OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Update minutes with roll ( was RE: [wss] Minutes from 2005-04-05 meeting)


 
Attached are updated minutes including the roll call (thanks Steve!)

Gudge

> -----Original Message-----
> From: Martin Gudgin [mailto:mgudgin@microsoft.com] 
> Sent: Sunday, April 10, 2005 3:03 PM
> To: wss@lists.oasis-open.org
> Subject: [wss] Minutes from 2005-04-05 meeting
> 
> I didn't see a roll from Steve, but attached at the minutes from last
> weeks meeting.
> 
> Gudge
> 
1. Call to order, roll call

Attendance of Voting Members

  Maneesh Sahu Actional Corporation
  Gene Thurston AmberPoint
  Hal Lockhart BEA
  Corinna Witt BEA
  Steve Anderson BMC
  Thomas DeMartini ContentGuard
  Merlin Hughes Cybertrust
  Carolina Canales-Valenzuela Ericsson
  Dana Kaufman Forum Systems
  Toshihiro Nishimura Fujitsu
  Kefeng Chen GeoTrust
  Irving Reid HP
  Derek Fu IBM
  Maryann Hondo IBM
  Kelvin Lawrence IBM
  Mike McIntosh IBM
  Anthony Nadalin IBM
  Ron Williams IBM
  Don Flinn Individual
  Kate Cherry Lockheed Martin
  Paul Cotton Microsoft
  Vijay Gajjala Microsoft
  Martin Gudgin Microsoft
  Chris Kaler Microsoft
  Richard Levinson Netegrity
  Jeff Hodges NeuStar
  Frederick Hirsch Nokia
  Abbie Barbir Nortel
  Vamsi Motukuru Oracle
  Ramana Turlapati Oracle
  Prateek Mishra Principal Identity
  Andrew Nash Reactivity
  Ben Hammond RSA Security
  Rob Philpott RSA Security
  Blake Dournaee Sarvega
  Pete Wenzel SeeBeyond
  Ronald Monzillo Sun Microsystems
  Jan Alexander Systinet
  Symon Chang TIBCO
  Hans Granqvist VeriSign


Membership Status Changes

  Vikas Deolaliker Sonoa Systems - Requested prospective status 3/23/2005
  Ramanathan Krishnamurthy IONA - Lost voting status after 4/5/2005 call

Done. Gudge is the lucky minute taker for this week

2. Reading/approving minutes of last meeting (22ndMarch [1] )

Minutes are approved with no objection

3. Gartner interop demo - status.

Some interop happening online between participants happening now.
Setup arrangements are satisfactory. Room available for 5 hours the day before the event. Plus 90 minutes before the actual event.
Would be useful to have a couple of end-users of WSS speak briefly about their experience. Gartner is willing to cover some of the expenses for any such volunteers
Hal is trying to pull together some slides.
Soon Hal will try to collect a list of attendees. Will probably limit to 2 people per participating company

Tony: We also need an updated document to close down remaining issues.
Hal: Hans put out a new document on Friday which resolved most of the issues. Everyone should look at that document and ensure they are happy with it.
Kelvin: For people who were registering to go, please can you repost the hotel information. 
Hal: I made a proposal for how the event would run a while ago. 
Kelvin: I've not seen that, I'll check the archives. 
Kelvin: Is there a deadline for when you need the participant names? 
Hal: Probably the Friday before the event. I'll send mail nearer the time.
Kelvin: How many companies are we up to?
Hal: 15

4. Issue list review & document status


Pending/Pending Review Issues

Issue 250

Vijay: Last meeting we were checking to see if the changes were in the document.
Tony: I've just made the changes but am still proof reading so have not send the doc out yet.

Still Pending Review



Issue 310

Vijay: I think these changes are being added to the document?
Tony: Yes, same as 250, that is the changes are in the doc but have not send the doc out yet.

