[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [security-services] Minutes, SSTC Concall, Feb 12, 2008 (With AttendanceData)
Tom Scavo wrote: > On Feb 11, 2008 6:24 PM, Hal Lockhart <hlockhar@bea.com> wrote: >> Proposed Agenda SSTC Concall, Feb 12, 2008 >> >> Dial in info: +1 865 673 6950 >> Access code: 270-9441# >> >> Roll Call & Agenda Review Voting Members: Hal Lockhart BEA Systems, Inc. Rob Philpott EMC Corporation Scott Cantor Internet2 Bob Morgan Internet2 Eric Tiffany Liberty Alliance Project Tom Scavo National Center for Supercomputing Applica... Frederick Hirsch Nokia Corporation* Paul Madsen NTT Corporation* Ari Kermaier Oracle Corporation Brian Campbell Ping Identity Corporation* Anil Saldhana Red Hat Emily Xu Sun Microsystems Kent Spaulding Tripod Technology Group, Inc. David Staggs Veterans Health Administration Quorum Achieved: 14 out of 21 voting members. Non Voting Members: George Fletcher AOL* Observer: Sampo Kellomki Symlabs, S.A. Lost Voting Status: Steve Anderson, BMC > > Anil took roll (for the first time!). > > Hall asked if there were any additions/corrections to the Agenda. > There were none. > >> Need a volunteer to take minutes > > Tom Scavo volunteered. > >> 1. Approve minutes from Jan 29, 2008 >> http://lists.oasis-open.org/archives/security-services/200802/msg00001.html > > Minutes approved unanimously by SSTC. > >> 2. Administrative >> >> 2.1 SAML XML.org Focus Area >> >> Question posted >> http://lists.oasis-open.org/archives/security-services/200802/msg00002.html > > Encourage members to respond to questions on saml.xml.org. How does > this compare to saml-dev mailing list? Should we bridge the two > mailing lists somehow? > >> 3. Document Status >> >> 3.1 Public Review of Five specifications ended on February 9th >> http://lists.oasis-open.org/archives/security-services/200712/msg00040.html >> >> I can find no comments posted. Next Step? > > No public comments. Some internal comments. Another round of CDs is > not necessary. Next step is Committee Specification? Can't vote > until after 7 days. Do nothing until next meeting. > >> 3.2 Technical Overview >> http://www.oasis-open.org/committees/download.php/25411/sstc-saml-tech-overview-2.0-draft-14.pdf >> >> Ready for CD vote? > > The Tech Overview has been dormant since last fall. Brian recently > posted some comments: > > http://www.oasis-open.org/archives/security-services/200802/msg00005.html > > Discussion regarding Brian's comments should be redirected to the mailing list. > > Frederick H. also has some comments. He will post them to the mailing list. > > Action regarding the Tech Overview is deferred until the next call. > SSTC members are encouraged to read the document and provide feedback > on the mailing list. > >> 3.3 Subject-based Profiles for SAML V1.1 Assertions >> http://lists.oasis-open.org/archives/security-services/200801/msg00003.h >> tml >> and definition of "strongly matches" >> http://lists.oasis-open.org/archives/security-services/200801/msg00025.h >> tml >> >> Awaiting further discussion. > > No substantive discussion has occurred on the mailing list. Scott has > read the document and is fine with it as long as other folks agree > that it's okay to tweak some ambiguous definitions in the SAML V1.1 > spec in the interest of interoperability? Prime example is > SubjectConfirmation. As long as conformance to the Subject-based > Profiles is optional, such alternative definitions should be okay. > > Hal suggested we let this document stand for the time being. No > action will be taken today. > >> 4 Errata >> >> Errata: namespace prefix not defined in [SAML2Prof] >> http://lists.oasis-open.org/archives/security-services/200802/msg00000.h >> tml > > Moving forward, has Abby agreed to be responsible for errata? [Hal > thinks so. Does Abby agree?] It would be good if all outstanding > errata were summarized, perhaps on the mailing list. [Will Abby do > this? Is this an Action Item?] > > Scott has a PE assigned to him, but not sure why. Will be discussed below. > >> 5 Other business > > SSTC observer Sampo Kellomki (Symlabs, S.A.) has a question. The SSTC > has agreed to give informal advice to Sampo. > > Sampo: There are gaps in deployments, which SAML addresses. > E-governments are developing local profiles. How do we identify these > third-party profiles in SAML so that relying parties interpret the > SAML appropriately? > > Scott: Identify the profiles, yes, but avoid the versioning problem. > > Rob: Specifying attributes in an AuthnRequesst bloats the request and > makes it difficult to use the redirect binding, e.g. > > Hal: Don't we have attribute query that can be used in this case? > > Scott: One possibility is to write and propose an extension document. > > Hal: Better yet, begin with an e-mail that defines the problem and its > proposed solution. If sufficient buy-in is not obtained in this > manner, then by all means write a document. > > Sampo: Should I go through Liberty? (That's one possible avenue, but > the consensus seems to be: no, it may be easier to go one of the > routes suggested above.) > >> 6 Action Items (Report created 11 February 2008 06:20pm EST) >> >> #0311: Propose specific document changes required for PE-65 >> Owner: Scott Cantor >> Status: Open >> Assigned: 2007-10-23 >> Due: 2007-12-01 > > PE-65 involves documentation regarding second-level status codes. The > specs should make it clear that second-level status codes are optional > and consistent throughout. Scott doesn't know how he ended with that, > perhaps the PE number wrong? > > After some discussion, Scott agreed to carry this AI forward in any event. > >> #0322: Bring Anil up to speed as secretary >> Owner: Hal Lockhart >> Status: Open >> Assigned: 2008-01-29 >> Due: 2008-02-10 > > Closed. > >> #0323: Make errata on orig spec with correct reference in place of >> draft-mealling-uuid-urn-05.txt >> Owner: Jeff Hodges >> Status: Open >> Assigned: 2008-02-11 >> Due: --- > > JeffH not on the call. To provide actual errata text. This AI remains open. > >> #0324: Update doc with correct reference in place of >> draft-mealling-uuid-urn-05.txt >> Owner: Scott Cantor >> Status: Open >> Assigned: 2008-02-11 >> Due: --- > > Closed (duplicate). > > Meeting adjourned. Next call in two weeks (Feb 26, 2008) > >> Hal > > Respectfully submitted, Tom Scavo NCSA
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]