[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: revised minutes for OASIS SSTC conf call, 2005-03-01
Revised numbers for the vote (some ballots were found in an old suitcase) and attendance. - RL "Bob" --- minutes for OASIS SSTC conference call, 2005-03-01 scribe: RL "Bob" Morgan --- Summary: - vote taken to proceed with OASIS standardization of SAML 2.0 doc set despite "no" vote from one OASIS member; result: passed - RobP and Eve will make final doc edits for becoming standard - focus now on supplemental materials, esp tech overview and exec overview, so as to publish along with 2.0 standard announcement all TC members are encouraged to provide comments on tech-overview and exec-overview docs before next call (March 8) - discussion of other outstanding docs: errata, metadata-1x, X509 authn - action item status changes: none - new action items: * Prateek will propose next steps for conformance based on broader deployments --- Full minutes: 38 of 43 voting members present (attendance below), quorum achieved minutes approved for 2005-01-18 and 2005-02-15 calls, no objections OASIS member vote on SAML 2.0 standard was 85 yes, 1 no fujitsu was the no, raised issue about IPR claims from two Liberty contributors, citigroup and catavault question for TC: approve anyway despite the one No vote? motion made: proceed with standardization despite objection discussion: TonyN: need proper response to fujitsu Hal: would be good to get statement from these contributors RobP: catavault seems to have gone out of business, not clear who would give a statement also claims were about ID-FF 1.0, not 1.1 or 1.2 Prateek: there were two responses from the chairs, yes? Scott: AOL IPR statement seems not to have made it to web site? Conor: Liberty rules don't require RF license, just RAND Irving: worry about IPR specialists buying patents from companies that have gone out of business Scott: there are lots of patents and claims out there, why are we worrying about these here? citigroup material isn't even published RobP: but citi and catavault statements were preparing for RAND licensing but Liberty implementations are out there, with these issues already RobP: on the motion, objections to unanimous consent? TonyN: yes vote taken: 31 yes, 0 no, 4 abstain, 3 present but no response, 5 not present; so motion passes RobP and Eve will make final edits RobP and Prateek will notify TC list and OASIS TC response to Gross re security issues Prateek: link to response doc sent to him, he acknowledged, no responding comments yet Maryann: will ask for him to comment, before next voting call tech overview document JohnH had to leave call draft 3 posted Eve: would like to have outreach material ready by time of SAML 2 standards announcement, when would that be? Hal: XACML announcement not yet out, and it's a month ahead ... Mary: that's about to go out Eve: OK, let's say end of March deadline for finishing and focus our attention on getting these docs done RLBob: what constitutes outreach material? Eve: tech overview, exec overview implementor's guide? doesn't have owner? 1.x to 2.0 delta material? where does it go? also FAQ on SSTC website, tho exec overview is in FAQ format ... ask for comments on overviews before call on Mar 08 errata document Jahan: go thru errata items for final disposition Scott: process? very hard to read errata out of context RobP: OK, will commit to having red-lined version of 2.0 spec with changes based on errata RobP: note that there isn't proposed text on E1 Jahan: will move E1 to Proposed Errata section, publish new draft metadata doc Prateek: comments re SSO and logout, making them more recommended Scott: will modify text as requested Prateek: also change recommendation on use of SSL Scott: while we're talking metadata, Shib group is interested in having metadata representation of indirect key validation ie use of X.509 CAs and path validation rather than embedding keys limitations of ds-keyinfo relate may require metadata extensions so asking whether others are interested in this approach Scott: also note that this is first profile that has come outside of protocol release, hence may be issues about profile naming eg so please review (will send note to list on this point) issue from TomW: SLO after NMI termination Scott: may turn into an errata item, will send note X509 authn doc Rick: approach is based on customer requirements, so not debatable re confirmation method, couldn't find much about bearer, will remove will get new draft out by end of week, hope to get vote next call Scott: why restrict to HTTP? wouldn't this apply to other TLS-protected protocols, and be more general? Rick: sure, will check with customer Rick: re wildcarding, will look more closely at suggestion (exit Rick) Scott: encryption requirement also a problem seems to cross line from implementation to deployment SSTC profile should be more generally applicable RobP: maybe this can just be a registered profile, not TC output Irving: customers want named profile with knobs set how they want maybe could have "plain option" and "most secure option" in this spec Scott: will ask Rick SAML 2.0 interop event at RSA conference RobP: demonstrated mandatory and optional SSO, SLO, federation, etc also USGov GSA e-auth demo future interops? tbd Prateek: want to take conformance material further as SAML 2.0 deploys hoping SSTC will have a role in this AIs #166 wiki: Scott: wiki up for Shib project, will add new section for SAML will be plastered with notifications about IPR, ie don't post material that is IPR-encumbered Mary: OASIS working on wikis for TCs, are "pretty close" likely after mid-April Scott: will proceed with this wiki anyway #205 MIME type registration: Jeff: will work on this week, need to nail down site URLs #207 AuthnRequestsSigned metadata setting: still open #208 check issues with deflate encoding: still open --- Attendance Voting members (38 of 43): Conor P. Cahill AOL, Inc. John Hughes Atos Origin Hal Lockhart BEA Systems, Inc Rebekah Metz Booz Allen Hamilton Rick Randall Booz Allen Hamilton Ronald Jacobson Computer Associates Thomas Wisniewski Entrust Carolina Canales-Valenzuela Ericsson Irving Reid Hewlett-Packard Company Heather Hinton IBM Maryann Hondo IBM Anthony Nadalin IBM Nick Ragouzis Individual Scott Cantor Internet2 Bob Morgan Internet2 Peter Davis NeuStar Jeff Hodges NeuStar Frederick Hirsch Nokia Senthil Sengodan Nokia Abbie Barbir Nortel Scott Kiester Novell Cameron Morris Novell Paul Madsen NTT USA Ari Kermaier Oracle Vamsi Motukuru Oracle Darren Platt Ping Identity Prateek Mishra Principal Identity Jim Lien RSA Security John Linn RSA Security Rob Philpott RSA Security Dipak Chopra SAP Jahan Moreh Sigaba Bhavna Bhatnagar Sun Microsystems Eve Maler Sun Microsystems Ron Monzillo Sun Microsystems Emily Xu Sun Microsystems Mike Beach The Boeing Company Greg Whitehead Trustgenix Prospective members (1 of 3): Hans Granqvist VeriSign Observers (2): Mary McRae OASIS Scott Tomilson Entrust --------------------------------------------------------------------- To unsubscribe, e-mail: security-services-unsubscribe@lists.oasis-open.org For additional commands, e-mail: security-services-help@lists.oasis-open.org
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]