[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes of SSTC concall Tue 29-Aug-2006
======================================================================== ==== sstc/saml concall Tue 8/29/2006 9:06:21 AM ------------------------------------------------------------------------ ---- New Action items: [AI] pm: i'll take action to send Colin a msg to ask wrt best place for feedback [AI] pm will followup and come up with some proposed text and send it to the list for feedback, then eve can incorp the results of the disc. will be entitled "authz based on attributes" detailed minutes: Prateek Mishra's agenda is preceded w/ "> ": > 1. Roll Call & Agenda Review, Appoint Secretary done. Minutes taken by Jeff Hodges Attendance Voting Members Hal Lockhart BEA Systems, Inc. Ashish Patel France Telecom Heather Hinton IBM Eric Tiffany IEEE Industry Standards and Technology Org. Scott Cantor Internet2 Bob Morgan Internet2 Tom Scavo National Center for Supercomputing Apps. Jeff Hodges Neustar, Inc. Abbie Barbir Nortel Networks Limited Ari Kermaier Oracle Corporation Prateek Mishra Oracle Corporation Brian Campbell Ping Identity Corporation Jahan Moreh Sigaba Corp. Eve Maler Sun Microsystems Emily Xu Sun Microsystems David Staggs Veterans Health Administration Members Christopher Laskowski Booz Allen Hamilton Sharon Boeyen Entrust Carolina Canales-Valenzuela Ericsson > 2. Approve minutes from August 15 con-call > > http://lists.oasis-open.org/archives/security-services/200608/msg00068.h tml > (includes correction) approved. > 3. Informational: NZ Government Authentication Standards Launched > > http://lists.oasis-open.org/archives/security-services/200608/msg00083.h tml > We really would appreciate feedback and comment on NZ SAMS and in fact > all aspects of the Programme. pm: any comments on the note from the .nz govt message? em: do they want the profile listed on our web page (ie registered?) sc: what's there is not valid, its missing subjectConf if it's the doc I'm thinking of hl: their web page lists an email link, thinks feedback shd be sent there, but shd also copy security-services@ of course em: anyone who can find time should of course comment rlbob: talked with a different .nz govt person who's working on a diff deployment activity taking place in a diff section of govt, fwiw sc: i may be confusing this with someone else... the other one had 3 prototype use cases / profiles.... this one is much longer pm: yes, thinks this is sep from one you're thinking of... [AI] pm: i'll take action to send Colin a msg to ask wrt best place for feedback hl: the doc of particular interest is "security assertion messaging standard" > 4. New errata composite drafts published > http://lists.oasis-open.org/archives/security-services/200608/msg00082.h tml em: there's one outstanding error am aware of, will fix next time have chance to update doc [jahan has sent a -34 to the list as of yesterday.] em: am caught up on errata decisions pre -34, don't know if there's anything "open" right now, please let her know in case.... it likely needs to be updated to close those items we closed at the last meeting.... em will look at it hl: [recounts the new eratta process] em: [notes changes that could be made to bring errata doc in line with stds] hl: notes that bringing the doc into line with the std process will take some work - mostly deletion hl: will take a look at current doc and asses how close it is to the new std process [unofficial AI :) ] abbie barbir (ab): notes that we will need to submit a corrigdenum to the ITU to keep the ITU version up-to-date > 5. Public Review - Next Steps > > http://www.oasis-open.org/committees/process.php#3.2 > > [quote] > The TC may conduct any number of review cycles (i.e. approval to send a > Committee Draft to Public Review, > collecting comments, making edits to the specification, etc.). The first > public review of a specification > must take place for a minimum of 60 days, and any subsequent reviews > must be held for a minimum of 15 days. > Changes made to a specification after a review must be clearly > identified in any subsequent review, > and the subsequent review shall be limited in scope to changes made in > the previous review. Before starting > another review cycle the specification must be re-approved as a > Committee Draft and then approved to go to > public review by the TC. > > If Substantive Changes are made to the specification after the public > review, whether as a result of public > review comments or from Member input, then the TC must conduct another > review cycle. The specification may > not be considered for approval by the TC as a Committee Specification > until it has undergone a review cycle during > which it has received no comments that result in Substantive Changes to > the specification. > [\quote] > > (a) Three updated drafts proposed for CD and new cycle of public review > > i. > http://www.oasis-open.org/apps/org/workgroup/security/download.php/19967 /draft-sstc-saml1x-metadata-07.pdf > > http://www.oasis-open.org/apps/org/workgroup/security/download.php/19968 /draft-sstc-saml1x-metadata-07-diff.pdf > > http://www.oasis-open.org/apps/org/workgroup/security/download.php/19969 /sstc-saml1x-metadata.xsd > pm: is there an objection to promoting these docs to CD status? [no objections] pm: when will we be ready to send these out to public review? hl: notes that we have a bunch of pub reviews either happening or will happen sc: believes that there haven't been changes to these docs since they went CD other than minor editorial tom scavo(ts): believes there is an issue, believes it can be fixed (discussion is on the list) sc: disagrees (response is on the list), belives the present item in spec should remain as a SHOULD, not be a MUST as a TS suggests pm: can bundle the x509 doc with these three? sc: would prefer not. x509 profile is not as much done. really wants to just put these three to bed. [discussion on what's in review or will need to] hl: doesn't want six pub reviews btwn now and xmas [more discussion] sc: moves that above specs go to 15day pub review jh: seconds pm: hearing no objs, motion passes sc: do we hold some sort of vote after pub review? hl: nope, cycle is ..... [answers sc's question] [em and sc discuss who gets docs ready for pub review] em: will have time wed-Fri this week to do editing pm: once you upload the docs, will send note to mary mcrae asking for 15day pub review > ii. > http://www.oasis-open.org/apps/org/workgroup/security/download.php/19971 /draft-sstc-saml-metadata-ext-query-03.pdf > > http://www.oasis-open.org/apps/org/workgroup/security/download.php/19972 /draft-sstc-saml-metadata-ext-query-03-diff.pdf > > http://www.oasis-open.org/apps/org/workgroup/security/download.php/19973 /sstc-saml-metadata-ext-query.xsd > [discussion of above in particular?] > iii. > http://www.oasis-open.org/apps/org/workgroup/security/download.php/19975 /draft-sstc-saml-protocol-ext-thirdparty-03.pdf > > http://www.oasis-open.org/apps/org/workgroup/security/download.php/19976 /draft-sstc-saml-protocol-ext-thirdparty-03-diff.pdf > > http://www.oasis-open.org/apps/org/workgroup/security/download.php/19977 /sstc-saml-protocol-ext-thirdparty.xsd > > > (b) sstc-saml-x509-authn-attrib-profile-draft > > Need champions (rebekah, ari) to respond to comments pm: folks to respond on comments? ak: so will try to get out comments by end of week > 6. Errata Review > http://www.oasis-open.org/apps/org/workgroup/security/download.php/19979 /sstc-saml-errata-2.0-draft-34.pdf > > > (a) errata: incorrect URI in SAMLCore > http://lists.oasis-open.org/archives/security-services/200608/msg00069.h tml > > (b) errata: vacuous ref to <Request> element > http://lists.oasis-open.org/archives/security-services/200608/msg00075.h tml > jm: there's some item outstanding on list wrt post profile sc: it was a discussion on a call.... is it P52 ? jm: so already captured? sc,em: yes, that's closed jm: so there's a couple of items i haven't yet captured, there's links in the agenda, (above) will do so jm: will add them to doc, note that they were pretty much accepted on this call... ts: note that in the email above, the change is actually changing saml:1.0 to saml:1.1 jm,sc: confirmed > 7. Discussion on "yellow text" portions of latest technical overview > > > http://www.oasis-open.org/committees/download.php/19258/sstc-saml-tech-o verview-20-draft-09.pdf [discussion of highlighted text in section 4.4.2 line 951] sc: would like to have 4.4 be about estab 'federated identity' -- its this definition of federation that makes things hard. em: we have "identity federation" and "federated identity" meaning two diff things sc: might be that it should be discussed way up in the saml use cases section [sc: personally believes in an expansive definition of federation -- ie attr exchange also is ident federation. sec 2.3 mentions this, lines 244-257] em: line 252 acks the attr-based ident exchange, but is short shrift, maybe we can expand the concept there? [discussing changes to sections 2.2 & 2.3 to clarify things] pm: wonders what they are differentiating here? em: explains.... so RobP has added these sections, it's new text sc: the use case its capturing is web sso, and thinks the guts are attr-based authz -- so any identifier could be transient thus meaningless, ie its a session descriptor/name/ident (need one for sgl logout) sc: notes that NameIDs are treated specially, and attrs arent, this perhaps needs to be mentioned pm: so idea is that 4.4.4 could pick up some disc of attrs... sc: yes, but need to look at it em: can remove 4.4.5 if that's what we want to do? can scott look at it? sc: yes em: will take a look at section 2 ak: "federation" - folks use that to mean COTs too.... so a transient nameid, is useful [discussion of various defns of "federation"...] sc: so tech overview shouldn't be exhaustive em: that's what rob did, he removed a bunch of stuff sc: is suggesting that getting rid of 4.4.5 would simplify things... pm: include the sense of it in 4.4.4? sc: could do that.... this is an overview, don't have to deal with all possible use cases in this doc... hl: if we want to adopt a broad sense of the word federation we can expound on it early in the doc and set our defn for its use in this doc... em: notes that there is a nice sec on attr-based authz in the exec overview doc [discussion abt whether ought to take sec from exec overview and use in tech overview....] [discussion of what to do with sec 4.5....] [AI] pm will followup and come up with some proposed text and send it to the list for feedback, then eve can incorp the results of the disc. will be entitled "authz based on attributes" sc: suggests "use of attributes" -- we've showed the flows, here's what you put "inside" 'em. em: would like to see actual example messages, some comments she's hearing is "i just want to see exp messages - show me the code..." pm: so in summary the chairs call for TC folk to read the tech overview draft and comment to the list... > 8. Open AIs > > #0264: Comment on "attribute-based federation" section > Owner: Prateek Mishra > Status: Open > Assigned: 2006-08-28 > Due: --- open > #0263: NameID and the use of SPProvidedID > Owner: Jahan Moreh > Status: Open > Assigned: 2006-07-18 > Due: --- open > #0262: Creation of the "new" LDAP/X.500 profile > Owner: Scott Cantor > Status: Open > Assigned: 2006-07-18 > Due: --- open > #0261: Chairs to contact GUIDE for follow-up > Owner: > Status: Open > Assigned: 2006-07-18 > Due: --- pm: done. they have submitted to us a doc. it's a submission to the TC, so comments to the list. > #0240: Status of SAML 2.0 submission to ITU T > Owner: Abbie Barbir > Status: Open > Assigned: 2005-11-08 > Due: --- on-going. ab: have some comments on the doc from review, in Grp 17, doesn't see any probs, should be done in 4..6 wks max, no major issues, is just working the process.... ajorned.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]