[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: minutes for SSTC conf call, 2004-11-23
minutes for SSTC conf call, 2004-11-23 scribe: RL "Bob" Morgan --- Summary: - No votes taken. - Discussion of many small clarifications, primarily to core spec. - Add text regarding requester requirements to conformance doc. - Action item status changes: none - New action items: - Prateek to update conformance doc with requester requirements, also change "Responder" to "Authority" - Hal to provide text on XACML and WSS for tech overview. --- * Roll taken (attendee list below), quorum achieved. * 1. Approve minutes from Nov 9 Concall http://lists.oasis-open.org/archives/security-services/200411/msg00059.html Approved. * Reminder: SSTC plans CD and OASIS submission vote on December 7 (please mark your calendars, we need a 2/3rds vote for reaffirming CD status). Prateek: noted. * Implementation attestation: we need one more attestation before December 15 Entrust attestation of SAML 2.0 implementation http://lists.oasis-open.org/archives/security-services/200411/msg00042.html Sun Microsystems attestation of successful use of SAML V2.0 http://lists.oasis-open.org/archives/security-services/200411/msg00105.html Prateek: seeking more attestions ... * Call for participation in RSA 2005 Interop http://lists.oasis-open.org/archives/security-services/200411/msg00106.html Contact Andy by 12/3 with required information Rob: need to get started on defining interop scenarios soon. Prateek: Andy is contact point for logistics? Rob: yes Rob: there will be lists set up, not publicly archived. * Updated SSTC web page http://lists.oasis-open.org/archives/security-services/200411/msg00104.html Eve: please check for mistakes and comment. * Document Updates core-02 f (scott) : http://lists.oasis-open.org/archives/security-services/200411/msg00109.html bindings-02 e (scott) : http://lists.oasis-open.org/archives/security-services/200411/msg00111.html metadata-02 f (scott): http://lists.oasis-open.org/archives/security-services/200411/msg00113.html authn-context-02 a (prateek) : http://lists.oasis-open.org/archives/security-services/200411/msg00107.html authn-context-context-2.0.xsd (prateek): http://lists.oasis-open.org/archives/security-services/200411/msg00115.html core: Scott: in response to Rebekah's comments, mostly modified subject text a little Rob: reviewed changes, look OK bindings: Eve: trying to make sure Appendices appear in ToC Scott: still awaiting MIME text finalization metadata: Scott: clarifications re ... ? authn-context: Prateek: small capitalization change * Recent discussion threads and comments: (a) Comments and Questions on Core-02 (Rebekah Metz) http://lists.oasis-open.org/archives/security-services/200411/msg00100.html 524-6 : resolved 533-5 : Scott: advice is supposed to be optional, clarified that it is optional in all cases, line 611 687 : Scott: clarify IPv4 address printable format shouldn't we specify IPv6 text form too? Rob: normative reference for dotted-quad format? RLBob: will send a note to ietf list asking if there is ref for both 732-3: Scott: clarified that type extensions can be used Conor: only want to say "can't" when ordinarily might think you could Scott: if someone wants to add wildcard back they can define type so OK as is 840-1 : Scott: made change to AudienceRestriction condition, clarify format Rebekah: OK 866-96 : re oneTimeUse and intermediaries Scott: key point here is SAML intermediaries, not any random ones Conor: should use short validity period if intermeds are concern Rebekah: OK, if multiple audience members, is it once for all? Conor: would have to be once per recipient, since it's constraint on recipient Rebekah: need to clarify this? Hal: seems to mostly be useful for authz-decision statements ... Prateek: seems to be clear enough already, no change to be made 944-5 : Scott: just removed sentence rather than replicating 973-4 : Scott: removed "identity provider" term "authenticating authority" is any one that plays that role as distinguished from issuer Rebekah: OK 1031, 1045-83 : Prateek: addressed 1090-1105 : Scott: might like to see minOccurs=0, but no others seem to support ... if recipient does attr filtering, may end up with invalid statement Rebekah: any way to assert that nothing has been returned? Scott: no, just send nothing 1673 : Scott: rewrote to clarify status of activity ... 