OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes with attendance for 25-Oct SSTC con-call

Minutes for 25-Oct SSTC con-call

1. Roll call
Attendance of Voting Members:
  Abbie Barbir Nortel
  Sharon Boeyen Entrust
  Carolina Canales‑Valenzuela Ericsson
  Scott Cantor Internet2
  Peter Davis NeuStar
  Heather Hinton IBM
  Frederick Hirsch Nokia
  Jim Lien RSA Security
  Hal Lockhart BEA Systems, Inc
  Jahan Moreh Sigaba
  Bob Morgan Internet2
  Cameron Morris Novell
  Vamsi Motukuru Oracle
  Anthony Nadalin IBM
  Ashish Patel France Telecom
  Rob Philpott RSA Security
  Gilbert Pilz BEA Systems, Inc.
  Nick Ragouzis Enosis Group
  Eric Tiffany IEEE Industry Standards
  Greg Whitehead Trustgenix
  Thomas Wisniewski Entrust
  Emily Xu Sun Microsystems

Attendance of Non‑Voting Members
  Steve Anderson BMC Software
  Bhavna Bhatnagar Sun Microsystems
  Guy Denton IBM
  Dana Kaufman Forum Systems

Cameron Morris to take minutes

2. Approve minutes of 11 Oct con call:
a. RE: [security services] Minutes for SSTC Conference
Call, October 11

3. Errata Review (Jahan):
a. Current rev is draft 17 posted prior to 11 Oct meeting.
New version 18 posted past night, 4 items remains open
32 – Rob
36 – Conflict in schema - We discussed this last meeting.
Should we update text to match schema?
Proposed Jahan Moreh:
No schema change.  On line 1359 strike 'namespace required', and remove sentence starting on line 1361 to 1363
Emily Xu 2nd

b. Status of updates from 11 Oct meeting?
AI's: 231, 236
Nothing new on these.

Clarification on Action element
Jahan to capture this as an errata item.

  1. Should we produce red line versions of spec's soon?
    1. Proposed goal, build red-line spec by end of year.
    2. Scott: it would be nice to make these more normative.
    3. Pratek, Errata should go through the standards process.
    4. Does the original specification imply an errata, thus no need to make a new normative?
    5. Action Item: talk to Mary McCray about re-approving errata
    6. Why not take an errata/red-line to standard?
    7. Why not make a schedule to publish red-lines? - Maintenance
    8. Target vote/public review at the end of the year.
    9. Action Item: Have Eve coordinate this, Scott will help

3. Scott: Strawman proposal on third party AuthnRequest
    1. Could be done over SOAP, should WS-Addressing be used?
    2. 2 ways to implement this:
      1. Explicitly name the relying party
      2. Extension at the protocol level for a redirect
    3. Criticality? This could be done in metadata – endpoint.
    4. WS-Addressing
      1. Should we bring this up in WS-addr?
      2. Greg: not a good match
    5. Scott: we should decide this high-level approach before continuing
    6. Scott: action item to propose something
4. Scott: Some food for thought on delegation
    1. Scott will be working on delegation via assertions
    2. If you are interested read through the document and work with Scott

5. Package for upcoming CD vote:
    a. Rob: Tech Overview status   Still working on updates.
Not ready for review.
    b. Eve: XPath CD draft?
Not done

6. Eve: FAQ update (see AI 235):
a. Could use advise on changing the SAML FAQ

  1. Abbie/Prateek: Submission to ITU T
    1. Final approval this winter.  There may be objections to our use of SSL, instead of TLS.
    2. Any comments on PAOS? No.
    3. They want to make a security review
    4. More details to come
      1. This could require a change to text. editorial changes only, (references to SSL should be informative)
    5. Soonest possible is January 16th, More likely in April
    6. Action Item: Please send status to Eve Mahler to place on the web site

8. Miscellaneous:
a. Comment list: Public Comment
Any issues come from these comments? No

b. OASIS Press Inquiry: TC response to Gartner's March'05

An editor from Computer Weekly, a UK IT publication, is writing an
article on new approaches to network security. He asks if we can provide
an official TC response to Gartner's March report, which says "much more
must be done before SAML can be considered anything more than just
another security token format and yet another set of protocols... very
few real world production applications rely on it". He also asks if
there's any synergy between SAML and the Jericho Forum's work.

  1. Is this something the Adoption SC could addresss?
    1. Should we respond to all inquires?
    2. Motion to move this to the sub committee to craft a TC response
    3. 2nd by Peter Davis
    4. Action Item: delegate this to Meritt Maxim

10. AI Review: See attached list
11. Other business?
12. Adjourn

#0237: Interop Test question: Metadata 2.0 EndpointType question Owner:
Eric Tiffany

11 Oct: Option "A" in the list email is the preferred interpretation.
Eric to propose text
Eric was not on the call

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]