OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Draft minutes for SSTC Conference Call July 18, 2006 - V2,with roll call data and corrections

 > > 1. Roll Call & Agenda Review

Attendance of Voting Members

   Steve Anderson BMC Software
   Abbie Barbir Nortel
   Bhavna Bhatnagar Sun Microsystems
   Brian Campbell Ping Identity
   Scott Cantor Internet2
   Peter Davis NeuStar
   Frederick Hirsch Nokia
   Jeff Hodges NeuStar
   John Hughes PA Consulting
   Hal Lockhart BEA Systems, Inc
   Paul Madsen NTT Corporation
   Eve Maler Sun Microsystems
   Prateek Mishra Oracle
   Jahan Moreh Sigaba
   Bob Morgan Internet2
   Anthony Nadalin IBM
   Ashish Patel France Telecom
   Rob Philpott RSA Security
   David Staggs Veteran's Health Admin
   Greg Whitehead Hewlett-Packard Company
   Thomas Wisniewski Entrust
   Emily Xu Sun Microsystems

Attendance of Non-Voting Members

   Ari Kermaier Oracle
   Tom Scavo National Center for Supercomputing Applications

Membership Status Changes

   Heather Hinton IBM - Granted voting status after 6/20/2006 call
   Ari Kermaier Oracle - Lost voting status after 6/20/2006 call
   Tom Scavo National Center for Supercomputing Applications - 
Granted membership 6/22/2006
   Rick Randall Booz Allen Hamilton - Member account deactivated
   Toshihiro Nishimura Fujitsu - Granted membership 6/22/2006
   Dana Kaufman Forum Systems - Lost voting status after 7/18/2006 call
   Nick Ragouzis Enosis Group - Lost voting status after 7/18/2006 call

 > > 2. Approve minutes from June 20 con-call
 > >

APPROVED by unanimous consent.

 > > 3. Informational
 > >
 > > a. Update from Chairs on SSTC IPR Transition Planning
 > >

Hal: We are polling people about willingness to sign up to the 
various IPR modes.  People should be consulting with their own 
organizations.  Currently there's at least one organization that 
would oppose the IPR transition without a tightening up of the 
charter.  We are discussing the matter with the OASIS staff.  There 
are three ways forward:

- A charter clarification could be done if it's a reduction in scope.

- If there are additions, we could do a charter change vote, which 
has a higher bar.

- We could charter a brand-new TC that goes by default under the new 
IPR policy, and the "old" SSTC would go away entirely.

It has been proposed, separately, that this TC could take up 
security policy, which would constitute a "charter change".

Rob: But the current charter is open-ended as to the creation of new 

Frederick: What work is on the docket going forward besides, 
potentially, the policy item?  It's helpful to understand the 
options a little more deeply before sending us to our lawyers.

Prateek: We're at the point where we want to collect the questions, 
but not try to answer them yet.

Jamie: Agree that it's important to have the discussion about the 
work docket before knowing how to answer the questions.

Abbie: What are the deadlines?

Jamie: The SSTC is fine for now, unless someone votes to end it.  If 
we don't transition to the new IPR policy somehow, the TC will close 
by April 2007.  To transition, you have to vote, and that takes 
maybe 4 weeks elapsed.  The vote must be unanimous, so if there's a 
holdup, you need to build in more time.

Prateek: Let's take this to the list.

Eve: Would like to dedicate a future call to the topic of future 
SSTC work.

 > > b. SAML IPR statements have been revised to explicit "defensive 
 > >
 > >
 > > c.  new drafts - draft-hodges-saml-binding-noxmldsig-02.pdf
 > >

Jeff: Comments are welcome.  He and Scott have been discussing rev 
03 changes, possibly coming in mid-August.  This would involve 
conveying key info, currently not supported.  Also, they've been 
toying with a more "positive" name, something like "simple sign"?

They have also been working on a lightweight SSO profile that uses 
this binding.  Jeff had previously sent a note to the list about 
this I-D, we think.

 > > d. yet another SAML-based effort
 > >
 > >
 > >
 > > 4. Public Review of SAML Profiles and Extensions is now CLOSED
 > >
 > > a. Public Review period ends July 10
 > > http://lists.oasis-open.org/archives/members/200605/msg00004.html
 > >
 > > The TC must track the comments received as well as the 
disposition of each comment.

This included a whole stack of profiles and extensions.  Prateek is 
looking for champions to address the comments, as linked below.  Eve 
suggests this should be the primary author of each spec, unless they 
can't for some reason.

 > > b. Comments upon sstc-saml1x-metadata-cd-01

Scott is the comment champion.

 > >     i. Tom Scavo
 > >
 > >
 > >     ii. Tom Scavo
 > >

Tom notes that these comments are about 
sstc-saml-metadata-ext-query-cd-01, not sstc-saml1x-metadata-cd-01.

 > >
 > > c. Comments upon SAML Attribute Sharing Profile for X.509
Authentication-Based Systems

Ari Kermaier is the comment champion.  Rob has agreed to review the 

 > >     i. Tom Scavo
 > >
 > >
 > >     ii. Tom Scavo
 > >
 > >
 > >     iii. Tom Scavo
 > >
 > >
 > >     iv. Tom Scavo
 > >
 > >
 > >     v. Tom Wisniewski
 > >     Comments on Attribute Sharing Profile for X.509
Authentication-Based Systems (draft 10)
 > >
 > >
 > > d. sstc-saml-protocol-ext-thirdparty-cd-01

Scott is the comment champion.

