[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Notes From 5 Feb 2001 Conference Call
0. Attending Nigel Edwards Jeff Hodges Hal Lockhart Anders Rundgren David Orchard Marlena Erdos Bob Morgan Prateek Mishra Taylor Boon Evan Prodromou Darren Platt 1. Issue List a) Make sure all issue groups are defined. DP: reference list of 2-1 sent to security-use. DO: reference listed issues of 2-1. EP: Suggest that issue #2 is "enveloped" issue. DO: B2B issue is actually a more general issue, where an intermediary can add assertions to a message. PM: Need to call out intermediary issue. "Multi-hop issues." HL: Separate issues (intermediaries & enveloping). JH: Separate in the requirements section intermediaries, enveloping. JH: "enveloped vs. enveloping" is a poor name. BM: Suggested separate definition of push-pull to security-use. DP: Noted that SSO is already called out. BM: Privacy issues affect all parts of the requirements. Privacy issues should be called out for all types of interactions. NE: Anonymous use is another issue, orthogonal to privacy. AR: Some authentication of destination is a requirement. BM: Logout, step-up authentication aren't called out on this list. HL: Logout, step-up are part of sessions. PM, NE: SSO and sessions are not equal. DP: Open issues go to strawman doc. DO: "Framework" issue. Mechanism that allows definition of new parts of system, "extensibility" of framework. DP: What level of extensibility? DO: Important to point out what the level of extensibility. PM: Some public-key/private-key issues. Does the subject have private-key encryption? JH: Recommend using XML Protocol document as a model. HL: Are there any extra use cases? What about the "health care" use case mentioned in the TC group? DO: Authorization use cases? PM: Authz is part of the security service discussion (PEP-to-PDP interface). DP: Grouping of issues useful? DO: Yes. DP: Drill down into SSO (issue 1). JH: Forming straw-man glossary. ME: Name assertion vs. entitlements/profile assertion. HL: Name assertion not different from profile attributes. General: What level of control does the user have over profile assertions? What assertions may be released? PM: Should be specific for each system, part of a privacy policy. HL: Issue is: should system support credentials negotiation based on user's decision? BM: Some recommendation that user have configuation ability. DO: Difficult to test conformance. PM: Is there a separate req't for credentials negotiation between security zones? BM: What is the point of Use Case 3 (3rd-party security system)? PM: Request making SSO cases less Webcentric. ME: Not necessarily SSO. AR: Perhaps 3rd-party is better served by a Microsoft Passport mechanism. HL: Authc specifying agent, Authz specifying agent. DO: Domain model with actors sent to the list. Should be added to the list. EP: Suggest breaking up issues, sending them to list individually. DP: 1, 3, and 5 to list today. HL: Base discussion from Straw Man 1 version. JH: Working on getting Web space for issues list. JH: Glossary by 2-7 or 2-8 to list. 2. Meeting planning a) Next meeting. 2-13-2001, 8AM. b) Specific meetings dealing with particular issues. Decided to hold separate discussion on email list for each issue, rather than breakout concalls.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC