[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] DRAFT minutes for OASIS SSTC conf call, 2004-07-13 (with Attendance)
Members: 30, Quorum: 16, Attendance 24 Conor P. Cahill Hal Lockhart Rick Randall Ronald Jacobson Paul Madsen Dana Kaufman Irving Reid Paula Austel Michael McIntosh Anthony Nadalin Scott Cantor Bob Morgan Prateek Mishra Frederick Hirsch John Kemp Senthil Sengodan Charles Knouse Darren Platt John Linn Jeff Hodges Eve Maler Emily Xu Mike Beach Greg Whitehead Prospective members in attendance: James Vanderbeek Caroline Canales Ron Monzillo David McPherson Peter Davis --- OASIS SSTC conference call minutes 2004-07-13 RL "Bob" Morgan Attendance: [will be provided separately] Summary: * SSTC voted to move the primary SAML 2.0 documents to "committee last call" status, as proposed in http://www.oasis-open.org/archives/security-services/200407/msg00074.html * Committee last call period closes Monday August 2. This is also the deadline for completion of the various non-normative documents in the SAML 2.0 set. * SSTC accepted SAML 2.0 errata process as proposed in item 3 of http://www.oasis-open.org/archives/security-services/200407/msg00072.html * new issue: conflict between WSS wsu:id attribute and SAML id attribute Notes: motion to accept minutes from 2004-07-06 conf call accepted unanimously proposed errata process, see agenda for details Scott: only way to have normative errata is to go thru whole process? Prateek: yes, but can put ref to errata location in spec Hal: if errata are normative, best just to issue .N revision of spec discussion of "committee last call" status not an official OASIS designation, just within SSTC kind of a "beta" status so soliciting public comment from outside of the TC in particular to get input from implementors motion to move a bunch of documents to committee last call motion: Scott Cantor, second: John Kemp does not include conformance and security-considerations docs since these are less complete and not technically normative Scott: notes changes needed to attribute profiles Prateek: just the kind of comment needed during last call ** no objections to to unanimous consent, so motion passes length of last call? two weeks proposed this need not constrain when a vote happens to move to committee spec consensus on Monday August 2 as deadline for comments Eve will modify docs to include this date current drafts will remain stable for this time new versions can be submitted by editors, mark as committee-internal Issues: (Note that issue numbering seems to have changed in draft-12, I'll provide both below when different.) BIND-3: Establish a Mandatory Profile remains open BIND-4: Representing attribute profiles in core and metadata Scott: nothing covers it now, may propose something to list remains open TECH-1: Identity/Service Provider Terminology and Domain Model (draft-12: TECH-2) closed, since description now will be in technical overview doc CORE-9: Wildcarding and Extensibility in the SAML Schemas (draft-12: CORE-14) Eve: position paper found useful, but can just be historical something needs to be said about "must ignore" meaning? Scott: if there's no "critical bit", then all extensions implicitly "ignorable", so this should be made explicit though, for conditions, unknown ones are explicitly invalid so just cleanup throughout indicating how extensions should be handled closed, based on editors being so instructed CORE-21: Consent vs. Reason (draft-12: CORE-26) Scott: dealt with in recent core updates closed CORE-27: Consider Limiting Datatype of Attribute Name (draft-12: CORE-32) still nominally open, we can ask for developer feedback Scott: seems like a bad idea to use obscure types Eve: can close by just saying we add prose constraints? OK closed, based on language to be written to say this Action items: #180: update SAML server trust doc will be post-2.0 deliverable closed #179: cross-domain-pki requirements met by conformance doc? need approval from Rick remains open #176: sequence diagrams for profiles (and bindings?) JeffH sent one to list, others remain to be done informal sequence diagram ("flow model") from F2F also sent to list this might be good input to tech-overview doc remains open #175: glossary a number of items remain to be added remains open Eve notes that all non-normative docs should also be done by August 2 #174: DCE attr names Scott: turns out there are none, profile to be reworked closed #172: LDAP/X.500 value types discussion among interested parties proposal will be sent to list by RL Bob remains open #170: modify authnContext declarations closed #166: wiki Scott: Internet2 has agreed to put up such a service remains open #165: 2.0 errata process discussed earlier in call closed #163: process for submission of profiles etc remains open #160: privacy concerns remains open #158: federation definition threads on list about this remains open #157: binding/profile definition remains open #144: optional subject decision Eve may work on "commentary" closed #132: privacy requirements of some nameformat values JohnK will post in a few days remains open #131: migration of subject there will be a general migration doc closed #125: authnResponse may contain attr statements should be covered in spec, Prateek to review remains open #123: mime type for xml/saml document submitted to IETF as internet-draft Jeff: process recently streamlined, need not be RFC so will submit to IANA via new process, by next week remains open RonM: issue about "id" attributes? Scott: we renamed them as "id", so closed? RM: issue with wsu:id in WSS? WSS may need to handle different named attributes for that purpose? or SAML may have to accept wsu:id as well as SAML's id? Scott: SAML's may have to be optional new issue to be opened, Ron will send to list status of WSS SAML profile? RM: will be put to committee spec vote middle of this week To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave _workgroup.php.