OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Draft minutes from 7 Apr 2009 SSTC call


On Apr 6, 2009, at 7:49 PM, <Mail Display Name>  
<hal.lockhart@oracle.com> wrote:
> Roll Call & Agenda Review

Official attendance to be supplied.  Quorum reached handily.

> Need a volunteer to take minutes

Eve agreed to take minutes.

> 1. Minutes
>
> 1.1 Minutes from SSTC/SAML conference call March 24, 2009
> http://lists.oasis-open.org/archives/security-services/200903/msg00059.html

Minutes APPROVED by unanimous consent.

> 2. Announcements
>
> 2.1 Public Review of SAML 2.0 Profiles
> http://lists.oasis-open.org/archives/security-services/200903/msg00062.html
> Review ends May 25th
>
> 2.2 Thomas Hardjono has nominated himself for Co-Chair
> http://lists.oasis-open.org/archives/security-services/200904/msg00005.html
>
> 2.3 Reminder - Meetings will be every four weeks - Next call May 5

If there's a period of intense work, we can always increase the  
frequency temporarily, but Hal has removed the alternate meetings from  
our online calendar through August.

> 3. Document Status
>
> 3.1 Diff version of LOA Authncontext Profile Draft 2 uploaded
> http://lists.oasis-open.org/archives/security-services/200903/msg00053.html
>
>
> 4. Discussion
>
> 4.1 Election of Co-Chair

Hearing no other nominations besides Thomas, a motion was made by Rob  
and seconded by Bob to accept Thomas Hardjono as co-chair.  Eve spoke  
in favor.  Motion APPROVED by unanimous consent.

Thomas introduced himself.  Starting in December 2008, he's been  
working with the MIT Kerberos Consortium.  He started to work with  
SAML in 2002, while at VeriSign.  (Phill Hallam-Baker was his peer in  
the CTO's office there.)  Thomas had spent more time on the XACML and  
XRML efforts at OASIS in that era.  His motivation for nominating  
himself was to begin contributing more actively to the community, and  
a formal co-chair role is recognized as constructive contribution by  
his new employer.

Hal with work with Thomas to get him up to speed on procedures and such.

> 4.2 question on MNI request for SP Lite/IdP Lite
> http://lists.oasis-open.org/archives/security-services/200903/msg00055.html

(Kyle Meadors isn't on the call.)

Ari notes that the Liberty folks are still discussing the matter.  The  
MUST NOT clauses in question seem ill-considered in retrospect.  At  
the time, the discussion had to do with relieving SPs of an MNI burden  
if they didn't generally deal with any kind of persistent state.   
Scott recalls that we didn't want to set this as OPTIONAL because it  
would somehow make second-class citizens of some implementations (in  
marketing terms), which indeed does seem weird.  But given experience  
with last year's conformance testing, Ari observes that some  
implementors do seem committed to testing both full and lite.

Hal suggests that the answer is to define some additional conformance/ 
operational mode.  Dealing with this in errata doesn't seem  
appropriate.  Scott isn't not heavily focused on this issue, and so  
isn't offering assistance to do this.

There's a difference between the capability of supporting a feature  
and deployment with the feature turned on (or otherwise explicitly  
exposed).  We don't want to get into deployment configuration/ 
variation questions.

> 5. Other business

XSPA Profile of SAML:

http://lists.oasis-open.org/archives/security-services/200904/msg00007.html

David will add a column to his spreadsheet (attached to the message  
referenced above) where he'll propose dispositions, in such a way that  
people can easily track and comment on those proposals.  Hal suggests  
that we field responses to comments on the list.

Don't miss David's mail, which has a photo from the floor of HIMSS.

Distinguishing Basic HTTP authentication mechanisms from form-auth:

http://lists.oasis-open.org/archives/security-services/200904/msg00008.html

In a project to use SAML with WebDAV, a question has come up.  Let's  
continue the discussion on the list.

RSA conference:

Hal is speaking on XACML on the Friday.  Come on down!  And the big  
day-long identity workshop being held on the Monday had 1000 signups.

> 6. Action Items
>
> None open

Scott agreed to clean up the errata, so this is pending.


Eve Maler                                          eve.maler @ sun.com
Emerging Technologies Director                    cell +1 425 345 6756
Sun Microsystems Identity Software                www.xmlgrrl.com/blog


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]