OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: SSTC minutes 04-09-21 v2

Attached are revised v2 draft minutes from today's call,  added attendance, link to Liberty document and fixed spelling on Nick's name.

regards, Frederick

Frederick Hirsch

Minutes SSTC Teleconference
21 September 2004
Minute Taker - Frederick Hirsch, Nokia
Attendance of Voting Members
  Conor P. Cahill AOL, Inc.
  John Hughes Atos Origin
  Hal Lockhart BEA
  Ronald Jacobson Computer Associates
  Gavenraj Sodhi Computer Associates
  Paul Madsen Entrust
  Carolina Canales-Valenzuela Ericsson
  Irving Reid Hewlett-Packard Company
  Paula Austel IBM
  Michael McIntosh IBM
  Anthony Nadalin IBM
  Nick Ragouzis Individual
  Scott Cantor Internet2
  Bob Morgan Internet2
  Prateek Mishra Netegrity
  Forest Yin Netegrity
  Peter Davis Neustar
  Frederick Hirsch Nokia
  Abbie Barbir Nortel
  Scott Kiester Novell
  Cameron Morris Novell
  Charles Knouse Oblix
  Steve Anderson OpenNetwork
  Ari Kermaier Oracle
  Vamsi Motukuru Oracle
  Darren Platt Ping Identity
  Jim Lien RSA Security
  John Linn RSA Security
  Rob Philpott RSA Security
  Dipak Chopra SAP
  Jahan Moreh Sigaba
  Jeff Hodges Sun Microsystems
  Eve Maler Sun Microsystems
  Ron Monzillo Sun Microsystems
  Mike Beach The Boeing Company
  Greg Whitehead Trustgenix
Membership Status Changes
  John Hughes Atos Origin - Returned from LOA before 9/21/2004 call
  Adam Dong Sun Microsystems - Lost prospective status after 9/21/2004 call
Steve Anderson

1.       Agenda bashing
Rob - proposal to move vote earlier in agenda, agreed to get to vote  in 1st half-hour by discussion items from agenda #3 necessary first.
34/45 - quorum achieved, 2/3 available
2.       Approve 1-Sept minutes
a.       http://lists.oasis-open.org/archives/security-services/200409/msg00064.html
Minutes approved by unanimous consent.
3.       Changes since 14-Sep con-call
3i) Discussion of items that impact CD and public review votes

a.       Rob: I suggest adding some text to request/response processing rules 
See Scott's response: http://www.oasis-open.org/archives/security-services/200409/msg00053.html
Scott - clarify responders decide if message is invalid and may decide not to process, normative that must return error status, when responding, not required to respond. Fine to  specify what value is for error response. Important not to return success if don't process message. Artifact and query material is consistent with this.
Proposal - Add following  text from Scott's message to section 3.2.2 of core - "complex type  status response type "
"If a SAML responder deems the message to be invalid according to SAML processing rules, then if it responds, it MUST return a SAML response with a
<StatusCode> element with the value urn:oasis:names:tc:SAML:2.0:status:Requester"
Proposed by Scott, seconded by Jeff.
Motion passes with unanimous consent.
b.       Eve: Groups - sstc-saml-2.0-issues-draft-14-diff.pdf uploaded  <http://lists.oasis-open.org/archives/security-services/200409/msg00059.html>
Discussion below.
c.       JohnK: Session Authority and Participant definitions  <http://lists.oasis-open.org/archives/security-services/200409/msg00065.html>
Two definitions to add to glossary. Session already defined in glossary.
Scott - Session Authority and Session Participant should be defined in terms of Session
Scott moves/Jeff seconds - Motion to add  update glossary with these definitions defined in terms of Session
No objections to unanimous consent.
d.       Prateek: Editoiral Action: investigate why we need separate sub-sections 4.1 and 4.2 in conformance document 
Discussion below.
e.       JeffH: Groups - sstc-saml-2.0-application-samlmetadata-registration-01.pdf uploaded <http://lists.oasis-open.org/archives/security-services/200409/msg00075.html>  and Groups - sstc-saml-2.0-application-samlassertion-registration-02.pdf modified <http://lists.oasis-open.org/archives/security-services/200409/msg00076.html>
Jeff - have gotten comments on IETF list,  Scott and Jeff incorporated comments, drafts are close to done.
Will repost to IETF list to be sure.  If good then will send to IESG.
Motion: Incorporate  these two appendices into the documents, consider as part of  the documents we are voting on
Jeff moves, Scott seconds.
John Linn - any risk of further changes requiring further revisions?
Jeff - don't expect so, expect any changes to be editorial. This is registration material. For IETF normative, from SSTC informational. What is normative is in our specs, names given in SSTC specification, have had months of review
Motion carries with unanimous consent
f.         Scott: Latest spec versions <http://lists.oasis-open.org/archives/security-services/200409/msg00073.html>
Metadata change was previously discussed.
g.       JohnK/Eve: Updates to all Authn Context schema files
Discussion below.
4.       Vote on CD status for CD-02 docs

Update status to CD status at end of meeting, documents with changes previously accepted in this meeting.

Moved - Frederick, Second - Hal

Motion carries by unanimous consent. (2/3 vote carries)

5.       Vote on submission for OASIS Public Review.
Moved - Scott  , Seconded - Frederick

Eve asks about having review longer than 30 days. Concern about getting 3 attestations. Public review a good time for this.

Rob- not really connected issues, can extend if necessary with later decision

Hal - OASIS will post notice regarding comment period

Nick Ragouzis  - Does this set an automatic implied date for OASIS balloting?

Rob - at end of review period, will need to address comments depending on comments received.

Call for objections - 

Tony - abstain due to interoperability issue.

Roll Call Vote (majority vote required)

27 Yes, 4 abstains.

Motion carries. Committee drafts will be submitted to OASIS for public review.

3ii)  Discussion of Agenda item 3 Editorial items
Issues list
b.       Eve: Groups - sstc-saml-2.0-issues-draft-14-diff.pdf uploaded
Action Item: Scott to update examples in bindings specification (editorial).
d.       Prateek: Editoiral Action: investigate why we need separate sub-sections 4.1 and 4.2 in conformance document
Prateek - Why separate MTI cipher suites for browsers and clients. From 1.1 we had made some distinctions, including requiring programmatic clients to implement TLS instead of SSL, encouraging AES, while recognizing the large  base of  existing browsers supporting SSL.
No further comments.
 g.       JohnK/Eve: Updates to all Authn Context schema files
- John Kemp made changes to rename version of authentication context schemas to version 2.0 (file name change, internal mention of file name). Meeting OASIS file name requirements.
6.       V1.1 Errata/Corrigendum

a.       Rob: An ambiguity in 1.1 that we should clarify in SAML 2.0 re: artifact processing <
Jahan - volunteers offers to maintain a new errata document for v1.0 and v1.1  - deleting old errata that have been already incorporated into specifications.
Eve: definitions: errata - reported mistake, corrigendum - is correction to reported mistake.

7.       Action Item review
8. Other Discussion
a) Meeting Plans
28 Sept - Focus call
5 Oct - Focus call
12 Oct - Quorum call, on going quorum call, bi-weekly (every other week starting with 12 Oct)
Focus calls on alternate weeks.
b) Interop Discussion

 Please respond with interest in SAML 2 interop to list, so venue may be planned. Need SSTC volunteer to coordinate.
See http://www.oasis-open.org/archives/security-services/200409/msg00050.html 
Nick - focus calls might be useful about testing procedures, Liberty  ID-FF 1.2 testing procedures might be useful
Rob - need Liberty permission

Jeff - if chairs ask, permission might be forthcoming.
Hal - isn't document public, so is there an issue?
Jeff - Question is derivative works.
See  "IOP Procedures IDFF-1.2-v062.pdf"
Hal moves that chairs liaise with Liberty and get permission to use documents and make derivative works
Seconded by Jeff
Motion passed by unanimous consent.
Chairs take action item
Jeff offers to help.
Nick - will SSTC continue to ask for volunteers to help with IOP?
Jeff - would be great if SSTC member would help coordination as an SSTC representative.
Rob - Developer only, no marketing interop.
Jeff - no finished products required
Will discuss interop on next week focus call.

8.       Adjourn
Meeting adjourned.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]