OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: OASIS SSTC conf call minutes, 24 Oct 2006



OASIS SSTC conference call minutes 2006-10-24
scribe:  RL "Bob" Morgan

Summary:

  * vote to initiate ballot on IPR transition on RF-on-RAND terms
  * discussion of submission from GUIDE project
  * PE 263 closed


Detailed minutes:

   1. Roll Call & Agenda Review, Appoint Secretary

Eve volunteered to take minutes on the *next* call!

   2. Approve minutes from October 10 con-call

http://lists.oasis-open.org/archives/security-services/200610/msg00034.html

Minutes approved without comments.

   3. IPR Transition Request Ballot

   The chairs recommend that the TC request the TC Admin
   conduct a Transition Approval Ballot with an IPR Mode of
   "RF on RAND Terms".

   http://www.oasis-open.org/who/ipr/ipr_transition_policy.php

Abbie Barbir so moved, Rob Philpott seconded.

Bob Morgan commented that his organization would likely vote no,
preferring the previous proposal.  Rob Philpott said that there were
extensive discussions at EMC, and RF-on-limited is not acceptable.  Bob
expressed concerns that terms not be imposed that make open-source
implementations impossible or unattractive.  If the TC cannot agree, it is
likely that a new TC would be proposed under a particular set of terms,
proposing to further the SAML work.  Most or all of the Web Services TCs
are using RF-on-RAND.

Vote taken:  no objections to unanimous consent, ballot will be taken.


   4. Discussion on "Guide Project" with BT participants

http://lists.oasis-open.org/archives/security-services/200608/msg00050.html

BT folks (whose names I got as Kieran Salt and Colin Young, statements
labelled as "G:" below) attend to discuss the project.  Guide is working
on pan-European e-government identity.  As an example, a person in France
bidding on contract from German government via an e-procurement
application; in this case the German app would rely on the French IdM
infra.  Many other use cases laid out.  Social inclusion is a priority, eg
users without their own computers relying on government agency for access.
Also "principal not present" scenarios for automated transfers.

Prateek:  cases 2 and 3 imply "acting on behalf of" support?
   G:  Yes

G: Guide not about doing tech specs, but encouraging groups such as SSTC
to add support as needed.

Hal:  we encourage profiles to be developed, and seek to provide expert
review, though can't guarantee consensus.  Is Guide making formal profile
proposal, or asking for advice?
   G:  the latter, looking for initial review now.

Prateek:  Main questions are about modeling of cases 2 and 3, the "acting
on behalf of" cases.  There are some approaches, but different from those
shown.  Will send response on TC list.

Eve:  SAML can be made to do these things, but Liberty WS work supports
these requirements more directly.

Hal:  In case 3, there may be no technical means to assure "on behalf of"
if the principal is truly not involved.
   G:  understood.

Eve:  Liberty security mech doc is the one that defines various roles.

G:  would be happy to rely on Liberty if appropriate.

Prateek:  One way to encourage comment is to submit profile to TC and ask
for it to be standards-track doc.

G:  Is this likely to be of interest to the TC?
   Prateek:  Case 2 is certainly of interest generally.
   Eve:  has been discussed, many questions about what can be done in
   protocol and what needs out of band agreements/checking etc.

Prateek:  if interest is in asking vendors to provide interoperable
implementations supporting these scenarios, this implies more formality.


   5. New Drafts

   i. draft-hodges-HowToLearnSAML-01.pdf
   http://www.oasis-open.org/apps/org/workgroup/security/
     download.php/20821/draft-hodges-HowToLearnSAML-01.pdf

Jeff not on.  Eve notes boilerplate adds many pages ...

   ii. tech overview 11 draft published
   <link not yet available from message archive>

Eve:  awaiting code examples, Tom S will send.  Other changes still 
waiting.
   note that line numbers are hard as references, given they change so
   much, so references to section/paragraph are better.  Maybe only another
   rev or two to go before approval.


   6. New threads

   i. errata: misuse of strongly matches

http://lists.oasis-open.org/archives/security-services/200610/msg00027.html

Tom S:  two separate issues.  One is potentially misleading refs to
"strongly matches".  Other is definition of s-m itself, which is claimed
to be not testable, this needs discussion.


   8. Open AIs

   0269: CDize errata based on draft 35
   Owner: Eve Maler
   Status: Open
   Assigned: 2006-09-25
   Due: ---

Eve:  very laborious to reconstruct each wording change.

   -----------------------------------------------------------------------

   #0267: Chairs to move docs to new public review
   Owner:
   Status: Open
   Assigned: 2006-09-25
   Due: ---

Prateek:  still need to do.  Eve volunteers to CDize "simple Simon" doc if
needed.  Sharon Boeyen:  challenge/response doc ready, yes?  Prateek: 
yes.

   -----------------------------------------------------------------------

   #0266: New deployment profile
   Owner: Tom Scavo*
   Status: Open
   Assigned: 2006-09-25
   Due: ---

Remains open.

   -----------------------------------------------------------------------

   #0265: Updated draft of X.500 attribute sharing deployment profile
   Owner: Ari Kermaier
   Status: Open
   Assigned: 2006-09-25
   Due: ---

Remains open.

   -----------------------------------------------------------------------

   #0263: NameID and the use of SPProvidedID
   Owner: Jahan Moreh
   Status: Open
   Assigned: 2006-07-18
   Due: ---

Closed.

   -----------------------------------------------------------------------

   #0240: Status of SAML 2.0 submission to ITU T
   Owner: Abbie Barbir
   Status: Open
   Assigned: 2005-11-08
   Due: ---

Remains open.

Adjourned at 10:05 PDT.


---

Attendance of Voting Members

   Steve Anderson BMC Software
   Bhavna Bhatnagar Sun Microsystems
   Sharon Boeyen Entrust
   Heather Hinton IBM
   Frederick Hirsch Nokia
   Ari Kermaier Oracle
   Chris Laskowski Booz Allen Hamilton
   Hal Lockhart BEA Systems, Inc
   Eve Maler Sun Microsystems
   Prateek Mishra Oracle
   Bob Morgan Internet2
   Anthony Nadalin IBM
   Ashish Patel France Telecom
   Rob Philpott RSA Security
   Tom Scavo National Center for Supercomputing Applications
   David Staggs Veteran's Health Admin
   Eric Tiffany IEEE Industry Standards
   Emily Xu Sun Microsystems

Attendance of Non-Voting Members

   Abbie Barbir Nortel
   Guy Denton IBM
   Dana Kaufman Forum Systems
   Rebekah Metz Booz Allen Hamilton

Attendance of Observers

   Greg Desmarais Sigaba

Membership Status Changes

   Abbie Barbir Nortel - Granted voting status after 10/24/2006 call
   Guy Denton IBM - Granted voting status after 10/24/2006 call
   Rebekah Metz Booz Allen Hamilton - Granted voting status after
     10/24/2006 call



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]