OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: OASIS SSTC conf call minutes, 15 Aug 2006



OASIS SSTC conference call minutes, 2006-08-15
scribe:  RL "Bob" Morgan

Summary:

  * vote to conduct IPR Transition Approval Ballot with IPR mode of
    RF on Limited Terms

  * PEs 52, 55, 58, and 59 accepted and closed

  * all are asked to review new Technical Overview doc

  * Shared Credential doc voted to CD status

  * enthusiasm sought for working on GUIDE SSO scenarios as TC work


Detailed Minutes

   1. Roll Call & Agenda Review, Appoint Secretary

   2. Approve minutes from July 18 con-call

Note:  there was no meeting August 1 due to OASIS mail server problems.

   http://www.oasis-open.org/apps/org/workgroup/security/email/archives/200
   607/msg00048.html

   with one further correction:

   http://www.oasis-open.org/apps/org/workgroup/security/email/archives/200
   607/msg00050.html

Approved with no further comments.

   3. IPR Transition

   The chairs recommend that the TC request the TC Admin conduct a
   Transition Approval Ballot with an IPR Mode of RF on Limited Terms.

Hal:  First step was last year everyone agreed to abide by policy when
signing up for OASIS membership, that's done.

Frederick moves as above, Eve seconds.

Hal:  Vote is done by org reps, one vote per org, only those orgs which
have members participating in this TC.  Vote must be unanimous to pass, at
least 50% must participate.

Abbie:  would like to see vote using RF on RAND terms, propose to amend
   motion thusly.
   No one seconds, amendment fails.

Heather:  can multiple ballots be taken?
   Hal:  yes

Steve:  do companies with current IPR declarations have to do something?
   Hal:  no
Scott:  not retroactive, is it?  ie SAML 2.0 isn't covered, it's already
   done
   Hal:  that's right, only applies to new work

Hal:  any objections?
   Abbie:  yes
roll call done:  15 yes, 3 abstain, 1 no, motion carries

   4. Errata

Eve:  her approach is to take any closed errata changes and incorporate
   them into her redline version

Hal:  OASIS is about to publish errata process that is quite similar to
   what SSTC has been doing already

   a. sstc-saml-errata-2.0-draft-33.pdf

   http://www.oasis-open.org/apps/org/workgroup/security/download.php/19460
   /sstc-saml-errata-2.0-draft-33.pdf

review open errata items

PE52:
Scott:  point is that meaning of validity window of assertion-as-a-whole
remains undefined, point of adding subject-confirmation validity window is
to add something clear in the context of the SSO profile
Rob:  OK, but "delivery" is confusing, since it's a processing constraint
on the RP, not on the deliverer
Scott:  concern about too many words being more confusing
Hal:  maybe say it concisely, then a note explaining further
Greg:  more about "acceptance" than "delivery", right?
Scott:  propose this change:

   "... a NotOnOrAfter attribute that limits the window during which the
   assertion can be confirmed by the relying party"

no objections, PE52 closed

PE55:
Scott:  waiting for confirmation from implementors that proposed changes
   were consistent with previous decisions on behavior, but no comments
   main change is making clear that nameidmgt just applies to identifiers,
     not to "principal" in the abstract as thing with many ids
Hal:  accept as proposed?  no objections
PE55 accepted, closed

PE58:
accepted, closed

PE59:
accepted, closed

   b. Errata diffs

   http://www.oasis-open.org/apps/org/workgroup/security/download.php/19708
   /sstc-saml-profiles-errata-2.0-wd-02-diff.pdf

   http://www.oasis-open.org/apps/org/workgroup/security/download.php/19697
   /sstc-saml-metadata-errata-2.0-wd-01-diff.pdf

   http://www.oasis-open.org/apps/org/workgroup/security/download.php/19640
   /sstc-saml-conformance-errata-2.0-wd-01-diff.pdf

   http://www.oasis-open.org/apps/org/workgroup/security/download.php/19630
   /sstc-saml-bindings-errata-2.0-wd-01-diff.pdf

   http://www.oasis-open.org/apps/org/workgroup/security/download.php/19628
   /sstc-saml-core-errata-2.0-wd-01-diff.pdf

Eve:  Kept text same except for errata and page footers and such.  Propose
   "errata contributor list" to acknowledge new people.
Hal:  why not just add to regular contrib list
Eve:  rather keep orig doc clean
Rob:  agree
Eve:  with affiliations as asserted by contributors
Hal:  in new formal errata process the normative doc would be like current
   errata doc, not the redline version
Eve:  please give context in errata

   Discussion

   http://www.oasis-open.org/apps/org/workgroup/security/email/archives/200
   608/msg00043.html



