Minutes SSTC official concall Tue 2/1/2005

[Jeff Hodges <Jeff.Hodges@neustar.biz>]

============================================================================
SSTC official concall Tue 2/1/2005 9:07:49 AM
----------------------------------------------------------------------------

minutes by Jeff Hodges

see end of msg for attendance info.

======================================================================
                               Summary
======================================================================

* chairs yet to receive minutes from 18-Jan concall

* SAML 2.0 Errata document reviewed -- new rev in a few days

* Review Gross paper by TC and hopefully T Gross, target to vote on
   advance to CD maturity level at 1-Mar sstc official mtg

* Comments on Technical Overview Draft 01 received, outlook for final
   polishing this doc is "after RSA conference"

* SAML1.x profile of SAML2.0 metadata -- comments on it noted. will be
   updated in near future (?). Target vote on it in Mar-2005.



======================================================================
                              Raw Notes
======================================================================



 >    1.   Approve minutes from 18-Jan con-call
 >          1. Minutes do not appear to have been posted – Can the minute taker
please post them asap?

if minute taker from last mtg (Ron Jacobson?) will send 'em in, we'll get'em
approved at the next call.



 >    2. Review SAML 2.0 Errata document [Jahan]
 >          1.
http://www.oasis-open.org/committees/download.php/11265/sstc-saml-errata-2.0-draft-00.pdf

2.1 E1: Metadata clarifications


Jahan: r u going to address this Scott?
scott: eh? yes, it's valid errata.
eve: we wouldn't fold this in except in a "dot" release eg 2.1
hal: some TCs subsequently vote errata doc as "CD" at some point [after spec in
question goes thru stds track pipeline. ed.

[discussion ensued]

eve Jahan & scott -  resolution: maybe what we should do is break this doc (the
errata doc) in into sep sections that are "potential errata" like this item,
and actual line# errata.


2.2 E2: Supported URL Encoding

scott: what this one should say is "there is no way to do this at this point"
-- make it a "PE" and I'll propose text later.


2.3 E3: SAML 1.1 Artifacts

scott (SC): PE


2.4 E4: Rules for NameIDPolicy


SC: PE

rob: a related thing for NameIDPolicy -- if u req an encryptd NameID, no mech
to req the format that once decrypted the plaintext is in a given format that u
the requester would understand or whatever. could be determined outta band or
whatever. this is a sep issue.



RonM  [punts us back to E2]
  is this diff than the binding endpoint url used in the WSS SAML Token Profile
(WSS-STP) ?

scott: correct.




2.5 E5: TARGET parameter in Query String


SC: get rid of it. it was an editorial comment on a doc in progress (tech
overview), so shudn't be in errata doc at all.




Jahan: this is all I had right now, will update & pub new version in a couple
of days.



 >    3. Review input to Gross paper feedback [Prateek/John Linn]
 >          1.
http://www.oasis-open.org/committees/download.php/11191/sstc-gross-sec-analysis-response-01.pdf


prateek (pm): thinking of putting this doc on the "CD track". it follows pretty
closely with our discussion at the face2face in Toronto. The SAML2 spec set
includes fixes as noted in this doc [sec-analysis-response]. -01 is a newrev,
there is a "diff" doc up in the doc repository.

John Linn (jl): I'm fine with the result [-01].

rob: when are we shooting to vote on this?

pm: in two weeks (next official call)?

jl: will be tuff to do cuz of RSA conf that week.

rob: elec ballot?

eve & jeffh: good idea.

eve: is there a big rush to get this done? what's the goal?

pm: I'd characterize this as a "supporting doc" to the samlv2 release.

eve: are we interested in having Thomas Gross review this? it's a response to
his paper after all.

jl: that'd be appropriate certainly.

eve: suggests - the TC and thomas review over next two wks - then initiate CD vote.

rob: enuff time for him to review?

eve: a month?

