prateek Mishra Status: Open Assigned: 19 Jan 2004 Due: --- Comments: Prateek Mishra 2004-01-20 03:22 GMT We could break the bilateral assumption that account linkage and identity federation are equivalent. We could provide a unique definition for account linkage that includes but doesn't depend on identity federation ("one can accomplish AL through IF or through other means, such as exchange of attributes" or similar). Maryann: Agrees with this idea. Prateek: So account linkage becomes the umbrella term. But can both IF be accomplished without AL? Scott: As an example, his university has contracts with various SPs, but Scott personally doesn't. There's an agreement to provide service based on attributes. A lot of people have been using account linking instead of identity federation, because the latter has become so overloaded. Prateek: The notion of identity federation could be particularized as attribute-based SSO in one case. Scott: We need to stress the "identity" part rather than the "federation" part in that circumstance, but he agrees. Eve: Though this proposal doesn't need to address attribute-based account linking/identity federation, we may want to add glossary terms for that. http://lists.oasis-open.org/archives/security-services/200312/msg00064.html ---------------------------------------------------------------------------- ---- #0113: Decouple definition of account linking and federation in NameIdentifier solution proposal Owner: Scott Cantor Status: Open Assigned: 19 Jan 2004 Due: --- Comments: Prateek Mishra 2004-01-20 03:20 GMT We could break the bilateral assumption that account linkage and identity federation are equivalent. We could provide a unique definition for account linkage that includes but doesn't depend on identity federation ("one can accomplish AL through IF or through other means, such as exchange of attributes" or similar). Maryann: Agrees with this idea. Prateek: So account linkage becomes the umbrella term. But can both IF be accomplished without AL? Scott: As an example, his university has contracts with various SPs, but Scott personally doesn't. There's an agreement to provide service based on attributes. A lot of people have been using account linking instead of identity federation, because the latter has become so overloaded. Prateek: The notion of identity federation could be particularized as attribute-based SSO in one case. Scott: We need to stress the "identity" part rather than the "federation" part in that circumstance, but he agrees. Eve: Though this proposal doesn't need to address attribute-based account linking/identity federation, we may want to add glossary terms for that. http://lists.oasis-open.org/archives/security-services/200312/msg00064.html ---------------------------------------------------------------------------- ---- #0112: Update (W-7) discovery protocol solution proposal Owner: Scott Cantor Status: Open Assigned: 19 Jan 2004 Due: --- Comments: Prateek Mishra 2004-01-20 03:17 GMT ACTION: (SC) Update based on replacement of hash of succint id by literal provider id. ---------------------------------------------------------------------------- ---- #0111: Request updated liberty draft on proxied SSO Owner: Scott Cantor Status: Open Assigned: 19 Jan 2004 Due: --- Comments: Prateek Mishra 2004-01-20 03:16 GMT A second issue has to do with "controls" over the proxy. This is a three party situation: IdP, Proxy and SP, so the question arises whether IdP can indicate to Proxy what is needed and whether the Proxy can indicate its preferences. ACTION: (SC) Request liberty contributors to send draft to SSTC dealing with second issue. ---------------------------------------------------------------------------- ---- #0110: Feedback from LECP profile interop Owner: Frederick Hirsch Status: Open Assigned: 19 Jan 2004 Due: --- Comments: Prateek Mishra 2004-01-20 03:14 GMT ACTION: (FH) Check with Liberty Interop for any problems that may have arisen with actual use of LECP profile. ---------------------------------------------------------------------------- ---- #0109: Security concerns with LECP profile Owner: Anthony Nadalin Status: Open Assigned: 19 Jan 2004 Due: --- Comments: Prateek Mishra 2004-01-20 03:12 GMT ACTION: (FH) update to respond to Tony's security questions but we need to ask Tony for the specific problem he had in mind. ---------------------------------------------------------------------------- ---- #0108: Update LECP proposal with ID-FF 1.2 schema changes Owner: Frederick Hirsch Status: Open Assigned: 19 Jan 2004 Due: --- Comments: Prateek Mishra 2004-01-20 03:11 GMT http://lists.oasis-open.org/archives/security-services/200312/msg00086.html ---------------------------------------------------------------------------- ---- #0107: Proposal on Sessions Owner: Hal Lockhart Status: Open Assigned: 19 Jan 2004 Due: --- Comments: Prateek Mishra 2004-01-19 23:12 GMT - Hal: there was a mission AI on sessions, which he's been working on - can try to get a proposal on this out in a couple weeks - wants to get sessions proposal out next week - [MISSING ACTION] for Hal, regarding sessions Prateek Mishra 2004-01-20 03:46 GMT This action item can be found in the minutes of the December 9 con-call: - [ACTION] Hal to suggest message flows for separate session/authN authorities, and John, MikeB & Conor to review http://lists.oasis-open.org/archives/security-services/200312/msg00054.html ---------------------------------------------------------------------------- ---- #0106: Owner for W-8: Authentication Context Owner: Jeff Hodges Status: Open Assigned: 19 Jan 2004 Due: --- Comments: Prateek Mishra 2004-01-19 23:11 GMT Jeff to contact Bill Howard regarding W-8 http://lists.oasis-open.org/archives/security-services/200401/msg00022.html ---------------------------------------------------------------------------- ---- #0105: Respond to IBM Analysis Paper Owner: Status: Open Assigned: 19 Jan 2004 Due: --- Comments: Prateek Mishra 2004-01-19 23:09 GMT - [ACTION] Scott & Tony to make recommendations based on IBM security analysis paper ---------------------------------------------------------------------------- ---- #0104: Follow-up on current Meta-data proposals Owner: Scott Cantor Status: Open Assigned: 19 Jan 2004 Due: --- Comments: Prateek Mishra 2004-01-19 23:05 GMT - Rob: there was lots of email activity, and sounds like consensus was reached - Jahan not on call - Scott: believes it's just a matter of incorporation into draft - [ACTION] Scott to contact Jahan to followup on Roles & Metadata http://lists.oasis-open.org/archives/security-services/200401/msg00022.html ---------------------------------------------------------------------------- ---- #0103: Recommendation on extensibility Owner: Eve Maler Status: Open Assigned: 19 Jan 2004 Due: --- Comments: Prateek Mishra 2004-01-19 23:02 GMT http://lists.oasis-open.org/archives/security-services/200401/msg00022.html ---------------------------------------------------------------------------- ---- #0102: Tony to draft amendments to current charter Owner: Anthony Nadalin Status: Open Assigned: 19 Jan 2004 Due: --- Comments: Prateek Mishra 2004-01-19 23:01 GMT Tony to draft amendments to current charter, post to list, and move for a vote ---------------------------------------------------------------------------- ---- #0101: Rob to setup poll for F2F attendance Owner: Rob Philpott Status: Open Assigned: 19 Jan 2004 Due: --- Comments: ---------------------------------------------------------------------------- ---- #0100: Revise draft-sstc-solution-profile-kerberos-01 Owner: John Hughes Status: Open Assigned: 19 Jan 2004 Due: --- Comments: Prateek Mishra 2004-01-19 22:35 GMT John wonders if this solution proposal should keep to the minimum details and then just point out to the existing AuthnRequest design. There seems to be general consensus on this point. This introduces a dependency, but seems cleaner overall. Jeff will point to the latest much-revised draft of SASL-based authentication over SOAP when it's publicly available. Liberty sponsor members will have access to this next week. Scott suggests that WSS needs to be looked at here, as well. It sounds like we need some of this work to be covered under the SSO Profile Enhancements work item. AI: John to evolve the proposal in this direction http://lists.oasis-open.org/archives/security-services/200401/msg00043.html ---------------------------------------------------------------------------- ---- #0099: Review solution proposal in draft-sstc-attribute-02 Owner: Prateek Mishra Status: Open Assigned: 19 Jan 2004 Due: --- Comments: Prateek Mishra 2004-01-19 22:32 GMT AI: Prateek, Eve, and Scott to comment on the TC list about the solution proposal, in order to get us ready to make decisions in next week's call. Prateek Mishra 2004-01-19 22:36 GMT http://lists.oasis-open.org/archives/security-services/200401/msg00043.html ---------------------------------------------------------------------------- ---- #0098: Why does XACML use a URI-based type system Owner: Eve Maler Status: Open Assigned: 19 Jan 2004 Due: --- Comments: Prateek Mishra 2004-01-19 22:30 GMT AI: Eve to ask Anne Anderson for the historical use cases that underlie the XACML decision to use a URI-based type system. http://lists.oasis-open.org/archives/security-services/200401/msg00043.html ---------------------------------------------------------------------------- ---- #0097: Update draft-sstc-attribute-02 with AttributeNamespace Usage Owner: Rebekah Lepro Status: Open Assigned: 19 Jan 2004 Due: --- Comments: Prateek Mishra 2004-01-19 22:29 GMT Section 2.2 doesn't quite highlight the fact that implementors (mostly Prateek and Rob) have reported usage of AttributeNamespace for a scope-like purpose. We'd like to be more prescriptive about how to do this. AI: Rebecca to mention the AttributeNamespace usage in the next version of the paper. http://lists.oasis-open.org/archives/security-services/200401/msg00043.html ---------------------------------------------------------------------------- ---- #0086: Non-HTTP use-cases related to the LECP profile Owner: Bob Morgan Status: Open Assigned: 23 Nov 2003 Due: --- Comments: Prateek Mishra 2003-11-24 03:27 GMT ACTION: Bob Morgan - more use cases. More generic use cases, may be not involving HTTP. May involve web dav. ---------------------------------------------------------------------------- ---- #0084: Reconcile terminology in glossary and current use-case document Owner: John Kemp Status: Open Assigned: 23 Nov 2003 Due: --- Comments: Prateek Mishra 2003-11-24 03:19 GMT Terminology used in sstc-saml-2.0-issues-draft-01.pdf is not consistent with terminology found in the current SAML glossary.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]