[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: OASIS SSTC conf call minutes, 24 Oct 2006
OASIS SSTC conference call minutes 2006-10-24 scribe: RL "Bob" Morgan Summary: * vote to initiate ballot on IPR transition on RF-on-RAND terms * discussion of submission from GUIDE project * PE 263 closed Detailed minutes: 1. Roll Call & Agenda Review, Appoint Secretary Eve volunteered to take minutes on the *next* call! 2. Approve minutes from October 10 con-call http://lists.oasis-open.org/archives/security-services/200610/msg00034.html Minutes approved without comments. 3. IPR Transition Request Ballot The chairs recommend that the TC request the TC Admin conduct a Transition Approval Ballot with an IPR Mode of "RF on RAND Terms". http://www.oasis-open.org/who/ipr/ipr_transition_policy.php Abbie Barbir so moved, Rob Philpott seconded. Bob Morgan commented that his organization would likely vote no, preferring the previous proposal. Rob Philpott said that there were extensive discussions at EMC, and RF-on-limited is not acceptable. Bob expressed concerns that terms not be imposed that make open-source implementations impossible or unattractive. If the TC cannot agree, it is likely that a new TC would be proposed under a particular set of terms, proposing to further the SAML work. Most or all of the Web Services TCs are using RF-on-RAND. Vote taken: no objections to unanimous consent, ballot will be taken. 4. Discussion on "Guide Project" with BT participants http://lists.oasis-open.org/archives/security-services/200608/msg00050.html BT folks (whose names I got as Kieran Salt and Colin Young, statements labelled as "G:" below) attend to discuss the project. Guide is working on pan-European e-government identity. As an example, a person in France bidding on contract from German government via an e-procurement application; in this case the German app would rely on the French IdM infra. Many other use cases laid out. Social inclusion is a priority, eg users without their own computers relying on government agency for access. Also "principal not present" scenarios for automated transfers. Prateek: cases 2 and 3 imply "acting on behalf of" support? G: Yes G: Guide not about doing tech specs, but encouraging groups such as SSTC to add support as needed. Hal: we encourage profiles to be developed, and seek to provide expert review, though can't guarantee consensus. Is Guide making formal profile proposal, or asking for advice? G: the latter, looking for initial review now. Prateek: Main questions are about modeling of cases 2 and 3, the "acting on behalf of" cases. There are some approaches, but different from those shown. Will send response on TC list. Eve: SAML can be made to do these things, but Liberty WS work supports these requirements more directly. Hal: In case 3, there may be no technical means to assure "on behalf of" if the principal is truly not involved. G: understood. Eve: Liberty security mech doc is the one that defines various roles. G: would be happy to rely on Liberty if appropriate. Prateek: One way to encourage comment is to submit profile to TC and ask for it to be standards-track doc. G: Is this likely to be of interest to the TC? Prateek: Case 2 is certainly of interest generally. Eve: has been discussed, many questions about what can be done in protocol and what needs out of band agreements/checking etc. Prateek: if interest is in asking vendors to provide interoperable implementations supporting these scenarios, this implies more formality. 5. New Drafts i. draft-hodges-HowToLearnSAML-01.pdf http://www.oasis-open.org/apps/org/workgroup/security/ download.php/20821/draft-hodges-HowToLearnSAML-01.pdf Jeff not on. Eve notes boilerplate adds many pages ... ii. tech overview 11 draft published <link not yet available from message archive> Eve: awaiting code examples, Tom S will send. Other changes still waiting. note that line numbers are hard as references, given they change so much, so references to section/paragraph are better. Maybe only another rev or two to go before approval. 6. New threads i. errata: misuse of strongly matches http://lists.oasis-open.org/archives/security-services/200610/msg00027.html Tom S: two separate issues. One is potentially misleading refs to "strongly matches". Other is definition of s-m itself, which is claimed to be not testable, this needs discussion. 8. Open AIs 0269: CDize errata based on draft 35 Owner: Eve Maler Status: Open Assigned: 2006-09-25 Due: --- Eve: very laborious to reconstruct each wording change. ----------------------------------------------------------------------- #0267: Chairs to move docs to new public review Owner: Status: Open Assigned: 2006-09-25 Due: --- Prateek: still need to do. Eve volunteers to CDize "simple Simon" doc if needed. Sharon Boeyen: challenge/response doc ready, yes? Prateek: yes. ----------------------------------------------------------------------- #0266: New deployment profile Owner: Tom Scavo* Status: Open Assigned: 2006-09-25 Due: --- Remains open. ----------------------------------------------------------------------- #0265: Updated draft of X.500 attribute sharing deployment profile Owner: Ari Kermaier Status: Open Assigned: 2006-09-25 Due: --- Remains open. ----------------------------------------------------------------------- #0263: NameID and the use of SPProvidedID Owner: Jahan Moreh Status: Open Assigned: 2006-07-18 Due: --- Closed. ----------------------------------------------------------------------- #0240: Status of SAML 2.0 submission to ITU T Owner: Abbie Barbir Status: Open Assigned: 2005-11-08 Due: --- Remains open. Adjourned at 10:05 PDT. --- Attendance of Voting Members Steve Anderson BMC Software Bhavna Bhatnagar Sun Microsystems Sharon Boeyen Entrust Heather Hinton IBM Frederick Hirsch Nokia Ari Kermaier Oracle Chris Laskowski Booz Allen Hamilton Hal Lockhart BEA Systems, Inc Eve Maler Sun Microsystems Prateek Mishra Oracle Bob Morgan Internet2 Anthony Nadalin IBM Ashish Patel France Telecom Rob Philpott RSA Security Tom Scavo National Center for Supercomputing Applications David Staggs Veteran's Health Admin Eric Tiffany IEEE Industry Standards Emily Xu Sun Microsystems Attendance of Non-Voting Members Abbie Barbir Nortel Guy Denton IBM Dana Kaufman Forum Systems Rebekah Metz Booz Allen Hamilton Attendance of Observers Greg Desmarais Sigaba Membership Status Changes Abbie Barbir Nortel - Granted voting status after 10/24/2006 call Guy Denton IBM - Granted voting status after 10/24/2006 call Rebekah Metz Booz Allen Hamilton - Granted voting status after 10/24/2006 call
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]