Re: [security-services] Proposed Minutes for SSTC Call (23 August2011)

[Anil Saldhana <Anil.Saldhana@redhat.com>]

On 08/23/2011 11:20 AM, Nate Klingenstein wrote:
>> 1. Roll Call & Agenda Review.
>
Voting Members:
Scott Cantor     Internet2
Nathan Klingenstein     Internet2
Chad La Joie     Internet2
Thomas Hardjono     M.I.T.
Hal Lockhart     Oracle
Anil Saldhana     Red Hat

Members:
Gregory Neven     IBM
Thinh Nguyenphu     Nokia Siemens Networks GmbH & Co. KG
Phil Hunt     Oracle


Quorum:  6 out of 9 voting members (66%). Achieved.
Status: Franz-stefan loses voting rights.

> Quorum was achieved.
>
>> 2. Need a volunteer to take minutes.
>
> Nate was volunteered to take the minutes.
>
>> 3. Approval of minutes from last meetings:
>>
>>   Minutes from SSTC Call on 9 August 2011 (including Hal's corrections):
>>
>> http://lists.oasis-open.org/archives/security-services/201108/msg00016.html
>
> Hal moved to approve the minutes and Chad seconded.  There were no 
> objections and the minutes were approved.
>
>> 4. AIs & progress update on current work-items:
>>
>>  (a) Current electronic ballots: (none)
>
> There actually are three current ballots open for the approval of the 
> Kerberos-related specifications linked below.
>
> http://www.oasis-open.org/apps/org/workgroup/security/ballot.php?id=2086
> http://www.oasis-open.org/apps/org/workgroup/security/ballot.php?id=2087
> http://www.oasis-open.org/apps/org/workgroup/security/ballot.php?id=2089
>
> Votes would be appreciated.
>
>>
>>  (b) Status/notes regarding past ballots: (none)
>>
>>  (c) Session Token Profile (Hal)
>>      - Status: Hal already submitted request for CSD and 15-day PR.
>>
>> http://lists.oasis-open.org/archives/security-services/201108/msg00018.html
>
> The summary in the agenda is correct and this is pending in the 
> TC-Admin queue.
>
>>  (d) Attribute Predicate Profile (Gregory/Franz-Stefan)
>>      - Status: WD03 approved on Aug 9 to be CSD and for 30-day PR.
>>      - AI: Franz-Stefan to submit request to TC-admin.
>
> Gregory and Franz-Stefan were not completely aware that the request 
> needed to be submitted to TC-Admin.  The request has now been 
> submitted after they returned from holiday and is now also pending.
>
>>  (e) Kerberos profiles [3] (Josh/Thomas)
>>      - Status: CS ballot approved on Aug/9 for 3 Kerberos docs.
>>      - Status: Thomas submitted 3 CS-Ballot requests on Aug/18.
>
> These are the ballots previously noted as being open.
>
>>  (f) Change Notify Protocol Version 1.0 (Thinh/Phil)
>>      - Status: 15 day CSD Public Review starts Aug/9 & closes Aug/24.
>>
>> http://lists.oasis-open.org/archives/security-services/201108/msg00007.html
>
> Change Notify is in public review for a handful of additional days. 
>  Thinh is unaware of any comments that have been received to this date.
>
> Hal reminded Thinh that, if no comments are received during the public 
> review period and the period closes, that needs to be explicitly noted 
> in an email and sent to the SSTC list.  This assists in record-keeping.
>
>>  (g) Channel binding proposal (Scott)
>>      - Status: awaiting other items in other groups.
>>      - Any updates?
>
> There's a new version of the channel binding profile, and Scott 
> anticipates putting out more working drafts as other changes come 
> forward.  There is a need to submit another internet-draft for the 
> corresponding GSS mechanism.
>
>>  (h) Enhanced Client or Proxy Profile (Scott)
>>      - Status: WD02 uploaded last week.
>>      - Status: work waiting for items in IETF Kitten WG.
>>      - Any updates?
>
> The ECP draft has fairly completed text for both channel binding 
> support and holder of key support, and he's added some flexibility to 
> the holder of key work to ensure it's not limited to client TLS or 
> X.509 certificates, with accompanying changes to compliance.  Some of 
> the interoperability issues can get complicated as a result, so review 
> will be important, but most of the technical changes have been made at 
> this point.
>
> These documents all have dependencies on each other, and the work is 
> fairly novel, so Scott is not eager to move any of these documents to 
> CSD until all of them are exceedingly stable and there is some 
> implementation work done.  The IETF RFC process is also contingent on 
> the documents in the SSTC being approved and published.  This will 
> limit the amount of time allocated to purely procedural work in 
> standards organizations.
>
>>  (i) Metadata Extensions for Documentation/Registration (Chad)
>>      - Status: WD07 approved on Aug 9 to be CSD02 and for 15-day PR.
>>      - Status: Chad submitted 15-day PR request on Aug/9.
>>
>> http://lists.oasis-open.org/archives/security-services/201108/msg00012.html
>
> No updates.  Everything has been submitted, and this is sitting in 
> TC-Admin's queue as well.
>
>>  (j) Errata document (Scott):
>>      - PE-13 and 14:
>> http://tools.oasis-open.org/issues/browse/SECURITY-13
>> http://tools.oasis-open.org/issues/browse/SECURITY-14
>>      - Any updates?
>
> These were approved last call.  Please see the prior call's minutes. 
>  Scott will update the resolution of the issues in the issue tracker.
>
>>  (k) Metadata Extensions for Login and Discovery User (MDUI) (Scott)
>>      - Status: WD09 approved on Aug 9 to be CSD01 and for 30-day PR.
>>      - AI: Scott submitted 30-day PR request on Aug/8.
>>
>> http://lists.oasis-open.org/archives/security-services/201108/msg00010.html
>
> This is somewhere in the TC-Admin queue too.
>
>> 6. Other items:
>>   - International Cloud Symposium.
>>
>> http://lists.oasis-open.org/archives/security-services/201108/msg00000.html
>
> This is an OASIS conference in London that all TC members are invited 
> to attend.
>
>> 7. Next SSTC Call:
>>   - Tue 6 September 2011.
>
> This call is the day after the U.S. Labor Day holiday.  We look 
> forward to speaking with you then.