OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes of SSTC concall Tue 29-Aug-2006

sstc/saml concall Tue 8/29/2006 9:06:21 AM

New Action items:

[AI] pm: i'll take action to send Colin a msg to ask wrt best place for

[AI] pm will followup and come up with some proposed text and send it to
list for feedback, then eve can incorp the results of the disc. will be 
entitled "authz based on attributes"

detailed minutes:

Prateek Mishra's agenda is preceded w/ "> ":

> 1. Roll Call & Agenda Review, Appoint Secretary


Minutes taken by Jeff Hodges


Voting Members

Hal Lockhart  			BEA Systems, Inc.
Ashish Patel 			France Telecom
Heather Hinton 			IBM
Eric Tiffany 			IEEE Industry Standards and Technology
Scott Cantor 			Internet2
Bob Morgan 				Internet2
Tom Scavo 				National Center for
Supercomputing Apps.
Jeff Hodges 			Neustar, Inc.
Abbie Barbir 			Nortel Networks Limited
Ari Kermaier 			Oracle Corporation
Prateek Mishra 			Oracle Corporation
Brian Campbell 			Ping Identity Corporation
Jahan Moreh 			Sigaba Corp.
Eve Maler 				Sun Microsystems
Emily Xu 				Sun Microsystems
David Staggs 			Veterans Health Administration


Christopher Laskowski 		Booz Allen Hamilton
Sharon Boeyen 			Entrust
Carolina Canales-Valenzuela 	Ericsson

 > 2. Approve minutes from August 15 con-call
 > (includes correction)


 > 3. Informational: NZ Government Authentication Standards Launched

 > We really would appreciate feedback and comment on NZ SAMS and in
 > all aspects of the Programme.

pm: any comments on the note from the .nz govt message?

em: do they want the profile listed on our web page (ie registered?)

sc: what's there is not valid, its missing subjectConf if it's the doc
thinking of

hl: their web page lists an email link, thinks feedback shd be sent
there, but 
shd also copy security-services@ of course

em: anyone who can find time should of course comment

rlbob: talked with a different .nz govt person who's working on a diff 
deployment activity taking place in a diff section of govt, fwiw

sc: i may be confusing this with someone else... the other one had 3
use cases / profiles.... this one is much longer

pm: yes, thinks this is sep from one you're thinking of...

[AI] pm: i'll take action to send Colin a msg to ask wrt best place for

hl: the doc of particular interest is "security assertion messaging

 > 4. New errata composite drafts published

em: there's one outstanding error am aware of, will fix next time have
to update doc

[jahan has sent a -34 to the list as of yesterday.]

em: am caught up on errata decisions pre -34, don't know if there's
"open" right now, please let her know in case....

it likely needs to be updated to close those items we closed at the last

meeting.... em will look at it

hl: [recounts the new eratta process]

em: [notes changes that could be made to bring errata doc in line with

hl: notes that bringing the doc into line with the std process will take
work - mostly deletion

hl: will take a look at current doc and asses how close it is to the new

[unofficial AI :) ]

abbie barbir (ab): notes that we will need to submit a corrigdenum to
the ITU 
to keep the ITU version up-to-date

 > 5. Public Review - Next Steps
 > http://www.oasis-open.org/committees/process.php#3.2
 > [quote]
 > The TC may conduct any number of review cycles (i.e. approval to send
 > Committee Draft to Public Review,
 > collecting comments, making edits to the specification, etc.). The
 > public review of a specification
 > must take place for a minimum of 60 days, and any subsequent reviews
 > must be held for a minimum of 15 days.
 > Changes made to a specification after a review must be clearly
 > identified in any subsequent review,
 > and the subsequent review shall be limited in scope to changes made
 > the previous review. Before starting
 > another review cycle the specification must be re-approved as a
 > Committee Draft and then approved to go to
 > public review by the TC.
 > If Substantive Changes are made to the specification after the public
 > review, whether as a result of public
 > review comments or from Member input, then the TC must conduct
 > review cycle. The specification may
 > not be considered for approval by the TC as a Committee Specification
 > until it has undergone a review cycle during
 > which it has received no comments that result in Substantive Changes
 > the specification.
 > [\quote]
 > (a) Three updated drafts proposed for CD and new cycle of public
 > i.




pm: is there an objection to promoting these docs to CD status?

[no objections]

pm: when will we be ready to send these out to public review?

hl: notes that we have a bunch of pub reviews either happening or will

sc: believes that there haven't been changes to these docs since they
went CD 
other than minor editorial

tom scavo(ts): believes there is an issue, believes it can be fixed
is on the list)

sc: disagrees (response is on the list), belives the present item in
should remain as a SHOULD, not be a MUST as a TS suggests

pm: can bundle the x509 doc with these three?

sc: would prefer not. x509 profile is not as much done.  really wants to
put these three to bed.