[discussion]

rob: we'll sched a CD vote for 1-Mar official meeting in 4 wks, modulo flag
waving by ThomasG say.






 >    4. Review input on Technical Overview [Hughes]


 >          1. Comments on Technical Overview Draft 01 [ Tom W]

tom w (tw): too much info in the doc -- too detailed?

j hughes (jh): thinks its as complete as it can be, but would rather it be more
complete than just a subset. pm was going to help.

pm: am behind.

jh: am behind too. if we want to get it out a bit quicker will need additional
assitance. wants to put federation use cases in -- biggest piece of outstanding
work. got Hal's stuff yesterday, will put in a diagram or two extra.

Hal: could use some additional refs.


jh: if we can wait until after RSA and Rob can help, then that'd be great.

rob: will  be on vac the week after the conf.


jh: will endeavor to pub new draft next week, but without help we won't get
this out concurrent with SAMLv2 release.


eve: thinks she'll have more time the week after RSA. also a piece of tech
overview is on her plate, may get that out last week.

*** also there's been requests for a conceptual doc on the diff from ID-FFv1.2
to SAMLv2.


sc: wont do this soon.

rob: mebbe we can twist Greg Whitehead's arm?

greg whitehead (gw): can't even think of this till after RSA.

rob: ok JH, we'll have to wait till after RSA  conf and then re-raise this.




 >          2. Others?




 >    5. Review Executive Overview feedback

Paul Madsen (pm): number of feedback points from various folks on the list.

[did paul say a new rev is in the offing? I didn't capture that if so. ed.]


 >          1. Exec overview 02 comments [Scott]

no dicsussion.


 >          2. RE: [security-services] Exec overview 02 comments [Tom W]

no discussion.




 >    6. SAML 1.x metadata feedback



 >          1. SAML1.x profile of SAML2.0 metadata
andAttributeConsumerDescriptor [Cameron, et al]


sc: as noted earlier in this meeting, there's various fixes/updates/additions
needed in this doc.

rob: are we going to put this on "CD track"?

gw & sc: yes

rob: ok, we'll target this for a vote in Mar-2005.



 >    7. Any other business?


None.

============================================================================

Attendance of Voting Members

   Conor P. Cahill AOL, Inc.
   John Hughes Atos Origin
   Hal Lockhart BEA Systems, Inc
   Rebekah Metz Booz Allen Hamilton
   Thomas Wisniewski Entrust
   Carolina Canales-Valenzuela Ericsson
   Dana Kaufman Forum Systems
   Irving Reid Hewlett-Packard Company
   Michael McIntosh IBM
   Anthony Nadalin IBM
   Scott Cantor Internet2
   Bob Morgan Internet2
   Peter Davis NeuStar
   Jeff Hodges NeuStar
   Frederick Hirsch Nokia
   Senthil Sengodan Nokia
   Abbie Barbir Nortel
   Scott Kiester Novell
   Cameron Morris Novell
   Paul Madsen NTT USA
   Steve Anderson OpenNetwork
   Ari Kermaier Oracle
   Vamsi Motukuru Oracle
   Prateek Mishra Principal Identity
   Jim Lien RSA Security
   John Linn RSA Security
   Rob Philpott RSA Security
   Dipak Chopra SAP
   Jahan Moreh Sigaba
   Bhavna Bhatnagar Sun Microsystems
   Eve Maler Sun Microsystems
   Ron Monzillo Sun Microsystems
   Mike Beach The Boeing Company
   Greg Whitehead Trustgenix


Attendance of Prospective Members

   Gavenraj Sodhi Computer Associates
   Heather Hinton IBM


Membership Status Changes

   Andrew Nash Reactivity - Requested membership on 1/27/2005
   John Kemp Nokia - Lost prospective membership after 2/1/2005 call
   Robin Martherus Oblix - Lost prospective membership after 2/1/2005
call
   Wendy Gray JPMorganChase - Requested membership on 2/1/2005










============================================================================