OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Draft Minutes SSTC Call - May 23, 2006

Attendance inserted below.
Steve Anderson
BMC Software

-----Original Message-----
From: Paul Madsen [mailto:paulmadsen@rogers.com] 
Sent: Tuesday, May 23, 2006 4:29 PM
To: security-services@lists.oasis-open.org
Subject: [security-services] Draft Minutes SSTC Call - May 23, 2006

OASIS SSTC conference call minutes, 2006-05-23
By: Paul Madsen

1. Roll Call & Agenda Review

Quorum achieved

Attendance of Voting Members

  Steve Anderson BMC Software
  Bhavna Bhatnagar Sun Microsystems
  Brian Campbell Ping Identity
  Carolina Canales-Valenzuela Ericsson
  Scott Cantor Internet2
  Frederick Hirsch Nokia
  Ari Kermaier Oracle
  Hal Lockhart BEA Systems, Inc
  Paul Madsen NTT Corporation
  Prateek Mishra Oracle
  Jahan Moreh Sigaba
  Anthony Nadalin IBM
  Ashish Patel France Telecom
  Rob Philpott RSA Security
  Nick Ragouzis Enosis Group
  David Staggs Veteran's Health Admin
  Greg Whitehead Hewlett-Packard Company
  Thomas Wisniewski Entrust
  Emily Xu Sun Microsystems
Attendance of Non-Voting Members

  Peter Davis NeuStar
  Jeff Hodges NeuStar
  John Hughes PA Consulting

Membership Status Changes
  Heather Hinton IBM - Lost voting status after 5/23/2006 call
  Cameron Morris Novell - Lost voting status after 5/23/2006 call
  Jeff Hodges NeuStar - Granted voting status after 5/23/2006 call
  John Hughes PA Consulting - Granted voting status after 5/23/2006 call

2. Approve minutes from May 9 con-call

Jeff: Move to approve
Rob: Seconded


3. Informational

a. Five CD drafts in public review -


Hal:Broadacst in various lists. Chairs will update web page

Call for disclosure


Hal:Anybody with IPR should disclose

b. "Lightweight" SAML & Liberty Session

Hal: What does lightweight SAML mean?
Scott: IETF lists heating up, heading towards another BOF at next 
meeting (Montreal)
Nick: Area Director indicated that this will become a Working Group

c: Status of Technical Overview

John: No explicit action from last minutes for taking Technical Overview

Hal:What is status?
Rob: in my hands, Eve, Nick, and I have been working on Draft 09. Trying

to get it to point for posting in next week or so

AI: Rob to get v09 out for next week

d.  Google use of SAML for search appliance
Hal: details and link available on SAML Dev

4. Active Threads

a. Shared Credentials

Ashish: we submitted updated version adter feedback. Updated RAC 
protocol extension, schema and discussion document to reflect feedback 
from Scott.
The AuthnContext extension was not impacted. We are wondering how to 
move forward. What steps?
Prateek: Just ask for CD vote
Scott: yup, we just need to schedule a vote so that people know when to 
Hal: June 6th?
Jeff: Sure
Hal: comment on list as well

AI: Chairs to add agenda item for vote for next call

b. Options for correction of LDAP/X.500 attr profile 

Hal: Scott posted on LDAP X.509 attribute item?
Scott: fulfilling an action item, attempt at a comprehensive list of
Prateek: issue is?
Scott: if you say type is string, then you can't have attributes. I 
presented 5 different approaches, none are really errata \
but the profile is broken so what is the process?
Rob: should be a new release.
Scott: overkill
Hal: errata meant to bring things back to original intent, not
Greg: if we had known this before going final, what would we have done?
Scott: recommending #3, move encoding attribute up to the attribute 
element, where it is permitted through wildcarding.
Other attribute profiles do this. People had originally thought of doing

$4 which is DCE profile, implication is that we'd need
anotehr schema doc (not part o 2.0 ZIP). Other reasons not to like this 
as well
Prateek: do other profiles add attributes?
Scott: yes, XACML.
Hal: conflict between desire to leave 2.0 alone and need to fix this
Greg: is anybody using it?
Scott: somewhat, this is the one that shouldn't be left broken. #5 is 
effectively 'leave things alone'. Shib has referenced this from
some community docs and this is untenable
Hal: does this have an errata number?, - 53
RL Bob: can't ignore this - lots of interest in this
Hal: especially as SAML 2 being picked up by ITU-T
John: UK government as well
Scott: resolve by next call, people need to review
Greg: viable option to just drop the encoding?
Scott: That would be #2, the names would have to imply the encoding 
rules. Dicey to depend on absence of attribute
RL Bob: idea of multiple encodings is speculative ....
Hal: ITU-T cares about X.500. Need to come to conclusion soon. Eggs will

be broken ..
Greg: maybe eveybody can rank Scott's options as to preference
Hal: or Eve's Quaker pole, e.g. what's your favourite and what can you 
live with
Greg: another alternative to solving the issue would be
    a) remove the x500:Encoding attribute and document that the LDAP 
encoding uses xsi:type string and base64Binary
    b) document that other encodings should define new types
Scott: I think this is #2
Greg: we could drop the attribute and just document that how the LDAP 
encoding is signified
Scott: yes, this would be clarification for #2
Hal: lets move to list

5. Errata review

PE53 - is the X.500 error discussed above, has the wrong name, cut and 
paste error

PE43 - is what Scott just posted, encryption profile changes, Scott made

minor changes, Text hasn't changed.
Like to get this voted in.

Scott: move to approve
Greg: Second

PE49 - has been open for a while. Scott feels not ready for a vote. 
Scott will ahve something for next call

PE50 - Conformance doc and clarification on SSL Cipher Suite

is Eric on the call? Been here for a while.

Greg: move to approve
Scott: second


PE52 - following thread with Rob and Scott?

Scott: I wrote the text so I think its Rob's call on clarifications
Rob: Yup, haven't been able to get to it

AI; Rob to propose text for PE52

6. Open AIs

#0250: PE 43
Owner: Heather Hinton
Status: Open
Assigned: 2006-02-13
Due: ---


#0238: Plan for red-line versions of SAML 2.0
Owner: Eve Maler
Status: Open
Assigned: 2005-11-08
Due: ---


#0240: Status of SAML 2.0 submission to ITU T
Owner: Abbie Barbir
Status: Open
Assigned: 2005-11-08
Due: ---

open pending word from ITU-T

#0257: authentication context and shared credentials
Owner: Paul Madsen
Status: Open
Assigned: 2006-04-10
Due: 2006-04-30


#0259: Propose text to resolve PE 49 - Clarification on attribute name
format (The relationship between an attribute's NameFormat and its
syntax is not clear.)
Owner: Scott Cantor
Status: Open
Assigned: 2006-04-26
Due: 2006-05-15


#0260: Create document of requested enhancements
Owner: Eve Maler
Status: Open
Assigned: 2006-05-23
Due: 2006-06-15

Eve on vacation


7. AOB

7a: New attribute issue, possible RFE

Some objections for language in Core about the limitation in core that
says all AttributeValue elements have to share the same xsi:type, if 
any. CUrrently baked into core

Two options

- put it into RFE list (scott's view
- errata

Scott will start a thread on list

7b: Additional item on X.500 LDAP support,

RL Bob: option tags are LDAP feature, wanted to use 'language tags' but 
no support in the LDAP profile.

Hal: Likely an RFE

Next call scheduled on June 6


Paul Madsen             e:paulmadsen @ ntt-at.com
NTT                     p:613-482-0432

To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  You may a link to this group and all your TCs in

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]