[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Minutes for SSTC Telecon, Tuesday 2004-01-20
With attendance/membership info added at the end ... -- Steve Anderson OpenNetwork -----Original Message----- From: RL 'Bob' Morgan [mailto:rlmorgan@washington.edu] Sent: Tuesday, January 20, 2004 6:09 PM To: OASIS Security Services TC Subject: [security-services] Minutes for SSTC Telecon, Tuesday 2004-01-20 ====================================================================== Summary ====================================================================== Votes: Minutes from 2004-01-06 call accepted Schema extensibility: block all substitution (section 3.1, option 1 from sstc-maler-schema-extension-01.pdf) Previous Action Items Still Open: #0115: Update metadata drafts with ID-FF 1.2 materials #0114: Propose language to address attribute-based federation #0112: Update (W-7) discovery protocol solution proposal #0111: Request updated liberty draft on proxied SSO #0110: Feedback from LECP profile interop #0109: Security concerns with LECP profile #0106: Owner for W-8: Authentication Context #0105: Respond to IBM Analysis Paper #0104: Follow-up on current Meta-data proposals #0100: Revise draft-sstc-solution-profile-kerberos-01 #0099: Review solution proposal in draft-sstc-attribute-02 #0098: Why does XACML use a URI-based type system #0097: Update draft-sstc-attribute-02 with AttributeNamespace Usage #0086: Non-HTTP use-cases related to the LECP profile New Action Items: # Clarify Issuer vs Signer relationship in SAML (prompted by XACML discussion of per-attribute Issuer) ====================================================================== Raw Notes ====================================================================== minutes approved from previous call (2004-01-06) February F2F ballot will be posted for indication of attendance dial-in will be provided at particular times 1.1 interop at RSA conference conf call held on 2004-01-16, 10-12 participants both browser profiles separate list being used ... info to be sent to SSTC list by RP Irving Reid is list maintainer review of work items without apparent solution proposals: W-2a: SSO with Attribute Exchange W5: SSO Profile Enhancements Prateek will publish material by end of week W-5b: SOAP client profile JeffH: sent note indicating that some other work constitutes SP Scott: add in some other proposed stuff too Jeff: not to preclude submission by Tony, but this item should not go away JohnH: may be able to work on this before F2F concern about overall shape of final documentation MikeM: will be owner, will commit to produce something by next week JohnH also will contribute, as will others W-8: authn context JeffH: Bill Howard not able to work on this will commit to producing something by F2F W-9: XML enc Hal not on call, status unknown W-14: SAML server trust JeffH: non-normative doc, so only "nice to have" working to have Liberty trust models doc submitted, author John Linn may be able to be released W-15: delegation / intermediaries BobM: brief stuff posted earlier today Scott: some stuff is waiting on SSO profile changes RonM: also interested, there is related material in WSS-SAML about assertion chaining and obtaining assertions/keys Scott to produce next doc W-17: cred collector JeffH: SOAP client material covers some of this, also Kerb JohnL: generalizing Kerb stuff makes it the same, right? JeffH: propose to merge with W-5b Prateek: OK W-19: HTTP-based Assertion referencing Scott: solution proposal in use-case doc, needs revision, will do W-21: Baseline Attribute Namespaces BobM: covered as part of general attribute proposal W-30: Migration paths Scott: work going on in Liberty ... issues list: #0115: Jahan will update soon #0114: Prateek will publish by next Tuesday #0113: Scott: this is complete #0112: Scott: remains open, will do #0111: Scott: will be discussed at upcoming Liberty F2F, remains open #0110: FrederickH: still need to check with Liberty #0109: MaryAnnH: will work with Tony on clarifying security issue #0108: FH: closed #0107: proposal sent to list earlier today, so item closed #0106: remains open #0105: respond to IBM security analysis Scott: will be responded to based on 2.0 profiles #0104: remains open #0103: EveM: proposal sent last night, sstc-maler-schema-extension-01.pdf presents extensibility requirements and choices EM: do these meet people's requirements? (rumbles of consent ...) some "success stories" available based on extensions in the world current language in conformance protecting against hostile extensions need for listing this as requirement? SC: many people don't validate because extensions turn into "must understand everything" Irving: goal is to be able to parse document with extension even if don't have schema for extension at hand EM: this is pretty strong ... can this be a "SHOULD", note effect on Conformance doc EM: presentation of recommendation options ... re namespaces: BM: issues re SAML-Attribute namespace captured in attribute solution proposal, other Namespace issues? IR: also comes up with Subject nameidentifier ... making decisions about the above proposals: motion: block all substitution (described in section 3.1, option 1) passed with unanimous consent anyType proposal (in 3.2): not yet baked ... Scott: if want to restrict globalness, just avoid global elements EM: this is possible ... #0102: proposal posted, item closed #0101: poll set up, item closed #0100: JohnH: maybe two docs, one to cover generalized version another with Kerberos specifics Jeff, Scott: OK #0099: remains open considerable discussion was had on XACML focus call 2004-01-15 some items in attribute proposal tentatively resolved some followup on XACML list BobM: new Issue about SAML spec needing text describing relationship between Issuer and signer of an assertion, since understanding this is required for XACML policies to be written #0098: remains open #0097: remains open #0086: remains open #0084: closed Focus call will happen next week, 2004-01-27 Scott: proposed new text for core based on Von Welch thread hoping to discuss that on focus call adjourned at 10:32 PST ======================================================================= Attendance of Voting Members Frank Siebenlist Argonne Natl Lab Gavenraj Sodhi Computer Associates John Hughes Entegrity Solutions Irving Reid HP Jason Rouault HP Paula Austel IBM Maryann Hondo IBM Michael McIntosh IBM Scott Cantor Individual Bob Morgan Individual Rebekah Lepro NASA Prateek Mishra Netegrity Conor Cahill Netscape/AOL Peter Davis Neustar Frederick Hirsch Nokia John Kemp Nokia Timo Skytta Nokia Charles Knouse Oblix Steve Anderson OpenNetwork Jim Lien RSA John Linn RSA Security Rob Philpott RSA Security Jahan Moreh Sigaba Jeff Hodges Sun Eve Maler Sun Emily Xu Sun Mike Beach The Boeing Company Attendance of Prospective Members or Observers Tim Alsop CyberSafe Paul Madsen Entrust Rick Randal Booz Allen Hamilton Ron Monzillo Sun Darren Platt Ping Identity Bhavna Bhatnagar Sun Miguel Pallares Ericsson Tim Moses Entrust Membership Status Changes Von Welch NCSA - Granted voting status after 1/20/2004 call Tim Alsop CyberSafe - Granted voting status after 1/20/2004 call Paul Madsen Entrust - Granted voting status after 1/20/2004 call Bhavna Bhatnagar Sun - Requested membership 1/16/2004 Miguel Pallares Ericsson - Requested membership 1/20/2004 Tim Moses Entrust - Withdrew 1/6/2004 Carolina Canales-Valenzuela Ericsson - Lost prospective status after 1/20/2004 call To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave_workgroup.php.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]