OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes for 13 Mar 2007 SSTC telecon, with roll (Corrected 4/10/2007)

> 1. Roll Call & Agenda Review, Find volunteer minute taker

Eve volunteered to take minutes.

Attendance of Voting Members
   Steve Anderson BMC Software 

   Conor P. Cahill Intel 

   Brian Campbell Ping Identity 

   Scott Cantor Internet2 

   Jeff Hodges NeuStar 

   Ari Kermaier Oracle 

   Chris Laskowski Booz Allen Hamilton 

   Paul Madsen NTT Corporation 

   Eve Maler Sun Microsystems 

   Prateek Mishra Oracle 

   Bob Morgan Internet2 

   Anthony Nadalin IBM 

   Ashish Patel France Telecom 

   Rob Philpott EMC Corporation 

   Tom Scavo National Center for Supercomputing Applications 

   David Staggs Veteran's Health Admin 

   Eric Tiffany IEEE Industry Standards 

   Greg Whitehead Hewlett-Packard Company 

   Emily Xu Sun Microsystems 

Attendance of Non-Voting Members
   Abbie Barbir Nortel 

   George Fletcher AOL 

Membership Status Changes
   Eric Tiffany IEEE Industry Standards - Member account restored
   Senthil Sengodan Nokia - Withdrew from TC 3/2/2007
   George Fletcher AOL - Membership granted 3/9/2007

> 2. Approve minutes from February 27 con-call 
> http://lists.oasis-open.org/archives/security-services/200702/msg00071
> .html

APPROVED by unanimous consent.

> 3. New drafts uploaded
> (a) Simple Signature Web SSO Profile
> http://lists.oasis-open.org/archives/security-services/200703/msg00014
> .html

Scott: Note that this is a binding (not a profile).  He had some trouble
producing HTML, but ultimately managed it using a software tool and a
bit of hand-editing.  This is okay to do occasionally but isn't tenable
as a regular thing.

AI: Chairs to get SimpleSign to 60-day public review.

> (Voted to public review Jan 30 - chairs need to forward to Mary)
> (b) CD-01 version of Approved Errata document 
> http://www.oasis-open.org/archives/security-services/200703/msg00033.h
> tml
> initiate errata process -
> http://www.oasis-open.org/committees/process.php#3.5

Eve: Actually we did this last time; this is ready to go to public
review now, having been edited into CD form.

AI: Chairs to get Approved Errata to 15-day public review.

> (c) Technical Overview v13
> http://www.oasis-open.org/archives/security-services/200702/msg00052.h
> tml

> We had planned on a CD and public review vote today.

Motion approved to move Tech Overview to CD status and public review.

Eve: Asks for clarification: are we instructing the editor (Paul) to
incorporate edits as suggested by Eve and Tom prior to CD publication?
Prateek: No, we'll catalog these as the first wave of "public review"
comments and save them for later.

AI: Editor (Paul) to prepare Tech Overview for CD publication.

> (d) draft-sstc-saml-idp-discovery-03.pdf uploaded 
> http://lists.oasis-open.org/archives/security-services/200703/msg00028
> .html

MOVED by Abbie, SECONDED by RLBob to move IdP Discovery doc to CD
status.  APPROVED by unanimous consent.

MOVED by JeffH, SECONDED by Abbie to move the IdP Discovery CD to public
review.  APPROVED by unanimous consent.

> 4. Active Threads
> (a) Untrusted Service Provider Profile 
> http://lists.oasis-open.org/archives/security-services/200702/msg00075
> .html

No action.

> (b) Assertion signing confusion
> http://lists.oasis-open.org/archives/security-services/200703/msg00003
> .html

No action.  The confusion was cleared up in errata already.

> (c) AuthnContextDecl and AuthnContextDeclRef 
> http://lists.oasis-open.org/archives/security-services/200703/msg00004
> .html

No action; we think the spec text is as good as we can make it.  If
someone (Eric?) wants to suggest better text, we can entertain it.

AI: Eric to either propose text to improve AuthnContextDecl/Ref
confusion or indicate that there's no need.

> (d) Comments on Tech Overview rev 13
> http://lists.oasis-open.org/archives/security-services/200703/msg00019
> .html

This link is to a followup; the original comments in totality are at:


First issue: Should the two outermost steps in flows ("access resource"
and "supply resource") use dotted lines or solid lines? 
Currently the first is solid and the last is dotted!  So regardless,
something has to change.  The sentiment on the call was to make them
solid, so as not to needlessly confuse people about what's being
accomplished by the flow.  (The "challenge for credentials" and "user
login" steps are appropriately dotted because it could be multiple
challenge steps etc.  We're not willing to change it to be a single
dotted-double arrow line, though, since that would change the numbering
and be very invasive to the spec text.)

AI: Editor (Paul) to change final arrows to solid in Tech Overview
diagrams throughout.

Second issue: Should the swoopy redirect arrows be changed to a pair of
arrow steps, the way POST is?  No, it's not that important and anyway it
shows at a glance which binding is being used in the diagram.  No

> (e) NZ gov use case
> http://lists.oasis-open.org/archives/security-services/200703/msg00022
> .html

No action; Collin isn't on the call.

> 5. AIs
> #0279: Investigate relationship between ID-WSF and SOAP SSO profile
> Owner: Greg Whitehead
> Status: Open
> Assigned: 2007-03-12
> Due: ---

Greg continues to investigate (though he is not at the Liberty interim
meeting this week and is hampered from pursuing it right away
therefore).  Keep AI open.  Eve will ask Hubert to bring it up in the
interim meeting.

> #0278: Ari to respond to comments on x.509-attribute profile version 
> 11
> Owner: Ari Kermaier
> Status: Open
> Assigned: 2007-03-12
> Due: ---

Ari and Tom agreed that Tom will produce rev 12, including lots of
editorial corrections and some resolutions on Tom's more substantive

AI: Website editor (Paul -- but can delegate back to Eve if
necessary) to add links to all the latest new documents, most
particularly the errata redlines so that new readers of the specs see
that first.

AI: Ashish Patel to report on next steps on his/Paul's draft that has
gone through public review.

ADJOURNED at x:43.

Eve Maler                                         +1 425 947 4522
Technology Director                           eve.maler @ sun.com
CTO Business Alliances group                Sun Microsystems, Inc.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]