Subject: SSTC Focus Call Minutes, Augiust 24
Rob Philpott Prateek Mishra Scott Cantor Tony Nadalin Paula Austel Cameron Morris Ari Kermaier Dana Kaufman Bhavna Bhatnagar Scott Keister Abby Barbir Bob Morgan Frederick Hirsch Steve Anderson 1. Discussion on Server-Side State and Stateful Sessions http://lists.oasis-open.org/archives/security-services/200408/msg00161.html Prateek: Feels that issue has been settled via messages from Scott, Mike Beach, Conor. Scott: Likes Mike Beach message, wonders if some language could be added to soften some of the language concerning session invalidation. http://lists.oasis-open.org/archives/security-services/200408/msg00173.html Rob: bring to attention of full call next week, if people are interested they can propose changes. 2. Editors will pick up non-normative changes and add to draft. Normative changes to be identified by an editor per document and brought forward for TC vote. We will discuss appropriate naming of documents with Eve. 3. Bob Morgan and Steve Cantor comment on: http://lists.oasis-open.org/archives/security-services/200408/msg00180.html Suggests that (1) the encoding be placed on the attribute value rather than the attribute. (2) Rather than explicitly list the syntaxes whose values are encoded as xsd:string, I suggest that you have this case apply to any directory attribute with a syntax whose LDAP-specific encoding exclusively produces UTF-8 character strings. This will also capture all the new directory attribute syntaxes with UTF-8 string LDAP-specific encodings that are currently in the works. The above syntaxes can then be listed as examples, e.g. "The following syntaxes from RFC 2252 have LDAP-specific encodings that always produce UTF-8 character strings:". Bob Morgan to formally respond and propose normative changes in response. 4. John de Freitas COmment http://lists.oasis-open.org/archives/security-services/200408/msg00181.html Scott Cantor to respond to note. Most significant comment is about encryption and whether we want to profile XML-ENC. Tony, Scott, Prateek, Frederick: Is there a need for MTI advice or even profiling of XML-ENC and XML-SIG? General discussion. Group leans away from profiling and towards MTI of a few features. Frederick to get it started with a message summarizing some of the relevant fields. 5. Rob P: minor fix needed in sstc-saml-schema-dce-2.0.xsd UTF-8 vs. US ASCII encoding Scott Cantor to make proposal. 6. Prateek: DEFLATE encoding as MTI? http://lists.oasis-open.org/archives/security-services/200408/msg00189.html No dissent. 7. Scott: Schema errors in CD http://lists.oasis-open.org/archives/security-services/200408/msg00190.html Scott will update schema files with proposed changes. 8. Does encryption need to be called out as MTI? http://lists.oasis-open.org/archives/security-services/200408/msg00191.html Scott points out that he had brought up this issue earlier, no dissent. 9. Sections 8.2 and 8.4 as MTI? http://lists.oasis-open.org/archives/security-services/200408/msg00194.html No dissent.