OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes for SSTC conf call, 2004-05-25

Attendance of Voting Members

Conor P. Cahill		AOL, Inc.
Hal Lockhart		BEA
Tim Alsop		CyberSafe
John Hughes		Entegrity Solutions
Paul Madsen		Entrust
Miguel Pallares		Ericsson
Dana Kaufman		Forum Systems
Irving Reid		Hewlett-Packard Company
Paula Austel		IBM
Michael McIntosh	IBM
Scott Cantor		Individual
Bob Morgan		Individual
Prateek Mishra		Netegrity
Peter Davis		Neustar
Frederick Hirsch	Nokia
John Kemp		Nokia
Nicholas Sauriol	Nortel
Jim Lien		RSA Security
Rob Philpott		RSA Security
Dipak Chopra		SAP
Jahan Moreh		Sigaba
Bhavna Bhatnagar	Sun Microsystems
Jeff Hodges		Sun Microsystems
Eve Maler		Sun Microsystems
Ron Monzillo		Sun Microsystems
Mike Beach		The Boeing Company
Greg Whitehead		Trustgenix

Attendance of Prospective Members or Observers

Ronald Jacobson		Computer Associates

Membership Status Changes

John Cook		ComBrio   --  requested membership 2004-05-15

Discussion of remaining issues in Core document, primarly
"ReauthenticateOnOrAfter".  New text will be proposed, further discussion
on focus call.


1.  minutes of 2004-05-11 meeting accepted

2.  Toronto F2F planning
  location will be downtown location, 901 King
  no visitor parking, but some lots near meeting site
  public transit runs right by
  nearest "decent" hotels are 15-20 minute walk
  Holiday Inn on King St West is default hotel
  Irving will send a note confirming all this

3.  editors report on latest doc revs

Eve:  Scott is now official owner/editor of Core draft
  she will remaining as coordinator/reviewer
note that most core changes were from -11 to -12
  changes from -12 to -13 were minor
-13 reflects all the name abbreviations
-12 substantive changes:  (Scott)
  text about "entity ID" or "provider ID" format in section 8.3.7
  referenced from encrypted nameID text in section 2.3.3
  section confirmationMethod is now attribute, not element
  some conditions now state "do not have more than one per assertion"
  added choice of encrypted assertion in any place where assertion was
  authenticationMethod still in for now, may come out
  added reauthenticateOnOrAfter, unabbreviated
    language still needed about interpretation of this
  much discussion of "reauthenticate" issues
    "statement no longer represents authn state of principal"
    can behavior of relying party be normatively specified?
    maybe sense should be flipped:  "don't use statement after ..."
    much discussion of lifetime semantics ...
      just use overall statement notOnOrAfter time?
      statement-specific lifetime?  use "session" word?
      make it "revalidateOnOrAfter" instead of "reauthenticate"?
    some agreement about basing it on "session" behavior
      and saying issuer has session responsibility for that time
      statement already has session index attr
      but what about other uses besides sessions?
      maybe those need their own attributes/conditions?
      do we know enough about these other uses to generalize to them?
    is there still agreement that multiple statements in one assertion
      and the same statements in multiple assertions are equivalent
      yes, though some practical effects may be different
        eg may not get all assertions, easier to forward separately etc
    RonM:  how does this relate to confirmation method?
      which is now moved up to assertion level, right?
      is having this be at a different level than session a problem?
    Scott will make proposal in next core rev using "session" concept

  Scott:  on to more -12 changes
  note authncontext "declaration" name change  (line 923)
  change in about type declaration on attribute values
  "resource" attribute removed (line 1519)
  processing rules changes (line 1538)
  change "federated" identifier to "persistent"
    how long does it "persist"?
      it persists until changed ... but many deployers confused
      Prateek will propose language explaining this
  processing rules for proxying clarified (
  example uses of encryption needed ...
Scott:  core draft is more or less "feature complete", just undergoing
Scott:  may need to add "bearer condition" schema to core

bindings/profiles, Frederick
  bindings-11, profiles-08 are latest
    language added to explain what SOAP means
    there's a use of "CANNOT", this isn't 2119-standard language
      some question about whether "MUST NOT" is appropriate for this item
    WSS is recommended for integrity/confidentiality
      how does this recommendation relate to HTTP protections?
        or:  what is the nature of this recommendation?
          may imply relying on WS-I profile for conformance
    name abbreviations put in ...

Scott: bearer confirmation data attributes now in profile doc
  any objections to updating core with this schema?
  this would permit proper type to be defined
  RonM:  couldn't these attrs apply to other confirmation methods?
    Scott:  probably, but haven't been defined that way
    but would they have consistent meaning across all methods?
  RonM:  question in WSS about whether validity time needs definition
    in WSS token profile
    but wouldn't overall assertion validity work for holder-of-key?
      probably ...

Prateek:  object to mandatory dual binding methods in bindings doc
  can discuss more on focus call
  Scott:  turned mandatory language in ID-FF profiles into binding lang
    much better to be clear about requirement than vague
    but may want to change it to conformance-spec requirement ...
  much discussion of what goes in protocol spec
    vs what goes in conformance spec
  use of conformance is fine, but need metadata support for saying what is
    actually deployed

4.  Other

Rob:  everyone please go through issues list and see what's assigned to
  them, and do it

Scott:  working with Jahan on actual metadata document

JohnK:  authn context document still needs work, will do

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]