   5. Documents Published

   a. Update to Technical Overview published

   http://www.oasis-open.org/apps/org/workgroup/security/email/archives/200
   607/msg00058.html

Eve:  pared down to profiles/bindings actually in use, new figures, etc
   please review, everyone

Rob:  didn't touch "attribute-based federation" section since finds it
   confusing, could use some help
     Scott/Prateek:  will do
   also gap in nameid-management protocol coverage, problem?
Eve:  would like to see wiki-style presentation of material
Hal:  but still need to email the doc
Scott:  could make overview doc small if supplemented by online wiki eg
Rob:  so more nameidmgt material?
Scott:  not with sequence diagram
Hal:  schedule discussion of open items ("yellow text") for next conf call


   b. New Input: SAML Text Challenge Response Token Authentication Context
   Class

   http://www.oasis-open.org/apps/org/workgroup/security/download.php/19455
   /draft-saml-text-based-challenge-response-authn-context-class-01.pdf

Tom W:  defines text-based C/R, not covered by current stuff

   c. SAML Web page update


   6. New Profile drafts (post public review)

   a. Metadata

   SAML 1.x metadata profile
   SAML metadata ext for query req
   SAML protocol ext for third-party req

   http://www.oasis-open.org/apps/org/workgroup/security/email/archives/200
   607/msg00073.html

   b. Shared Credentials

   http://www.oasis-open.org/apps/org/workgroup/security/email/archives/200
   608/msg00013.html

   Vote for CD status.

Paul Madsen moves for CD status.  Ashish Shah seconds.  No objections,
passed.

Prateek:  what's status of X.509 attribute profile?

   7. Active Threads

   a. Potential errata in SSO Profile

   http://www.oasis-open.org/apps/org/workgroup/security/email/archives/200
   608/msg00018.html

   b. Additional SSO Scenarios from GUIDE project

   http://www.oasis-open.org/apps/org/workgroup/security/email/archives/200
   608/msg00050.html

Hal:  seems like potentially useful TC work, seeking others

   8. Open AIs

   #0261: Chairs to contact GUIDE for follow-up
   Owner:
   Status: Open
   Assigned: 2006-07-18
   Due: ---

   #0262: Creation of the "new" LDAP/X.500 profile
   Owner: Scott Cantor
   Status: Open
   Assigned: 2006-07-18
   Due: ---

remains open

   #0263: NameID and the use of SPProvidedID
   Owner: Jahan Moreh
   Status: Open
   Assigned: 2006-07-18
   Due: ---

Scott will check with Jahan

   #0238: Plan for red-line versions of SAML 2.0
   Owner: Eve Maler
   Status: Open
   Assigned: 2005-11-08
   Due: ---

closed

   #0240: Status of SAML 2.0 submission to ITU T
   Owner: Abbie Barbir
   Status: Open
   Assigned: 2005-11-08
   Due: ---

   9. Other business

Scott:  concern about long public review time
Hal:  only first review is long, others can be 15 days

   10. Adjourn


---


Attendance of Voting Members

   Steve Anderson BMC Software
   Abbie Barbir Nortel
   Bhavna Bhatnagar Sun Microsystems
   Brian Campbell Ping Identity
   Scott Cantor Internet2
   Heather Hinton IBM
   Frederick Hirsch Nokia
   John Hughes PA Consulting
   Hal Lockhart BEA Systems, Inc
   Paul Madsen NTT Corporation
   Eve Maler Sun Microsystems
   Prateek Mishra Oracle
   Bob Morgan Internet2
   Ashish Patel France Telecom
   Rob Philpott RSA Security
   David Staggs Veteran's Health Admin
   Eric Tiffany IEEE Industry Standards
   Greg Whitehead Hewlett-Packard Company
   Thomas Wisniewski Entrust
   Emily Xu Sun Microsystems


Attendance of Non-Voting Members

   Ari Kermaier Oracle
   Tom Scavo National Center for Supercomputing Applications


Membership Status Changes

   Darren Platt Ping Identity - Withdrew from TC 7/21/2006
   Andrew Sliwkowski RSA Security - Granted membership 7/21/2006
   John Harby Individual - Granted membership 7/21/2006
   Prasanta Behera Individual - Requested Observer status 8/8/2006
   Ari Kermaier Oracle - Granted voting status after 8/15//2006 call
   Tom Scavo National Center for Supercomputing Applications - Granted
voting status after 8/15//2006 call
   Sharon Boeyen Entrust - Lost voting status after 8/15/2006 call
   Carolina Canales-Valenzuela Ericsson - Lost voting status after
8/15/2006 call
   Guy Denton IBM - Lost voting status after 8/15/2006 call



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]