Minutes for 01/25/05

[Don Flinn <flinn@alum.mit.edu>]

Please report any corrections or addition to the minutes to the list.
The attendance list has been attached to the minutes.

Don

==================================================================
Minutes 1/25/05

Roll Call – Quorum achieved; 51voting members / 34 attending
Minutes of 1/11/05 – Approved

Hal - issue 347 was corrected. Please put it in issues list.

Status of 1.1 Documents

Tony – There are some open items for the proposed text that have not yet
been agreed upon.
Ron – Will get 1.1 version using SAML out soon.
Put SAML 2.0 into the SAML Profile 1.0. SAML 2.0 to be voted on in Feb.;
There is a composite profile that will add additional items, which will
make 1.0 compatible with SAML 2.0. There are some differences in 1.1
schema, namely, can make direct references 
Chris – OASIS would prefer to have 1.1 revise all the token profiles.
The WSS 1.1 profile should have a section that describes this.
Hal – do we need an interop for 1.1
Chris – An interop will be needed on only new features
Paul Cotton - Getting votes for only a few profiles is harder than for a
new bundled version, thus getting 15% would be easier for full new
version of WSS 1.1 than for just a SAML profile.
Ron – true
Paul – WS-I is debating whether they should profile 1.1
Kelvin – not too much difference in time between the two approaches
Document for 1.0 is a standard, so we can’t go back.
Ron – I have a writeup including SAML 2.0 based on 1.0 schema as well as
one based on the WSS 1.1 schema
Chris – put support for both SAML 2.0 and SAML 1.0 in WSS 1.1.
We should be able to close 1.1 soon since there is only a small issue
list
We can produce 1.1 including all the documents.
Ron – Should include kerberos
Would prefer SAML 2.0 be based on core 1.1.
Chris – We could have a section that would say how SAML 2.0 works with
WSS
Here’s how you use it with WSS 1.0 schema and the 1.1 schema.
Ron – If there are any special cases for using 1.1 with 1.0 we should
document them
Should only have to look at one spec .
Kelvin – Post to list 
Chris – What should the 1.1 token profile look like?
Take what is there and if using 1.0 here’s what to do
We are defining 1.1 as being compatible with 1.0
If you want to use this optional feature of 1.1 here’s how you do it.
The first attempt at a consensus – 
        Try get 1.1 done as soon as we can
        All profiles will be re-written for 1.1 profiles
        Include SAML 2.0
        Design 1.1 profiles so they can work with 1.1 or 1.0??
(Discussion on
this last item, which lead to a decision to go to issues list to see if
it can be resolved as part of the open issue discussion.)


Ron – We are modifying the STR by adding another optional element


Issues List

Pending Issues

349 pending
351 – assign to editors for change; Pending Review
352 - assign to editors for change; Pending Review
354 – Pending

Open Issues

338 - No change
310 – VJ to get proposal to list; Ron will help.
250 – Ron to send proposal to the list

There ensued a long discussion of issue 250. The final result was that
there be a lead agenda item at the next telecom to vote on accepting
either Ron’s proposal or Thomas’s proposal. However, if Ron and Thomas
can come up with a common, combined proposal before the next telecom;
that will be accepted.


Synopsis of the discussion on Issue 250

Chris – Make a weak statement in 1.1 and strong statement in 2.0
Ron – If don’t have token type attribute present, you’re supporting 1.0
Chris - From a core 1.1 perspective, the attribute is optional
What goes in the token profiles is to be discussed
Ron - In my proposal –the core RECCOMMENDS that if profiles use 1.1 then
they MUST use the attribute. Want a user to be able to tell when it is
processing a 1.1 client.
Should this be a global attribute or leave it as a local attribute?
Chris – When writing a 1.1 profile define the 1.0 level and the 1.1
level which requires the attribute
Ron – Profiles should define a token type attribute and should allow the
use of direct references. Should WS-I define whether attribute should be
there? Every profile has decision to make, require use of the attribute
or not.
An Example – If I support just two profiles; if the attribute is there,
it makes it easy to tell if I support this particular profile
Chris – in 1.0 don’t need attribute; in 1.1 must have the attribute
What about the direct reference?
Thomas – (In his proposal) The core specification RECOMMENDS that
profiles should use token type attributes and if the profile defines the
token type attribute they should require its use.
Chris – To reach closure: We'll have an agenda item at the next telecom
to vote on accepting either Ron’s proposal or Thomas’s proposal. If Ron
and Thomas come up with a combined proposal then use that .

Didn’t get to Kerberos agenda item.

Adjournment

Attendance of Voting Members
 
  Gene Thurston AmberPoint
  Hal Lockhart BEA
  Corinna Witt BEA
  Thomas DeMartini ContentGuard
  Guillermo Lao ContentGuard
  Sam Wei Documentum
  Toshihiro Nishimura Fujitsu
  Kefeng Chen GeoTrust
  Irving Reid HP
  Kojiro Nakayama Hitachi
  Derek Fu IBM
  Maryann Hondo IBM
  Kelvin Lawrence IBM
  Anthony Nadalin IBM
  Nataraj Nagaratnam IBM
  Ron Williams IBM
  Don Flinn Individual
  Ramanathan Krishnamurthy IONA
  Paul Cotton Microsoft
  Vijay Gajjala Microsoft
  Chris Kaler Microsoft
  Richard Levinson Netegrity
  Frederick Hirsch Nokia
  Abbie Barbir Nortel
  Lloyd Burch Novell
  Vamsi Motukuru Oracle
  Ramana Turlapati Oracle
  Chong-Jen Hsu PeopleSoft
  Prateek Mishra Principal Identity
  Ben Hammond RSA Security
  Martijn de Boer SAP
  Blake Dournaee Sarvega
  Coumara Radja Sarvega
  Pete Wenzel SeeBeyond
  Ronald Monzillo Sun Microsystems
  Jan Alexander Systinet
  Symon Chang TIBCO
  John Weiland US Navy
  Maneesh Sahu Westbridge Technology

Membership Status Changes
 
  Paula Austel IBM - Lost voting status after 1/25/2005 call

--
-- 
Don Flinn
President, Flint Security LLC
Tel: 781-856-7230
Fax: 781-631-7693
http://flintsecurity.com