OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes from SSTC Conference Call, May 10

Attendance and status changes at the end of the message.


Focus calls are cancelled for the time being; next meeting will be a full TC conference call on May 24, 2005.

Motion to begin an electronic vote on Committee Draft status for the X509-based attribute profile is tabled, pending another revision of the document (see agenda item 3a below)

TC voted to approve response to Thomas Grosz (http://www.oasis-open.org/committees/download.php/11191/sstc-gross-sec-analysis-response-01.pdf) as a Committee Draft. Note, there was no discussion of whether this triggers an action item for the chairs to update and publish the document.

Action Items: #0222, #0220 closed, all others remain open.

 - irving -

> Subject: [security-services] Agenda for SSTC Conference Call, May 10

0. Agenda bashing: add vote on Thomas Grosz response message to agenda
			Add discussion of process changes for voting to agenda

Steve Anderson: new TC process changes the rules for who is in good voting status: there is no longer a "warning period": If you miss two out of any three meetings, you are automatically dropped. There is a new status "TC member who is not a voting member"; presumably you fall into that class.

Steve's interpretation of the current rules is that once you drop of by this rule, you must explicitly request reinstatement and then go through the standard "attend two out of next three" to gain voting status.

Rob: there is ongoing discussion among OASIS and TC chairs about this rule change.

> 1. Accept minutes from April 12 conference call
> http://lists.oasis-open.org/archives/security-services/200504/

Moved: Conor, no objections, accepted.

> 2. Administrative Info: 
>    SSTC conference call every 2 weeks
>    (next call on May 24th - no more focus calls scheduled)

No discussion.

> 3. Vote on creation of two distinct electronic ballots for moving the 
> following documents to CD status
>   (requires simple majority only)
> a.  sstc-saml-x509-authn-based-attribute-profile-draft-0.5.pdf
> http://www.oasis-open.org/apps/org/workgroup/security/download
.php/12464/sstc-saml-x509-authn-based-attribute-protocol-> profile-2%200-draft-05.pdf

Moved: Frederick
Seconded: RL Bob

Scott: Thomas sent some comments on X509 draft, and Scott has some comments; also an error in the Xpath draft. Scott feels this (and the attribute profile draft) aren't ready for vote

Rick: agrees; suggests motion be tabled.

Draft author: feels that it should be possible to incorporate comments within the next week

> b. sstc-saml-2.0-xpath-attribute-profile-draft-02.pdf
> http://www.oasis-open.org/apps/org/workgroup/security/download

Prateek / Cameron: agree to go one more round of revision, and bring a new draft forward for next TC meeting.

Prateek: Would like to discuss the Thomas Grosz response document now; asks for a motion.

Frederick moves that the document go to Committee Draft status; RL Bob seconds.

Discussion about whether it is appropriate for the TC to respond to this paper in an official capacity, since the original critique was not submitted to the TC in any way (it was published as a conference paper).

Procedural discussion: under new OASIS rules, CD status now requires only a simple majority, not the 2/3 majority previously needed.

Question is called; Tony objects, roll call vote...

26 for, 3 against, 1 abstain, out of 39 voting members; motion carries.

> 4. SAML Testing Referral Program Proposal for SSTC Review & 30 Day 
> Feedback - Response to SSTC Feedback (Andy will join the call) 
> http://lists.oasis-open.org/archives/security-services/200504/

Andy is not on the call, so there's a limit to how much we can accomplish in discussion. People re-raise the issues that have been discussed on the mailing list: concerns about a competing vendor also running the testing infrastructure.

Frederick: This was discussed by the OASIS board, with Andy, and we should wait for him to send out an update.

> 5. SAML 2.0 Technical Overview status (version 5 to appear in the AM)


> 6. Errata Status and New Items
> a.  sstc-saml-errata-2.0-draft-06.pdf (published April 25) 
> http://www.oasis-open.org/apps/org/workgroup/security/download
> b. Another attempt at AllowCreate cleanup 
> http://lists.oasis-open.org/archives/security-services/200505/

Scott has gone about as far as he can; any comments, or does anyone else want to take a crack at it?