[discussion on what's in review or will need to]

hl: doesn't want six pub reviews btwn now and xmas

[more discussion]

sc:  moves that above specs go to 15day pub review

jh: seconds

pm:  hearing no objs, motion passes

sc: do we hold some sort of vote after pub review?

hl: nope, cycle is ..... [answers sc's question]

[em and sc discuss who gets docs ready for pub review]

em: will have time wed-Fri this week to do editing

pm: once you upload the docs, will send note to mary mcrae asking for
15day pub 

 > ii.




[discussion of above in particular?]

 > iii.



 > (b) sstc-saml-x509-authn-attrib-profile-draft
 > Need champions (rebekah, ari) to respond to comments

pm: folks to respond on comments?

ak: so will try to get out comments by end of week

 > 6. Errata Review

 > (a) errata: incorrect URI in SAMLCore
 > (b) errata: vacuous ref to <Request> element

jm: there's some item outstanding on list wrt post profile

sc: it was a discussion on a call.... is it P52 ?

jm: so already captured?

sc,em: yes, that's closed

jm: so there's a couple of items i haven't yet captured, there's links
in the 
agenda, (above) will do so

jm: will add them to doc, note that they were pretty much accepted on
this call...

ts: note that in the email above, the change is actually changing
saml:1.0 to 

jm,sc: confirmed

 > 7. Discussion on "yellow text" portions of latest technical overview

[discussion of highlighted text in section 4.4.2 line 951]

sc: would like to have 4.4 be about estab 'federated identity' -- its
definition of federation that makes things hard.

em: we have "identity federation" and "federated identity" meaning two
diff things

sc: might be that it should be discussed way up in the saml use cases

[sc: personally believes in an expansive definition of federation -- ie
exchange also is ident federation. sec 2.3 mentions this, lines 244-257]

em: line 252 acks the attr-based ident exchange, but is short shrift,
maybe we 
can expand the concept there?

[discussing changes to sections 2.2 & 2.3 to clarify things]

pm: wonders what they are differentiating here?

em: explains....   so RobP has added these sections, it's new text

sc: the use case its capturing is web sso, and thinks the guts are
authz -- so any identifier could be transient thus meaningless, ie its a

session descriptor/name/ident (need one for sgl logout)

sc: notes that NameIDs are treated specially, and attrs arent, this
needs to be mentioned

pm: so idea is that 4.4.4 could pick up some disc of attrs...

sc: yes,  but need to look at it

em: can remove 4.4.5 if that's what we want to do?  can scott look at

sc: yes

em: will take a look  at section 2

ak: "federation" - folks use that to mean COTs too....  so a transient
is useful

[discussion of various defns of "federation"...]

sc: so tech overview shouldn't be exhaustive

em: that's what rob did, he removed a bunch of stuff

sc: is suggesting that getting rid of 4.4.5 would simplify things...

pm: include the sense of it in 4.4.4?

sc: could do that.... this is an overview, don't have to deal with all
use cases in this doc...

hl:  if we want to adopt a broad sense of the word federation we can
expound on 
it early in the doc and set our defn for its use in this doc...

em: notes that there is a nice sec on attr-based authz in the exec
overview doc

[discussion abt whether ought to take sec from exec overview and use in

[discussion of what to do with sec 4.5....]

[AI] pm will followup and come up with some proposed text and send it to
list for feedback, then eve can incorp the results of the disc. will be 
entitled "authz based on attributes"

sc: suggests "use of attributes" -- we've showed the flows, here's what
you put 
"inside" 'em.

em: would like to see actual example messages, some comments she's
hearing is 
"i just want to see exp messages - show me the code..."

pm: so in summary the chairs call for TC folk to read the tech overview
and comment to the list...

 > 8. Open AIs
 > #0264: Comment on "attribute-based federation" section
 > Owner: Prateek Mishra
 > Status: Open
 > Assigned: 2006-08-28
 > Due: ---


 > #0263: NameID and the use of SPProvidedID
 > Owner: Jahan Moreh
 > Status: Open
 > Assigned: 2006-07-18
 > Due: ---


 > #0262: Creation of the "new" LDAP/X.500 profile
 > Owner: Scott Cantor
 > Status: Open
 > Assigned: 2006-07-18
 > Due: ---


 > #0261: Chairs to contact GUIDE for follow-up
 > Owner:
 > Status: Open
 > Assigned: 2006-07-18
 > Due: ---

pm: done. they have submitted to us a doc. it's a submission to the TC,
comments to the list.

 > #0240: Status of SAML 2.0 submission to ITU T
 > Owner: Abbie Barbir
 > Status: Open
 > Assigned: 2005-11-08
 > Due: ---


ab: have some comments on the doc from review, in Grp 17, doesn't see
probs, should be done in 4..6 wks max, no major issues, is just working


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]