Still pending review



Issue 354

This issue is to be marked 'Closed'



Issue 357

Vijay: Ron, have you looked at updating the SAML Token URI?
Ron: This is about the next version of the document. There need to be URIs to identify tokens. I don't know the back-compat requirements. In other words how a profile should be expressed in terms of 1.1 vs 2.0 SAML assertions. Some of that bears on what URIs are created.
Vijay: I would expect that we want explicit URIs for the different token types. We don't want the problem we had with X509 to occur here.
Ron: I didn't want to get into the details here of the problems with versioning URIs in our token types. I think we need to know what the subsetting capabilities of the token profiles are. e.g. Is a 1.1 token profile supposed to support a 1.0 token profile user. 
Paul: Would we mandate one way or the other WRT subsetting?
Ron: I'd just like to understand the situation more.
Pratik: Part of the challenge is that we have a version number in the SAML Tokne Profile because SAML has 1.1 and 2.0 assertions.
Ron: Independent of 357 can someone define some guidelines for back-compat requirements.
Gudge: Wouldn't the guidelines potentially vary on a per token profile basis?
Tony: Should we have seperate token profiles for SAML 1.1 and SAML 2.0
Ron: So you are saying that there is a world where support for one or the other assertion version could be optional.
Paul: Can I try to understand; what you are saying is that in the second SAML token specificaiton we would describe how an implementation could support the 1.0 token profile and 1.1 token profile. But we would NOT mandate that an implementation support both 1.0 and 1.1.
Ron: There is a somewhat implicit requirement that later token profiles have to be backward compatible with earlier versions. 
Paul: Is there a document that has this text in it?
Ron: Not yet
Paul: I'd like to see the text.
Ron: I'd like to know what the will of the TC is. Then I can figure out what the URIs would be.
Pratik: The issue is evolution of clients and servers?
Ron: Yes, and how clients and servers differentiate based on URIs. 
Pratik: Do we have some ideas of how we expect clients and/or servers to evolve. Or is that something that is not broadly characterisable?
Ron: A concrete question is 'How many implementations are being planned that will only support SAML 2.0?'
Vijay: You have answered my question. Broader statement is 'When we introduce a token profile for an updated token, we want to be able to refer to both token types seperately.'
Ron: I think that's token profile specific as Gudge said.
Vijay: Which kinds of tokens would have two different versions and not be able to distinguish between them?
Ron: X509 is one example. All implementations can process all forms. But creating distinctions so that we could rule out one or the other made things more complicated.
Vijay: I believe given the current discussion we would have two URIs in the next version of the SAML token profile; one for SAML 1.1 and one for SAML 2.0. And the profile would have words indicating how to support just one or the other.
Tony: And Ron needs to update the document with those words.
Vijay: I have a similar question. Once we have 1.1 versions of SAML token profile and core, does that automatically deprecate 1.0?
Paul: No! People can still use 1.0 specs.
Vijay: OK, just wanted confirmation.

Jeff: Oasis document process doesn't handle superceding or obsoleteing specifications.
Paul: Are you saying OASIS will give a TC a way to say 'Don't use this spec anymore'
Jeff: IETF (more mature document process) has a way to mark documents as obsoleted or 'historical' 
Vijay: I'll open an issue that the chairs can track.



Issue 364

Frederick: Not sure what is needed here.
Hal: Frederick has answered my question; doesn't support the model where attachments are processed by intermediaries.
Frederick: Draft 17 has the correct text.

Issue to be marked 'Pending Review'



Issue 371

Waiting for Tony to post updated the document.



Issue 373

Waiting for Tony to post updated core document.

Ron: Not sure what changes I need to make to SAML
Vijay: Two things; inconsistent use of whitespace between paragraphs. Inconsistent use of numbered and/or bulleted lists.

Waiting for Ron to make updated SAML document consistent with Tony's updated core.
Waiting for Thomas to make updated REL document consistent with Tony's updated core.




Issue 374

Waiting for Tony to post updated the document.




Open Issues

Issue 338

Still open.



Issue 366

Still open.
ACTION: Frederick to follow up with Tony and draft a proposal and send to list.



Issue 370

Frederick: I'm not sure we want to define what intermediaries should do.
Still open.
ACTION: Frederick to make a proposal for discussion.



Issue 376

This issue to be marked as pending.
ACTION: Frederick to incorporate his proposal into the SwA profile.



Issue 377

Still open.
Ron: The question Manveen asked me was 'What was the final outcome of the ReferenceList issue raised by Frederick?' So I think this might be a duplicate issue.


Editorial Status:

Tony is currently doing a proofread and will post an update soon.


5. Kerberos Interop planning status

Vijay: The three companies that have been participating. One company has an endpoint with requester and responder up. Other two companies have one but not the other. Plan is to finish by EOW. May be too aggresive. Will post status update later this week. No issues with token profile or interop scenarioes, just config/setup issues. Will extend into next week if interop not achieved this week.


6. Other business

No other business.

7. Adjournment

Meeting adjourned after 60 minutes.




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]