1710: Rebekah: have some use cases where requester might want to get all assertions from authority, in small-scale authority case, so is it intentional that requester has to know all assertion IDs? Rob: request based on assertionIDRef is that way by its nature could use another kind of request if want a collection back 1941-3 : Scott: modified to use S1/S2 language (line 2016 in new draft f) 2897 : Scott: modified to clarify 2922-3 : Scott: moved sentence from signing section to section 2 line 644 3063-93 : Scott: can't think of any restrictions ... maybe add sentence permitting simultaneous use of different features 3334-50 : OK, no other change needed Scott: public comment a while ago, that authz decision actions for HTTP should probably have "delete", but that TC has frozen this material so change won't be made, correct? Prateek: yup * Open AIs relevant to SAML 2.0 specification set 0204: Final text for subject and subject confirmation Owner: Bob Morgan Bob: will propose by Nov 24 or will close with no proposal. 0203: Analyze/correct usage of SAML entity terminology Owner: Eve Maler Eve: still working on this, report back by Monday harmonize use of "asserting party" and "SAML authority"? decide on one or the other? use "asserting party" when also use "relying party"? 0199: Glossary updates Owner: Jeff Hodges Jeff: not on call 0123: Obtain MIME type registration for HTTP lookup of SAML Owner: Jeff Hodges Jeff: not on call Scott: will ping Jeff * other business Hal: tech overview has placeholders for text about WSS, XACML, Shibboleth is someone going to do this? he'll offer text on WSS and XACML Prateek: the aux docs will be advanced somewhat after normative ones new list comment (Salz): is requester not listed in conformance doc by design? Prateek: seems so Scott: maybe something is needed? eg requester has to implement SOAP binding? Rob: if responder MUST implement SOAP, then requester has to also, right? Nick: spec for responder refers to queries, does it not? Scott: just means you have to respond to them maybe named item should be "foo profile", not "foo" Prateek: may need to clarify that doc is only discussing responders Rob: some discussion of requests in SP/IdP roles (more discussion) Prateek: maybe change "Responder" to "Authority" in matrix? Rob: OK Prateek: and then add "SAML requester" role with all optional features? Rob: useful if all is optional? Scott: yes, since it drags in conformance to profiles if they're used Prateek: will take action to update conformance doc based on this Nick: how about just adding column to table, not new table Prateek: OK --- Attendance of Voting Members Conor P. Cahill AOL, Inc. John Hughes Atos Origin Hal Lockhart BEA Rebekah Metz Booz Allen Hamilton Paul Madsen Entrust Paula Austel IBM Michael McIntosh IBM Anthony Nadalin IBM Nick Ragouzis Individual Scott Cantor Internet2 Bob Morgan Internet2 Prateek Mishra Netegrity Frederick Hirsch Nokia Abbie Barbir Nortel Scott Kiester Novell Charles Knouse Oblix Steve Anderson OpenNetwork Ari Kermaier Oracle Vamsi Motukuru Oracle Darren Platt Ping Identity Jim Lien RSA Security John Linn RSA Security Rob Philpott RSA Security Dipak Chopra SAP Jahan Moreh Sigaba Bhavna Bhatnagar Sun Microsystems Jeff Hodges Sun Microsystems Eve Maler Sun Microsystems Ron Monzillo Sun Microsystems Attendance of Prospective Members or Observers Emily Xu Sun Microsystems Senthil Sengodan Nokia Carolina Canales-Valenzuela Ericsson Gavenraj Sodhi Computer Associates Membership Status Changes Senthil Sengodan Nokia - Requested membership on 11/9/2004 Carolina Canales-Valenzuela Ericsson - Requested membership on 11/10/2004 Maryann Hondo IBM - Requested membership on 11/10/2004 Emily Xu Sun Microsystems - Granted voting status after 11/23/2004 call Partha Panda Entrust - Lost prospective status after 11/23/2004 call Alistair Young UHI Millennium Institute - Lost prospective status after 11/23/2004 call John Linn RSA Security - LOA 11/23/2004 through 1/3/2005
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]