[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Minutes 13 Feb 2001
Agenda: * Regularly Scheduled Conference Calls DP: Work on issues on the list, have concalls for discussion and votes. DO: What voting is possible on the subcommittee? Do we vote? HL: Recommendations are voted on, issues are preserved. DP: Our mission is to narrow the requirements. Vote: weekly calls. Passes. DP: 9AM PST conference calls, 1 hour. * Session EP: Put use case in issues list first. PM: Add a high-level use case for sessioning. ME: Difference between sessioned assertion and no sessions. HL: Difference between a user who has been authenticated by a system and one authenticated by another system. ME: Trust asserting party enough to use assertion as an attribute inquiry? * Additional B2B Use Cases DP: Issues list is an extension of the requirements document. Add ZA's B2B use cases to issues list. DO: Core use cases are expressed, variations additional. ZA: Keep some consistency based on core use cases. DO: Need to harmonize the use cases. ZA: Emphasize chaining use cases. HL: Have the high-level UCs followed by specific scenarios appertaining to that UC. DO: Harmonize wordings across different scenarios. EP: Maintain domain terminology. DO: Factor out similar actors, use them. JH: Maintain difference between levels of detail in the difference HLUC and interaction diagrams. EP: Map actors in HLUC and actors in interaction diagrams. BB: Might not be necessary to do this, let specification do that. BB: Not bias specification in terms of expected implementation. DO: There could be excessive overlap between scenarios. Give activities that occur in different use cases a name. BB: Can name the items that are common between cases. PM: Service-to-service use case. PM: Normalization is good, may be a down to the low level, may be a later process. HL: Terms should be deliberately chosen. * High Level Use Cases DP: Web user to Source Web Site. JH: At this level of abstraction, is the single sign-on required. BB: Service, security domain, rather than Web site. JH: Maybe this should be called Web user or browser single sign-on. ME: Not single sign-on, since sign-on isn't passed on. DP: Other protocol bindings are about channel between issues. DP: Vote on changing name of use case one to "Web Browser Single Sign-on." ME: Propose another "single sign-on" case. PM: In HLUC 2, can PEP and PDP be in separate security domains? BB: Propose as an issue. DO: This should be further elaborated with low-level scenarios. EP: ISSUE:[UC-11-01:AuthzUseCase] covers this case. DP: Vote on whether same domain version of this use case goes into draft 3. PM: Need to have same-domain case? DO: Chair should call for objections only when he hasn't heard one yet. DP: Motion carries. PM: Does this call for a request/response protocol in authz? EP: Third high-level use case, w/r/t service-to-service use case. * ISSUE:[UC-5-01:AuthCProtocol] DO: Can we get consensus? BB: BB will champion this issue. * How to Close the Issues DP: Champions choose issues and take them through discussion to a vote. EP: Need to get to concrete (text) input. HL: Different issues need to be filled in in groups, not in individual issue level. PM: Champion is almost a sub-sub-committee member. DO: Volunteer to write up session issue. PM: Some closure on sessions on the list. DO: Doesn't think we've come to closure on issues. DP: Issue champion should choose text of issue. * Session Issue DO: Put sessions into the discussion. ZA: Send b2b business cases to list. B2B issues on list don't cover some gaps. BM: Ways to think about requirements. Business requirements rather than technical requirements. DO: How does this separation work? DP: Table this issue, get it out in issue format. * Further work DP: Can we get issues to the issues list by the end of week? DO: Need them before then. DP: Issues out by Wednesday, get comments for vote next Wednesday. Single Sign-on, Session, Authentication. HL: Use terminology in the glossary. JH: Please make suggestions for glossary. DP: Dave Orchard session champion, BB is AuthC champion, DP is single sign-on champion. DO: Require more discussion on discussion list. DP: Saturday after F2F may be a good day for more work.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC