Agenda for SSTC Conference Call: August 3, 2004

Dial in info: +1 865 673 6950 #351-8396

1. Roll Call

2. Agenda Bashing (including moving any items to focus session after adjournment)

3. Approve minutes from 27-Jul con-call

a. http://lists.oasis-open.org/archives/security-services/200407/msg00157.html

4. Status of Last Call Review

a. Current target is to vote for CD on 10-August. Is this still realistic?

b. Various messages exchanged re: Jeff’s figures for profiles

c. Thread re: cost of MTI figures/Stateless conformity to SAML

d. Scott’s note re: editing status: http://lists.oasis-open.org/archives/security-services/200408/msg00016.html

5. Other docs

a. Technical Overview: PMadsen comments: http://lists.oasis-open.org/archives/security-services/200407/msg00162.html

b. Glossary upload notice from Jeff: http://lists.oasis-open.org/archives/security-services/200407/msg00168.html

· JLinn comment: http://lists.oasis-open.org/archives/security-services/200408/msg00008.html

6. Action item review (see list below)

7. Any other business

8. Adjourn

9. Focus call (if needed)

Action Items: Report created 03 August 2004 01:45am EDT

----------------------------------------------------

#0191: Need proposed text re: XACML Attribute proposal

Owner: Scott Cantor

Status: Open

Assigned: 03 Aug 2004

Due: ---

Comments:

Rob Philpott 2004-08-03 05:45 GMT

27-Jul: Scott will propose text and schema changes on the list.

----------------------------------------------------

#0190: Need better text for NameIdentifier

Owner: Scott Cantor

Status: Open

Assigned: 03 Aug 2004

Due: ---

Comments:

Rob Philpott 2004-08-03 05:41 GMT

27-Jul: re comments on core-2.0-draft-1

Scott – main item to be discussed is that we need some text up from better describing NameIdentifier. Not hearing any objections (on the list), Scott will, by the next call, work through them and incorporate as appropriate.

*** AI: Scott to incorporate the notes

----------------------------------------------------

#0189: Incorporate ECP comments

Owner: Scott Cantor

Status: Open

Assigned: 03 Aug 2004

Due: ---

Comments:

Rob Philpott 2004-08-03 05:38 GMT

27-Jul: Discussed detailed comments on sec 4.2 Enhanced Client and Proxy (ECP) sstc-saml-profiles-2.0-draft-17

http://lists.oasis-open.org/archives/security-services/200407/msg00144.html

*** AI: Scott and Jeff will coordinate offline to incorporate the changes.

----------------------------------------------------

#0188: Update conformance document with focus call input

Owner: Prateek Mishra

Status: Open

Assigned: 26 Jul 2004

Due: ---

Comments:

Prateek Mishra 2004-07-27 03:27 GMT

http://lists.oasis-open.org/archives/security-services/200407/msg00134.html

Rob Philpott 2004-08-03 05:29 GMT

27-Jul: Considerable dscussion took place at 27-Jul SSTC call; refer to minutes. Still open.

----------------------------------------------------

#0186: Proper use of URIs results in uniqueness

Owner: Scott Cantor

Status: Open

Assigned: 26 Jul 2004

Due: ---

Comments:

Prateek Mishra 2004-07-27 03:23 GMT

AI: Scott add something to Core around our use of URIs as identifiers in

the spec, to explain that proper use of URIs results in uniqueness.

----------------------------------------------------

#0185: Rationalize presence of empty elements in schema

Owner: Scott Cantor

Status: Open

Assigned: 26 Jul 2004

Due: ---

Comments:

Prateek Mishra 2004-07-27 03:22 GMT

Scott to rationalize presence of empty elements in

empty types in the schemas.

----------------------------------------------------

#0184: Send SSTC response to Thomas Grss paper to the author

Owner: Prateek Mishra

Status: Open

Assigned: 23 Jul 2004

Due: ---

Comments:

Rob Philpott 2004-07-23 17:11 GMT

Per 20-July con-call: AI: ultimately to provide a formal response to Thomas Gross.

----------------------------------------------------

#0183: Comment s solicited on John Linn response to Thomas Gross paper

Owner: Prateek Mishra

Status: Open

Assigned: 23 Jul 2004

Due: 23 Jul 2004

Comments:

Rob Philpott 2004-07-23 17:10 GMT

Per 20-July con-call: Prateek (by July 23) to comment on the draft of John Linn's draft of our response to the Thomas Gross security analysis.

----------------------------------------------------

#0182: Use Conform. doc as entry point to docs

Owner: Eve Maler

Status: Open

Assigned: 23 Jul 2004

Due: ---

Comments:

Rob Philpott 2004-07-23 16:59 GMT

Per 20-July con-call:

AI: Eve to write up a text section and a suggested new title for the Conformance document, reflecting this wider role (make the Conformance doc the official entry point of the doc set), and post these to the list.

Rob Philpott 2004-08-03 05:31 GMT

27-Jul: merged in redundant AI #187:

AI: Eve to write up a text section and a suggested new title for the

Conformance document, reflecting this wider role, and post these to the list.

----------------------------------------------------

#0181: Explain that proper use of URIs results in uniqueness

Owner: Scott Cantor

Status: Open

Assigned: 23 Jul 2004

Due: ---

Comments:

Rob Philpott 2004-07-23 16:46 GMT

Per 20-July con-call:

AI: Scott add something to Core around our use of URIs as identifiers in the spec, to explain that proper use of URIs results in uniqueness.

----------------------------------------------------

#0180: Need to update SAML server trust document

Owner: Jeff Hodges

Status: Open

Assigned: 12 Jul 2004

Due: ---

Comments:

Rob Philpott 2004-07-20 01:59 GMT

Original AI was for Eve to follow up with Jeff to determine whether he would be updating this doc. That was done.

Discussion of this AI on 13-Jul indicates that the update will be a post 2.0 deliverable. Reassigned AI to Jeff for now.

----------------------------------------------------

#0179: Does conformance meet pki-cross-domain-profile-draft-01.doc requirements?

Owner: Rick Randall

Status: Open

Assigned: 12 Jul 2004

Due: ---

Comments:

Prateek Mishra 2004-07-12 21:47 GMT

CHeck conformance document to see if it captures the desired functionality described in this document.

----------------------------------------------------

#0176: Provide sequence diagrams for profiles

Owner: Jeff Hodges

Status: Open

Assigned: 23 Jun 2004

Due: ---

Comments:

Rob Philpott 2004-06-23 20:14 GMT

as discussed at F2F #5.

Diagram for BAP sent to list.

Rob Philpott 2004-07-23 17:03 GMT

20-July: Jeff - Will finish this week.

----------------------------------------------------

#0166: Investigate use of Wiki from teh web site

Owner: Scott Cantor

Status: Open

Assigned: 22 Jun 2004

Due: ---

Comments:

Rob Philpott 2004-06-22 16:40 GMT

Scott will investigate the establishment of a wiki for SSTC use to be linked from the SSTC web site.

----------------------------------------------------

#0163: Need process for submission of profiles/authn context classes, etc.

Owner: Rob Philpott

Status: Open

Assigned: 22 Jun 2004

Due: ---

Comments:

Rob Philpott 2004-06-22 16:29 GMT

On the web site, we need to state what the process is for submitting and dealing with additional authn context classes, new profile documents, etc.

Rob Philpott 2004-06-23 16:03 GMT

Note that this is different from AI 164 for SCott and John K to propose text within the spec documents that points to the web site.

----------------------------------------------------

#0160: Separate Privacy concerns language from Element/Attribute descriptions

Owner: Prateek Mishra

Status: Open

Assigned: 30 Apr 2004

Due: ---

Comments:

Prateek Mishra 2004-04-30 18:14 GMT

Jeff H - We need to highlight privacy considerations related to core, could be notes in core, could be section.

*** AI: Prateek - will generate list potential changes from core

Rob Philpott 2004-07-23 17:05 GMT

20-July: Still open. Eve: Note that the explanation of constraints on session indexes now includes a rationale along these lines.

----------------------------------------------------

#0158: Propose changes to definition of Federation in glossary

Owner: Prateek Mishra

Status: Open

Assigned: 30 Apr 2004

Due: ---

Comments:

Rob Philpott 2004-07-23 17:05 GMT

20-July: Still open. Prateek will send thoughts to the list.

----------------------------------------------------

#0144: Explain optional subject decision

Owner: Eve Maler

Status: Open

Assigned: 29 Apr 2004

Due: ---

Comments:

Prateek Mishra 2004-04-29 21:51 GMT

*** AI: Eve: Optional subject implemented in core spec prose. Schema shows that subject is optional.

o Eve: Has wanted to create a rationale for some of the decisions made on spec. Decision on subject less statements is a good example of what needs to be documented. Making an explicit design decision that is not really explicit on. By choosing to add prose to core spec we're making a stealth abstract profile (generic design decision) that applies to all explicit profiles.

o Scott: data model (design) decision to require subjects in all SAML statements.

Rob Philpott 2004-07-20 02:05 GMT

13-Jul con-call minutes note that the issue should be closed. and that Eve "may work on commentary".

Rob Philpott 2004-07-23 17:02 GMT

20July con-call:

Eve: The thought here was that we may have an optional post-V2.1 deliverable that explains the "XML rationales" for various things.

JohnK: But there are selected places in the actual specs where it would be helpful; he has suggested these. Eve: Let's treat these comments one by one, then.

Rob Philpott 2004-08-03 05:35 GMT

27-Jul: Per SSTC call: Still open. Deferred to post SAML 2.0

----------------------------------------------------

#0125: Propose language to explain that AuthNResponse may contain attribute statements

Owner: Prateek Mishra

Status: Open

Assigned: 16 Feb 2004

Due: ---

Comments:

Prateek Mishra 2004-02-16 14:46 GMT

Easy to do but needs proposal on validity of assertion life-times as well.

----------------------------------------------------

#0123: Obtain MIME type registration for HTTP lookup of SAML

Owner: Jeff Hodges

Status: Open

Assigned: 13 Feb 2004

Due: ---

Comments:

Rob Philpott 2004-06-23 15:29 GMT

Attached is the initial rev of an I-D seeking to register the MIME media type

"application/saml+xml". Please review.

I've pinged the I-D editor to request a filename for the doc, I'll submit it to

both the I-D editor and the SSTC doc repository once that's finalized (std

procedure for I-Ds).

In concocting this draft, I've noted that MIME media type registrations aren't

necessarily the simple little registration exercise I'd thought they were. They

(the ietf-types@iana.org denizens) may desire more content, e.g. sec

considerations, in this doc. We'll see. Nominally, I think it's "good enough"

as is, especially since the SAML spec sets have thorough sec considerations

sections and I've referenced said spec sets carefully. Anyway, we'll see.

Also, I based this on a draft registration for application/rdf+xml. In that

draft, Aaron Schwartz claimed an optional parameter of "charset", and indicated

that the considerations thereof are the same as for "application/xml" (as

documented in http://www.ietf.org/rfc/rfc3023.txt). Additionally, he did the

same thing for the "encoding considerations", i.e. said they were the same as

for "application/xml". So, without excrutiating research, I did the same thing

in this draft. fwiw/fyi.

anyway, lemme know whatcha think.

thanks,

JeffH

Rob Philpott 2004-08-03 05:33 GMT

27-Jul: * Scott – we need to do one for metadata as well. Roll the metadata one into AI #123.

security-services message