OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Minutes for SSTC Call 30 Nov 2010

Find below a slightly amended version with some clarifications offered  
by Phil Hunt.  Talk to you all tomorrow.

>> 1. Roll Call & Agenda Review.
> Quorum was achieved. ( 10 out of 14 voting members) : 71%
Voting Members:
Scott Cantor     Internet2
Nathan Klingenstein     Internet2
Thomas Hardjono     M.I.T.
Anthony Nadalin     Microsoft Corporation
Frederick Hirsch     Nokia Corporation
Phil Hunt     Oracle Corporation
Hal Lockhart     Oracle Corporation
Emily Xu     Oracle Corporation
Anil Saldhana     Red Hat
David Staggs     Veterans Health Administration

Rob Philpott     EMC Corporation
Bob Morgan     Internet2

Status:  Rob regains voting rights.
>> 2. Need a volunteer to take minutes.
> Nate volunteered.
>> 3. Approval of minutes from last meetings:
>> - Minutes from SSTC Call on 16 Nov 2010:
>> http://www.oasis-open.org/apps/org/workgroup/security/email/archives/201011/msg00047.html
> Hal Lockhart(a.k.a. Tom Lockhard) corrected his name in an earlier  
> edition of the minutes.  His amended version is the one that was  
> voted on.
> Rob moved to approve the minutes so amended by Hal, and Emily  
> seconded their approval.  No objections were raised and the minutes  
> were approved.
>> 4. AIs & progress update on current work-items:
>> (a) Current electronic ballots: none currently open.
>> (b) Status/notes regarding past ballots: (none).
>> (c) Kerberos related items. [Josh/Thomas]
>>     - Kerberos Attribute Profile:
>>     - AI: Josh/Thomas will suggest additions to Attribute Profile.
>>     - AI: Thomas to move ahead with Web SSO and Subj Confirmation  
>> profiles.
> Thomas hopes that through the peace and quiet of the holidays he'll  
> have some time to allocate to work on these profiles.
>> (d) SAML V2.0 Identity Assurance Profiles, Version 1.0
>>     - Status: 15-day review closed on 10 Sept.
>>     - Status:  Scott working with Mary to generate HTML.
>>     - Any updates?
> Scott thinks the committee specification version of the profiles has  
> been finished and this item can be removed from future agendas.
>> (e) SAML V2.0 Metadata Profile for Algorithm Support Version 1.0:
>>     - Status: Thomas to ask Mary for (i) CSD version (from  
>> draft-03) and
>>       (ii) to Start new 15 day of CSD.
>>     - Status from last telecon:
>>       + Waiting on the the CSD from Mary
>>       + Will ask Thomas to update the public template
>>         once the CSD is generated.
> The 15 day review is likely almost over at this point, and a comment  
> was received from Thomas Scavo from InCommon.  Technically, the  
> comments are out of order, because the issues aren't covered by the  
> second review.  There is no need to formally handle the comments  
> since they weren't directed at the changes, which means the review  
> will end by Friday.  On the next call, we'll look at moving it  
> towards CS status.
>> (f) SAML Attribute Predicates (Greg Neven)
>>     - AI: Greg to propose a working draft for the SSTC to consider.
>>     - Any updates?
> Greg has indicated that he'll need more time to develop a working  
> draft for the SSTC to consider.  The
>> (g) Session Token Profile (Hal) -- Any updates?
> Hal has received a few comments that will go into a revision of the  
> draft.  He would like any additional feedback on the profile late  
> this week or very early next week so that he can issue a revised  
> draft well in advance of the next SSTC call.
>> (h) NSN Attribute Management proposal (Thinh/Phil)
>>     - AI: wish to move to CD during this call.
> Thinh was not on the call, traveling on business overseas.  His last  
> indication was that NSN would like to move the draft to CD at this  
> stage.  The objective right now is to achieve broader review.  Phil  
> had a good conversation with Chad, which illuminated that the  
> problem solved by the spec needs to be called out more clearly.   
> Phil is convinced there's some editing refinement that can be done  
> to position the spec better, but the two agreed that there is a real  
> problem to be solved in change notification issuance.
> Phil was curious whether it was appropriate to use committee draft  
> as a way to achieve broader review.  Hal doesn't think that the new  
> OASIS CD status is substantively different from historical CD  
> status, but it's also not clear to him that CD's get more  
> attention.  It certainly doesn't get less.  Hal asked whether there  
> would be any outstanding changes to the document pending that Phil  
> was aware of.  Phil responded that there weren't, and that any  
> substantive changes would be made as a result of testing and further  
> review.
> CD status triggers a few automatic changes such as IPR status.  Phil  
> envisions some remaining editorial cleanups and some potential  
> changes to some attributes and qualifiers that would result in minor  
> alterations to schema.  This is the fourth major iteration, and the  
> two-step notify followed by an action helps to solve many of the  
> statefulness challenges involved in federated provisioning.  That is  
> an advantage of using a change notification process that needs to be  
> called out more clearly in the introduction.
> Scott points out that going to CD early creates a little more work  
> for Mary.  To Scott, moving to CD status is best used as an  
> indication to people that the spec is ready for consideration for  
> implementation.  Phil believes that now is the time to start playing  
> with implementations to understand whether some qualification  
> attributes are necessary on endpoints, and Chad and Phil had  
> discussions about where more or less flexibility and dynamism is  
> necessary in the protocol itself.  Phil thinks that following a CD  
> edition and a little implementation experience, we can resolve those  
> questions in an informed manner.
> Phil would be comfortable waiting two more weeks to move this to CD  
> so that Thinh can be a participant.  This also gives Chad and others  
> a slightly bigger window in which they can propose changes, without  
> spending too much time going in circles.
>> (i) Channel binding proposal (Scott) - any updates?
> No updates to report.
>> (j) Metadata extension for Login/Discovery (Scott) - any updates?
> Scott uploaded a new working draft of this metadata extension to add  
> a "keywords" element to support generalized searching.  This came up  
> as a discussion point in a variety of other working groups.  This is  
> the only outstanding addition, and it's probably ready for CD, but  
> Scott would like to hold off and have a little more discussion about  
> it in other working groups before moving it forward in the SSTC.
>> (k) Enhanced Client or Proxy Profile (Scott) - any updates?
> No updates to report.
>> 5. Assorted mail items:
>> 6. Other items:
> Chad submitted another minor metadata draft extension to allow  
> metadata entries to be labeled in some form, but it's anticipated  
> that there will be fairly major revision to it, so Scott believes  
> there isn't much to discuss at this point.
>>  - Propose to cancel SSTC Call on Tue 28 December 2010.
> Nate stated that his winter will be cold and lonely without an SSTC  
> call, but he was overruled by majority consensus and the meeting  
> will be canceled.
>> 7. Next SSTC Call: Tuesday 14 December 2010.

To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]