Brian: most recent text looks much better

> 7. Open Action Items
> #0222: Update technical overview document with federation materials	
> Owner: Prateek Mishra	
> Status: Open	
> Assigned: 2005-05-09	
> Due: ---	


> ________________________________
> #0221: Request copy of Thomas Grosz paper for inclusion in 
> SSTC archives	
> Owner: Maryann Hondo	
> Status: Open	
> Assigned: 2005-04-12	
> Due: ---	

Maryann Hondo had to drop off the call; still open.

> ________________________________
> #0220: Respond to Rick R on subject confirmation issue on the 
> X509 Attribute Sharing Profile	
> Owner: Scott Cantor	
> Status: Open	
> Assigned: 2005-03-30	
> Due: ---	

Closed; incorporated in new draft.

> ________________________________
> #0217: Explore with OASIS how best to do publication of 
> redlined specs based on errata.	
> Owner: Eve Maler	
> Status: Open	
> Assigned: 2005-03-30	
> Due: ---	


> ________________________________
> #0216: Formulate some suggested redline text for E7 for review.	
> Owner: Jahan Moreh	
> Status: Open	
> Assigned: 2005-03-30	
> Due: ---	


> ________________________________
> #0213: Prepare final CD draft of metadata-1x document and 
> submit it to OASIS	
> Owner: Eve Maler	
> Status: Open	
> Assigned: 2005-03-29	
> Due: ---	

In progress; still open (update AI to also include metadata extension)

> ________________________________
> #0210: Links to new IPR policy to be sent to SSTC	
> Owner: Rob Philpott	
> Status: Open	
> Assigned: 2005-03-15	
> Due: ---	

In progress; open

> ________________________________
> #0208: Run additional tests to check issues with deflate 
> encoding and rfc1951 (java libraries)	
> Owner: Scott Cantor	
> Status: Open	
> Assigned: 2005-03-01	
> Due: ---	


> ________________________________
> #0180: Need to update SAML server trust document	
> Owner: Jeff Hodges	
> Status: Open	
> Assigned: 2004-07-12	
> Due: ---	


Hal: Two weeks from today he will speak on SAML at the XML conference, using materials based on previous work by other TC members.

Rob: recently did a webcast on SAML and has some more materials.


Attendance of Voting Members


  First Last Company

  Steve Anderson BMC

  Conor P. Cahill AOL, Inc.

  Carolina Canales-Valenzuela Ericsson

  Scott Cantor Internet2

  Peter Davis NeuStar

  Wendy Gray JPMorganChase

  Heather Hinton IBM

  Frederick Hirsch Nokia

  Jeff Hodges NeuStar

  Maryann Hondo IBM

  John Hughes Individual

  Dana Kaufman Forum Systems

  Ari Kermaier Oracle

  John Linn RSA Security

  Hal Lockhart BEA Systems, Inc

  Paul Madsen NTT USA

  Prateek Mishra Principal Identity

  Ron Monzillo Sun Microsystems

  Bob Morgan Internet2

  Cameron Morris Novell

  Vamsi Motukuru Oracle

  Anthony Nadalin IBM

  Rob Philpott RSA Security

  Darren Platt Ping Identity

  Nick Ragouzis Individual

  Rick Randall Booz Allen Hamilton

  Irving Reid Hewlett-Packard Company

  Senthil Sengodan Nokia

  Greg Whitehead Trustgenix

  Thomas Wisniewski Entrust

  Emily Xu Sun Microsystems


Attendance of Prospective Members or Observers


  Alberto Squassabia Ping Identity

  Peter Michalek Individual

  Brian Campbell Ping Identity

  Sharon Boeyen Entrust



Membership Status Changes


  John Harby Individual - Requested Voting status 4/12/2005

  John Hughes Individual - Returned from LOA before 5/10/2005 call

  Dana Kaufman Forum Systems - Returned from LOA before 5/10/2005 call

  Scott Kiester Novell - Lost voting status after 5/10/2005 call

  Alberto Squassabia Ping Identity - Granted Voting status after 5/10/2005 call

  Peter Michalek Individual - Granted Voting status after 5/10/2005 call

  Martin Soukup Nortel - Lost prospective status after 5/10/2005 call

  Atul Tulshibagwale Trustgenix - Lost prospective status after 5/10/2005 call

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]