[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes SSTC official concall Tue 2/1/2005
============================================================================ SSTC official concall Tue 2/1/2005 9:07:49 AM ---------------------------------------------------------------------------- minutes by Jeff Hodges see end of msg for attendance info. ====================================================================== Summary ====================================================================== * chairs yet to receive minutes from 18-Jan concall * SAML 2.0 Errata document reviewed -- new rev in a few days * Review Gross paper by TC and hopefully T Gross, target to vote on advance to CD maturity level at 1-Mar sstc official mtg * Comments on Technical Overview Draft 01 received, outlook for final polishing this doc is "after RSA conference" * SAML1.x profile of SAML2.0 metadata -- comments on it noted. will be updated in near future (?). Target vote on it in Mar-2005. ====================================================================== Raw Notes ====================================================================== > 1. Approve minutes from 18-Jan con-call > 1. Minutes do not appear to have been posted – Can the minute taker please post them asap? if minute taker from last mtg (Ron Jacobson?) will send 'em in, we'll get'em approved at the next call. > 2. Review SAML 2.0 Errata document [Jahan] > 1. http://www.oasis-open.org/committees/download.php/11265/sstc-saml-errata-2.0-draft-00.pdf 2.1 E1: Metadata clarifications Jahan: r u going to address this Scott? scott: eh? yes, it's valid errata. eve: we wouldn't fold this in except in a "dot" release eg 2.1 hal: some TCs subsequently vote errata doc as "CD" at some point [after spec in question goes thru stds track pipeline. ed. [discussion ensued] eve Jahan & scott - resolution: maybe what we should do is break this doc (the errata doc) in into sep sections that are "potential errata" like this item, and actual line# errata. 2.2 E2: Supported URL Encoding scott: what this one should say is "there is no way to do this at this point" -- make it a "PE" and I'll propose text later. 2.3 E3: SAML 1.1 Artifacts scott (SC): PE 2.4 E4: Rules for NameIDPolicy SC: PE rob: a related thing for NameIDPolicy -- if u req an encryptd NameID, no mech to req the format that once decrypted the plaintext is in a given format that u the requester would understand or whatever. could be determined outta band or whatever. this is a sep issue. RonM [punts us back to E2] is this diff than the binding endpoint url used in the WSS SAML Token Profile (WSS-STP) ? scott: correct. 2.5 E5: TARGET parameter in Query String SC: get rid of it. it was an editorial comment on a doc in progress (tech overview), so shudn't be in errata doc at all. Jahan: this is all I had right now, will update & pub new version in a couple of days. > 3. Review input to Gross paper feedback [Prateek/John Linn] > 1. http://www.oasis-open.org/committees/download.php/11191/sstc-gross-sec-analysis-response-01.pdf prateek (pm): thinking of putting this doc on the "CD track". it follows pretty closely with our discussion at the face2face in Toronto. The SAML2 spec set includes fixes as noted in this doc [sec-analysis-response]. -01 is a newrev, there is a "diff" doc up in the doc repository. John Linn (jl): I'm fine with the result [-01]. rob: when are we shooting to vote on this? pm: in two weeks (next official call)? jl: will be tuff to do cuz of RSA conf that week. rob: elec ballot? eve & jeffh: good idea. eve: is there a big rush to get this done? what's the goal? pm: I'd characterize this as a "supporting doc" to the samlv2 release. eve: are we interested in having Thomas Gross review this? it's a response to his paper after all. jl: that'd be appropriate certainly. eve: suggests - the TC and thomas review over next two wks - then initiate CD vote. rob: enuff time for him to review? eve: a month? [discussion] rob: we'll sched a CD vote for 1-Mar official meeting in 4 wks, modulo flag waving by ThomasG say. > 4. Review input on Technical Overview [Hughes] > 1. Comments on Technical Overview Draft 01 [ Tom W] tom w (tw): too much info in the doc -- too detailed? j hughes (jh): thinks its as complete as it can be, but would rather it be more complete than just a subset. pm was going to help. pm: am behind. jh: am behind too. if we want to get it out a bit quicker will need additional assitance. wants to put federation use cases in -- biggest piece of outstanding work. got Hal's stuff yesterday, will put in a diagram or two extra. Hal: could use some additional refs. jh: if we can wait until after RSA and Rob can help, then that'd be great. rob: will be on vac the week after the conf. jh: will endeavor to pub new draft next week, but without help we won't get this out concurrent with SAMLv2 release. eve: thinks she'll have more time the week after RSA. also a piece of tech overview is on her plate, may get that out last week. *** also there's been requests for a conceptual doc on the diff from ID-FFv1.2 to SAMLv2. sc: wont do this soon. rob: mebbe we can twist Greg Whitehead's arm? greg whitehead (gw): can't even think of this till after RSA. rob: ok JH, we'll have to wait till after RSA conf and then re-raise this. > 2. Others? > 5. Review Executive Overview feedback Paul Madsen (pm): number of feedback points from various folks on the list. [did paul say a new rev is in the offing? I didn't capture that if so. ed.] > 1. Exec overview 02 comments [Scott] no dicsussion. > 2. RE: [security-services] Exec overview 02 comments [Tom W] no discussion. > 6. SAML 1.x metadata feedback > 1. SAML1.x profile of SAML2.0 metadata andAttributeConsumerDescriptor [Cameron, et al] sc: as noted earlier in this meeting, there's various fixes/updates/additions needed in this doc. rob: are we going to put this on "CD track"? gw & sc: yes rob: ok, we'll target this for a vote in Mar-2005. > 7. Any other business? None. ============================================================================ Attendance of Voting Members Conor P. Cahill AOL, Inc. John Hughes Atos Origin Hal Lockhart BEA Systems, Inc Rebekah Metz Booz Allen Hamilton Thomas Wisniewski Entrust Carolina Canales-Valenzuela Ericsson Dana Kaufman Forum Systems Irving Reid Hewlett-Packard Company Michael McIntosh IBM Anthony Nadalin IBM Scott Cantor Internet2 Bob Morgan Internet2 Peter Davis NeuStar Jeff Hodges NeuStar Frederick Hirsch Nokia Senthil Sengodan Nokia Abbie Barbir Nortel Scott Kiester Novell Cameron Morris Novell Paul Madsen NTT USA Steve Anderson OpenNetwork Ari Kermaier Oracle Vamsi Motukuru Oracle Prateek Mishra Principal Identity Jim Lien RSA Security John Linn RSA Security Rob Philpott RSA Security Dipak Chopra SAP Jahan Moreh Sigaba Bhavna Bhatnagar Sun Microsystems Eve Maler Sun Microsystems Ron Monzillo Sun Microsystems Mike Beach The Boeing Company Greg Whitehead Trustgenix Attendance of Prospective Members Gavenraj Sodhi Computer Associates Heather Hinton IBM Membership Status Changes Andrew Nash Reactivity - Requested membership on 1/27/2005 John Kemp Nokia - Lost prospective membership after 2/1/2005 call Robin Martherus Oblix - Lost prospective membership after 2/1/2005 call Wendy Gray JPMorganChase - Requested membership on 2/1/2005 ============================================================================
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]