 > >     i. Tom Scavo
 > >

We'll continue to look for further comment on the lists.

Tom notes public comment from <hmadhavanpillai@rsasecurity.com> 

Eve puts in a plea for document uploaders to ensure that they check 
  the box that allows for public access to the documents.

 > > 5. Errata Review
 > >
 > >

PE49: Clarification on attribute name format: Greg being happy with
Scott's commentary is good enough for Scott!

MOTION: Greg moves we accept the change.  APPROVED by unanimous consent.

PE52: Clarification on <NotOnOrAfter> attribute:

AI: Rob to review PE52.

PE55: Various Language Cleanups: Ideally the people who did the
Liberty conformance dry-runs should weigh in on whether Scott's
proposed changes make sense.  Scott will broach this with Liberty
folks this week.

PE56: Typo in Profiles: (Note that errata-32 has a typo in the
section heading, saying "PE55" instead!)  This looks like a simple
editorial change.

MOTION: Jahan moves to accept the proposed change for PE56.
APPROVED by unanimous consent.

PE57: [SAMLmime] reference in saml-bindings: This is a simple
change, since the old I-D expired.

MOTION: Eve moves to accept the proposed change for PE57.  APPROVED
by unanimous consent.

PE58: Potential errata in Metadata: There are some dozen small items
making up this comment.  There's been some discussion back and
forth.  This doesn't belong as a SAML V2.0 PE, since the comments
are on a draft profile.

 > > 6. Active Threads
 > >
 > > a. Probability text in core section 1.3.4
 > >

Scott: The issue has generally been overblown in terms of interop

Prateek: If Greg proposes a change, we can formally consider it.

Eve: It would make a dandy informal wiki entry.

 > > b. NameID and the use of SPProvidedID
 > >

Tom W.: You can send the NameID as is or using the SPProvidedID.  He
reads the spec as saying that the latter is required, though
currently they're supporting both methods.

Scott: It's ambiguous, though not through strong feelings one way or
the other.

AI: Tom W. to propose clearer text.

Rob: What are the interop implications?

Greg: We need to clarify the interpretation towards the
more-interoperable scenario, according to the Liberty interop work.
   I have expressed this on the list many times.

Scott: So the clarification is that the SP may send the
SPProvidedID, but it's not required.  (The IdP has to sent it, of
course, since that's the point of the attribute.)  So, "Be liberal
in what you accept."  This allows all current implementations to be
counted as doing the right thing.

AI Tom W. to propose clarifying text.

Greg's message 42 from June 2006 can contribute to this proposal.

 > > c. superseding prior spec set versions? 
SAML 1.0 or 1.1)
 > >

Jeff: We're blazing a trail in doing this within OASIS, but some
other organizations already have processes in place for this.

AI: Prateek (and everyone) to comment on superseding of prior spec

 > > d. SAML Authn Ctx Combination Spec
 > >

Ashish: There was some confusion in processing rules about nesting.
   They have modified the extension proposal to take this into
account and will submit the draft again for comment.

AI: Ashish and Paul to update the Authn Context combination spec.

 > > e. SAML References
 > >

AI: Eve to create a SAML-specific spec template to help people
create bibliographic entries with consistent SAML V2.0 "spec
artifact" references.

 > > 7. Open AIs
 > > 0263: NameID and the use of SPProvidedID
 > > Owner: Jahan Moreh
 > > Status: Open
 > > Assigned: 2006-07-18
 > > Due: ---

Still open.

 > >
 > >
 > >
 > > #0262: Creation of the ?new? LDAP/X.500 profile
 > > Owner: Scott Cantor
 > > Status: Open
 > > Assigned: 2006-07-18
 > > Due: ---

Still open.

 > >
 > >
 > >
 > > #0261: Chairs to contact GUIDE for follow-up
 > > Owner:
 > > Status: Open
 > > Assigned: 2006-07-18
 > > Due: ---

Still open.  Prateek will look into it.

 > >
 > >
 > >
 > > #0240: Status of SAML 2.0 submission to ITU T
 > > Owner: Abbie Barbir
 > > Status: Open
 > > Assigned: 2005-11-08
 > > Due: ---

Still open.  SAML and XACML appear to have official ITU-T standards
numbers, but maybe they're just provisional.  Eve can put notice of
their final standards status on the SSTC site.

AI: Abbie to update the TC and provide any relevant links.

 > >
 > >
 > >
 > > #0238: Plan for red-line versions of SAML 2.0
 > > Owner: Eve Maler
 > > Status: Open
 > > Assigned: 2005-11-08
 > > Due: ---

Still open.


Other news:

Eve/Rob/Nick hope to publish rev 09 of the Technical Overview this week.


Eve Maler                                         +1 425 947 4522
Technology Director                           eve.maler @ sun.com
CTO Business Alliances group                Sun Microsystems, Inc.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]