OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] Agenda for SSTC Conference Call, July 20, 2004


Title: Agenda for SSTC Conference Call, July 20, 2004

Rob,

 

Attendance and minutes are included in the following message:

 

http://lists.oasis-open.org/archives/security-services/200407/msg00106.html

 

- prateek

 


From: Philpott, Robert [mailto:rphilpott@rsasecurity.com]
Sent: Monday, July 19, 2004 11:45 PM
To: security-services@lists.oasis-open.org
Subject: [security-services] Agenda for SSTC Conference Call, July 20, 2004

 

Agenda for SSTC Conference Call, July 20, 2004

Dial in info: +1 865 673 6950 #351-8396

1.      Roll Call
2.      Agenda Bashing
a.      Can any of the agenda items be moved to discussion following adjournment (i.e. follow official call with focus call)?

3.      Minutes from July 6 conference call are missing attendance list – need to be reposted.
a.      http://www.oasis-open.org/archives/security-services/200407/msg00086.html
4.      Status of SSTC Last Call review:
a.      Comments from John H:
i.      http://lists.oasis-open.org/archives/security-services/200407/msg00116.html
ii.     Follow-up in msg00117 and 00118
b.      Frederick posted Profiles draft-16. Diff version:
i.      http://www.oasis-open.org/apps/org/workgroup/security/download.php/7783/sstc-saml-profiles-2.0-draft-16-diff.pdf

c.      Frederick posted Bindings draft-17. Diff version:
i.      http://www.oasis-open.org/apps/org/workgroup/security/download.php/7792/sstc-saml-bindings-2.0-draft-17-diff.pdf

d.      Scott posted Profiles draft-17.  No PDF’s posted.  .SXW file:
i.      http://www.oasis-open.org/apps/org/workgroup/security/download.php/7806/sstc-saml-profiles-2.0-draft-17.sxw 
5.      New issue from Ron on list (re: AssertionID/WSS Direct reference):
a.      http://lists.oasis-open.org/archives/security-services/200407/msg00076.html
6.      New potential issue from Eve (re: WSDL for SAML services):
a.      http://lists.oasis-open.org/archives/security-services/200407/msg00102.html
b.      Scott suggests post 2.0?
7.      FYI from Peter Davis (re: SAML+SIP profile):
a.      http://lists.oasis-open.org/archives/security-services/200407/msg00107.html
8.      List posting from RL “Bob” (re: X.500/LDAP attribute values):
a.      http://lists.oasis-open.org/archives/security-services/200407/msg00115.html
9.      Issue list review (Eve)
10.     Action item review (see list below)
11.     Any other business
12.     Adjourn

Report created 19 July 2004 11:30pm EDT
       
#0180: Need to update SAML server trust document       
Owner: Jeff Hodges     
Status: Open   
Assigned: 12 Jul 2004  
Due: ---       
Comments:
Rob Philpott 2004-07-20 01:59 GMT
Original AI was for Eve to follow up with Jeff to determine whether he would be updating this doc. That was done.

Discussion of this AI on 13-Jul indicates that the update will be a post 2.0 deliverable. Reassigned AI to Jeff for now.       

       
#0179: Does conformance meet pki-cross-domain-profile-draft-01.doc requirements?       
Owner: Rick Randall    
Status: Open   
Assigned: 12 Jul 2004  
Due: ---       
Comments:
Prateek Mishra 2004-07-12 21:47 GMT
CHeck conformance document to see if it captures the desired functionality described in this document. 

       
#0176: Provide sequence diagrams for profiles

Owner: Jeff Hodges

Status: Open

Assigned: 23 Jun 2004

Due: ---

Comments:
Rob Philpott 2004-06-23 20:14 GMT
as discussed at F2F #5.

Diagram for BAP sent to list.

 

#0175: Add Security Context to glossary

Owner: Jeff Hodges

Status: Open

Assigned: 23 Jun 2004

Due: ---

Comments:
Rob Philpott 2004-06-23 20:12 GMT
as discussed at F2F #5

 

#0172: need text for syntax of attr values in LDAP/X.500 profile

Owner: Bob Morgan

Status: Open

Assigned: 23 Jun 2004

Due: ---

Comments:
Rob Philpott 2004-06-23 20:05 GMT
Discussed at f2f#5:
RLBob to review & propose text for handling syntax of attr values in LDAP/X.500 profile.

