OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes for 13 Mar 2007 SSTC telecon, with roll

> 1. Roll Call & Agenda Review, Find volunteer minute taker

Eve volunteered to take minutes.

Attendance of Voting Members
   Steve Anderson BMC Software 

   Conor P. Cahill Intel 

   Brian Campbell Ping Identity 

   Scott Cantor Internet2 

   Jeff Hodges NeuStar 

   Ari Kermaier Oracle 

   Chris Laskowski Booz Allen Hamilton 

   Paul Madsen NTT Corporation 

   Eve Maler Sun Microsystems 

   Prateek Mishra Oracle 

   Bob Morgan Internet2 

   Anthony Nadalin IBM 

   Ashish Patel France Telecom 

   Rob Philpott EMC Corporation 

   Tom Scavo National Center for Supercomputing Applications 

   David Staggs Veteran's Health Admin 

   Eric Tiffany IEEE Industry Standards 

   Greg Whitehead Hewlett-Packard Company 

   Emily Xu Sun Microsystems 

Attendance of Non-Voting Members
   Abbie Barbir Nortel 

   George Fletcher AOL 

Membership Status Changes
   Eric Tiffany IEEE Industry Standards - Member account restored 
   Senthil Sengodan Nokia - Withdrew from TC 3/2/2007
   George Fletcher AOL - Membership granted 3/9/2007

> 2. Approve minutes from February 27 con-call
> http://lists.oasis-open.org/archives/security-services/200702/msg00071.html

APPROVED by unanimous consent.

> 3. New drafts uploaded
> (a) Simple Signature Web SSO Profile
> http://lists.oasis-open.org/archives/security-services/200703/msg00014.html

Scott: Note that this is a binding (not a profile).  He had some 
trouble producing HTML, but ultimately managed it using a software 
tool and a bit of hand-editing.  This is okay to do occasionally but 
isn't tenable as a regular thing.

AI: Chairs to get SimpleSign to 60-day public review.

> (Voted to public review Jan 30 - chairs need to forward to Mary)
> (b) CD-01 version of Approved Errata document 
> http://www.oasis-open.org/archives/security-services/200703/msg00033.html
> initiate errata process -
> http://www.oasis-open.org/committees/process.php#3.5

Eve: Actually we did this last time; this is ready to go to public 
review now, having been edited into CD form.

AI: Chairs to get Approved Errata to 15-day public review.

> (c) Technical Overview v13
> http://www.oasis-open.org/archives/security-services/200702/msg00052.html

> We had planned on a CD and public review vote today.

MOVED by Abbie, SECONDED by RLBob to move IdP Discovery doc to CD 
status.  APPROVED by unanimous consent.

MOVED by JeffH, SECONDED by Abbie to move the IdP Discovery CD to 
public review.  APPROVED by unanimous consent.

Eve: Asks for clarification: are we instructing the editor (Paul) to 
incorporate edits as suggested by Eve and Tom prior to CD 
publication?  Prateek: No, we'll catalog these as the first wave of 
"public review" comments and save them for later.

AI: Editor (Paul) to prepare Tech Overview for CD publication.

> (d) draft-sstc-saml-idp-discovery-03.pdf uploaded 
> http://lists.oasis-open.org/archives/security-services/200703/msg00028.html

Current status is that we're requesting comment preparatory to 
entertaining a CD/public review vote next time.

> 4. Active Threads
> (a) Untrusted Service Provider Profile
> http://lists.oasis-open.org/archives/security-services/200702/msg00075.html

No action.

> (b) Assertion signing confusion 
> http://lists.oasis-open.org/archives/security-services/200703/msg00003.html

No action.  The confusion was cleared up in errata already.

> (c) AuthnContextDecl and AuthnContextDeclRef 
> http://lists.oasis-open.org/archives/security-services/200703/msg00004.html

No action; we think the spec text is as good as we can make it.  If 
someone (Eric?) wants to suggest better text, we can entertain it.

AI: Eric to either propose text to improve AuthnContextDecl/Ref 
confusion or indicate that there's no need.

> (d) Comments on Tech Overview rev 13 
> http://lists.oasis-open.org/archives/security-services/200703/msg00019.html

This link is to a followup; the original comments in totality are at:


First issue: Should the two outermost steps in flows ("access 
resource" and "supply resource") use dotted lines or solid lines? 
Currently the first is solid and the last is dotted!  So regardless, 
something has to change.  The sentiment on the call was to make them 
solid, so as not to needlessly confuse people about what's being 
accomplished by the flow.  (The "challenge for credentials" and 
"user login" steps are appropriately dotted because it could be 
multiple challenge steps etc.  We're not willing to change it to be 
a single dotted-double arrow line, though, since that would change 
the numbering and be very invasive to the spec text.)

AI: Editor (Paul) to change final arrows to solid in Tech Overview 
diagrams throughout.

Second issue: Should the swoopy redirect arrows be changed to a pair 
of arrow steps, the way POST is?  No, it's not that important and 
anyway it shows at a glance which binding is being used in the 
diagram.  No action.

> (e) NZ gov use case 
> http://lists.oasis-open.org/archives/security-services/200703/msg00022.html

No action; Collin isn't on the call.

> 5. AIs
> #0279: Investigate relationship between ID-WSF and SOAP SSO profile 
> Owner: Greg Whitehead 
> Status: Open 
> Assigned: 2007-03-12 
> Due: --- 

Greg continues to investigate (though he is not at the Liberty 
interim meeting this week and is hampered from pursuing it right 
away therefore).  Keep AI open.  Eve will ask Hubert to bring it up 
in the interim meeting.

> #0278: Ari to respond to comments on x.509-attribute profile version 11 
> Owner: Ari Kermaier 
> Status: Open 
> Assigned: 2007-03-12 
> Due: --- 

Ari and Tom agreed that Tom will produce rev 12, including lots of 
editorial corrections and some resolutions on Tom's more substantive 

AI: Website editor (Paul -- but can delegate back to Eve if 
necessary) to add links to all the latest new documents, most 
particularly the errata redlines so that new readers of the specs 
see that first.

AI: Ashish Patel to report on next steps on his/Paul's draft that 
has gone through public review.

ADJOURNED at x:43.

Eve Maler                                         +1 425 947 4522
Technology Director                           eve.maler @ sun.com
CTO Business Alliances group                Sun Microsystems, Inc.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]