Re: Minutes for SSTC Telecon (Tue 23 July 2013) (Correction)

["Cantor, Scott" <cantor.2@osu.edu>]

An addendum below to document the CS ballot motion.

On 7/23/13 2:07 PM, "Cantor, Scott" <cantor.2@osu.edu> wrote:

>On 7/19/13 11:40 AM, "Thomas Hardjono" <hardjono@MIT.EDU> wrote:
>
>>Tuesday 23 July 2013, 12:00pm ET
>>
>>AGENDA:
>>
>>1. Roll Call & Agenda Review.
>
>Hal
>Scott
>Nate
>Rainer
>Ian Young
>Chad
>Frederick
>Mohammad
>Ian Otto
>
>>2. Need a volunteer to take minutes.
>
>Scott volunteers.
>
>>3. Approval of minutes from previous meeting(s):
>>
>>   - Minutes from SSTC Call on 9 July 2013:
>>
>>https://lists.oasis-open.org/archives/security-services/201307/msg00011.h
>>t
>>ml
>
>Scott moved to approve the minutes with the minor correction.  Chad
>seconded.  There were no objections and the minutes were adopted.
>
>
>>4. AIs & progress update on current work-items:
>>
>>  (a) Current electronic ballots: None.
>>
>>  (b) Status/notes regarding past ballots: CB passed ballot. ECP did not
>>pass.
>>
>>  (c) SAML 2.1 work (Chad)
>
>We discussed the proposed use of a numbered multi-part doc structure. Some
>concern about implication of ordering of the documents for a reader, so we
>would need explicit guidance on how to approach things in the intro
>document.
>
>Scott isn't thrilled with doing it, but as long as the documents retain
>their own identity and name (bindings, profiles, etc.), is ok with it.
>
>General acceptance to agree with the templates proposed.
>
>Open AI: Hal to express a view on whether it's ok to roll security
>considerations into core/profiles/bindings, or maintain a separate
>document.
>
>>  (d) Conceptual/overview of Metadata (Rainer Hoerbe)
>>      - Any updates?
>>
>>        http://files.hoerbe.at/daunlod/eadocx-quickdoc.pdf
>
>Rainer discussed next steps for this work. Notes the UML diagram wasn't
>well received. Pointer above is to a reduced form of textual overview.
>
>Q: Ok to combine both drafts and include some UML in the other document?
>Q: Is the Tech Overview the right place for this material?
>
>Rainer notes the audience for this is for deployers and users of metadata,
>not implementers.
>
>Scott originally was suggesting adding material to the metadata
>specification. Still may be a good idea, but agrees we could use a
>document discussing use cases, and how to make use of the metadata spec is
>a good thing and is better done outside the spec, without normative
>language.
>
>TC agrees on having more background material in the metadata spec in 2.1
>to be a good thing, and this work and the original Shibboleth
>documentation are potential fodder for that.
>
>Q. Noted IETF draft on entity categories. Should that be at IETF or here?
>
>Ian notes the draft in question is not at IETF. It's in an IETF format,
>but it's a MACE-Dir document being shephered at Internet2 and discussed by
>REFEDS. (Scott implied otherwise in a response on the list, he was
>mistaken.)
>
>>  (e) XPA updates (Mohammad Jafari)
>>     - Any updates?
>
>No updates to report. Hopefully something to talk about by next meeting.
>
>>  (f) SAML Token Profile for ebMS (Ian Otto / Australia)
>>      - First draft uploaded.
>>
>>https://lists.oasis-open.org/archives/security-services/201307/msg00024.h
>>t
>>ml
>
>Initial draft out for comment. Lack of specification for token acquisition
>via WS-Trust noted, may need to be included for conformance purposes.
>
>>  (g) SAML ECP (Scott)
>>      - Updated WD has been uploaded.
>>      - Request new CD ballot.
>
>Scott moves to accept ECP WD09 as CSD02.
>
>http://www.oasis-open.org/committees/download.php/49980/saml-ecp-v2.0-wd09
>.
>zip
>
>Hal seconds. No objections, motion passed.
>
>Scott moves that given no normative changes were made, this CSD02 need not
>repeat a public review and moves to request a ballot for advancing CSD02
>to Committee Specification.

A redline version of the WD approved as CSD02, demonstrating that no
material
changes were made, and documenting the non-material ones:

https://www.oasis-open.org/committees/download.php/50086


>
>Hal seconds. No objections, motion passed.
>
>Scott will request the CSD and ballot.
>
>>6. Other items:
>>   - IETF87 Berlin coming-up.
>>   - NSTIC IDESG Plenary at MIT (July 24-26, 2013).
>
>Hal discussed government interest in an ABAC workshop. The director of
>NSTIC and other GSA officials attended and expressed their opinion as to
>its importance.
>
>http://www.nist.gov/itl/csd/attribute-based-access-control-workshop-july-1
>7
>-2013.cfm
>
>Seeing an uptick in interest in policy and attribute-based access control.
>
>If there is interest, consider reviewing:
>
>http://csrc.nist.gov/publications/drafts/800-162/sp800_162_draft.pdf
>
>They are still accepting comments on this document, despite appearances
>that a deadline has passed.
>
>>7. Next SSTC Call:
>>   - Tuesday 6 August 2013.
>