[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for SSTC conf call, 2004-05-25
Attendance of Voting Members Conor P. Cahill AOL, Inc. Hal Lockhart BEA Tim Alsop CyberSafe John Hughes Entegrity Solutions Paul Madsen Entrust Miguel Pallares Ericsson Dana Kaufman Forum Systems Irving Reid Hewlett-Packard Company Paula Austel IBM Michael McIntosh IBM Scott Cantor Individual Bob Morgan Individual Prateek Mishra Netegrity Peter Davis Neustar Frederick Hirsch Nokia John Kemp Nokia Nicholas Sauriol Nortel Jim Lien RSA Security Rob Philpott RSA Security Dipak Chopra SAP Jahan Moreh Sigaba Bhavna Bhatnagar Sun Microsystems Jeff Hodges Sun Microsystems Eve Maler Sun Microsystems Ron Monzillo Sun Microsystems Mike Beach The Boeing Company Greg Whitehead Trustgenix Attendance of Prospective Members or Observers Ronald Jacobson Computer Associates Membership Status Changes John Cook ComBrio -- requested membership 2004-05-15 Summary: Discussion of remaining issues in Core document, primarly "ReauthenticateOnOrAfter". New text will be proposed, further discussion on focus call. Minutes ------- 1. minutes of 2004-05-11 meeting accepted 2. Toronto F2F planning location will be downtown location, 901 King no visitor parking, but some lots near meeting site public transit runs right by nearest "decent" hotels are 15-20 minute walk Holiday Inn on King St West is default hotel Irving will send a note confirming all this 3. editors report on latest doc revs Eve: Scott is now official owner/editor of Core draft she will remaining as coordinator/reviewer Scott: note that most core changes were from -11 to -12 changes from -12 to -13 were minor -13 reflects all the name abbreviations -12 substantive changes: (Scott) text about "entity ID" or "provider ID" format in section 8.3.7 referenced from encrypted nameID text in section 2.3.3 section 2.4.3.2 confirmationMethod is now attribute, not element some conditions now state "do not have more than one per assertion" added choice of encrypted assertion in any place where assertion was authenticationMethod still in for now, may come out added reauthenticateOnOrAfter, unabbreviated language still needed about interpretation of this much discussion of "reauthenticate" issues "statement no longer represents authn state of principal" can behavior of relying party be normatively specified? maybe sense should be flipped: "don't use statement after ..." much discussion of lifetime semantics ... just use overall statement notOnOrAfter time? statement-specific lifetime? use "session" word? make it "revalidateOnOrAfter" instead of "reauthenticate"? some agreement about basing it on "session" behavior and saying issuer has session responsibility for that time statement already has session index attr but what about other uses besides sessions? maybe those need their own attributes/conditions? do we know enough about these other uses to generalize to them? is there still agreement that multiple statements in one assertion and the same statements in multiple assertions are equivalent yes, though some practical effects may be different eg may not get all assertions, easier to forward separately etc RonM: how does this relate to confirmation method? which is now moved up to assertion level, right? is having this be at a different level than session a problem? Scott will make proposal in next core rev using "session" concept Scott: on to more -12 changes note authncontext "declaration" name change (line 923) change in 2.5.3.1.1 about type declaration on attribute values "resource" attribute removed (line 1519) processing rules changes (line 1538) change "federated" identifier to "persistent" how long does it "persist"? it persists until changed ... but many deployers confused Prateek will propose language explaining this processing rules for proxying clarified (3.4.1.7) example uses of encryption needed ... Scott: core draft is more or less "feature complete", just undergoing cleanup Scott: may need to add "bearer condition" schema to core bindings/profiles, Frederick bindings-11, profiles-08 are latest bindings: language added to explain what SOAP means there's a use of "CANNOT", this isn't 2119-standard language some question about whether "MUST NOT" is appropriate for this item WSS is recommended for integrity/confidentiality how does this recommendation relate to HTTP protections? or: what is the nature of this recommendation? may imply relying on WS-I profile for conformance profiles: name abbreviations put in ... Scott: bearer confirmation data attributes now in profile doc any objections to updating core with this schema? this would permit proper type to be defined RonM: couldn't these attrs apply to other confirmation methods? Scott: probably, but haven't been defined that way but would they have consistent meaning across all methods? RonM: question in WSS about whether validity time needs definition in WSS token profile but wouldn't overall assertion validity work for holder-of-key? probably ... Prateek: object to mandatory dual binding methods in bindings doc can discuss more on focus call Scott: turned mandatory language in ID-FF profiles into binding lang much better to be clear about requirement than vague but may want to change it to conformance-spec requirement ... much discussion of what goes in protocol spec vs what goes in conformance spec use of conformance is fine, but need metadata support for saying what is actually deployed 4. Other Rob: everyone please go through issues list and see what's assigned to them, and do it Scott: working with Jahan on actual metadata document JohnK: authn context document still needs work, will do
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]