 

#0166: Investigate use of Wiki from teh web site

Owner: Scott Cantor

Status: Open

Assigned: 22 Jun 2004

Due: ---

Comments:
Rob Philpott 2004-06-22 16:40 GMT
Scott will investigate the establishment of a wiki for SSTC use to be linked from the SSTC web site.

 

#0163: Need process for submission of profiles/authn context classes, etc.

Owner: Rob Philpott

Status: Open

Assigned: 22 Jun 2004

Due: ---

Comments:
Rob Philpott 2004-06-22 16:29 GMT
On the web site, we need to state what the process is for submitting and dealing with additional authn context classes, new profile documents, etc.

Rob Philpott 2004-06-23 16:03 GMT
Note that this is different from AI 164 for SCott and John K to propose text within the spec documents that points to the web site.

 

#0160: Separate Privacy concerns language from Element/Attribute descriptions

Owner: Prateek Mishra

Status: Open

Assigned: 30 Apr 2004

Due: ---

Comments:
Prateek Mishra 2004-04-30 18:14 GMT
Jeff H - We need to highlight privacy considerations related to core, could be notes in core, could be section.
*** AI: Prateek - will generate list potential changes from core

 

#0158: Propose changes to definition of Federation in glossary

Owner: Prateek Mishra

Status: Open

Assigned: 30 Apr 2004

Due: ---

Comments:

 

#0157: Define Binding and Profile in Glossary

Owner: Jeff Hodges

Status: Open

Assigned: 30 Apr 2004

Due: ---

Comments:
Prateek Mishra 2004-04-30 18:10 GMT
o "atomic unit of interoperability" proposed

 

#0144: Explain optional subject decision

Owner: Eve Maler

Status: Open

Assigned: 29 Apr 2004

Due: ---

Comments:
Prateek Mishra 2004-04-29 21:51 GMT
*** AI: Eve: Optional subject implemented in core spec prose. Schema shows that subject is optional.

o Eve: Has wanted to create a rationale for some of the decisions made on spec. Decision on subject less statements is a good example of what needs to be documented. Making an explicit design decision that is not really explicit on. By choosing to add prose to core spec we're making a stealth abstract profile (generic design decision) that applies to all explicit profiles.

o Scott: data model (design) decision to require subjects in all SAML statements.

Rob Philpott 2004-07-20 02:05 GMT
13-Jul con-call minutes note that the issue should be closed. and that Eve "may work on commentary".

 

#0132: Text to explain privacy reqts when using certain NameFormat values

Owner: John Kemp

Status: Open

Assigned: 13 Apr 2004

Due: ---

Comments:

 

#0125: Propose language to explain that AuthNResponse may contain attribute statements

Owner: Prateek Mishra

Status: Open

Assigned: 16 Feb 2004

Due: ---

Comments:
Prateek Mishra 2004-02-16 14:46 GMT
Easy to do but needs proposal on validity of assertion life-times as well.

 

#0123: Obtain MIME type registration for HTTP lookup of SAML

Owner: Jeff Hodges

Status: Open

Assigned: 13 Feb 2004

Due: ---

Comments:
Rob Philpott 2004-06-23 15:29 GMT
Attached is the initial rev of an I-D seeking to register the MIME media type
"application/saml+xml". Please review.

I've pinged the I-D editor to request a filename for the doc, I'll submit it to
both the I-D editor and the SSTC doc repository once that's finalized (std
procedure for I-Ds).

In concocting this draft, I've noted that MIME media type registrations aren't
necessarily the simple little registration exercise I'd thought they were. They
(the ietf-types@iana.org denizens) may desire more content, e.g. sec
considerations, in this doc. We'll see. Nominally, I think it's "good enough"
as is, especially since the SAML spec sets have thorough sec considerations
sections and I've referenced said spec sets carefully. Anyway, we'll see.

Also, I based this on a draft registration for application/rdf+xml. In that
draft, Aaron Schwartz claimed an optional parameter of "charset", and indicated
that the considerations thereof are the same as for "application/xml" (as
documented in http://www.ietf.org/rfc/rfc3023.txt). Additionally, he did the
same thing for the "encoding considerations", i.e. said they were the same as
for "application/xml". So, without excrutiating research, I did the same thing
in this draft. fwiw/fyi.

anyway, lemme know whatcha think.

thanks,

JeffH

 

       

Rob Philpott
Senior Consulting Engineer 
RSA Security Inc.
Tel: 781-515-7115
Mobile: 617-510-0893
Fax: 781-515-7020
mailto:rphilpott@rsasecurity.com



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]