OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] New drafts posted

Hi Scott, 

Thank you very much for helping with this document, I really appreciate it. It looks much better now.

Since there were no other comments on this topic and based on the confirmation received from Chet Ensign, that it is possible to vote a Committee Draft outside a meeting -- do you think the document is in a good enough shape to start that Vote-by-email process?

(b) Standing Rule for email voting: Since the SSTC meets only quarterly (roughly every 3 months), in order to prevent delays to specs is there a way for us to vote via email (e.g. vote for Committee Drafts, etc).
Yes. You can do it via the ballot facility or by opening an email in a ballot and requesting +1 / -1 / abstain votes from the mail list. 
To be  honest, the ballot facility is just a lot easier to use. It puts everything in one place. 
If you do want to run it by email, then it is best to follow up with a concluding email when it closes saying for example 'the ballot received 7 +1s and 1 -1 and 1 abstain' so that the conclusion is recorded. 
You can also make and second motions on the email list as well. 


On Fri, Dec 9, 2016 at 10:57 PM, Cantor, Scott <cantor.2@osu.edu> wrote:
Didn't send emails for some reason.

https://www.oasis-open.org/committees/document.php?document_id=59594 (ODT)

https://www.oasis-open.org/committees/document.php?document_id=59595 (PDF)

The only substantive change I made was to soften a MUST around an SP supposedly making sure to never use the extension if it can use requested attributes in metadata. That seems overly harsh and impossible, there's no way an SP would likely even know. The IdP could have its own metadata for all it knows.

I think this is being overthought, it's an extension, it's optional, the IdP doesn't have to even listen to it, etc.

I left it a SHOULD, but even that seems too strong to me. Seems safe to say anybody using this isn't relying on metadata to specify attributes so it's not a big deal.

-- Scott

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. Connectis accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]