Draft meeting minutes Sep 30, 2014

[Mohammad Jafari <mjafari@edmondsci.com>]

Minutes for 30 September 2014 TC meeting.

Started at: 2:10 pm EDT

 

**Attendance:

Duane DeCouteau (Voting Members)

Mike Davis (Voting Members)

Mohammad Jafari (Chair)

Scott Robertson (Observer)

Kathleen Connor (non-member, HL7)

 

Quorum was reached ( 3 out of 3 (%100) of voting members)

 

- Resolution of the OASIS Technical Advisory Board comments:

 

Mohammad: Most of the comments are editorial. There are only a few that need discussion.

 

Mohammad gave a brief overview of the editorial comments and how they are fixed.

 

Mohammad: The reference for the definition of Functional vs. Structural roles (HL7 Role Engineering Document) is outdated and apparently superceded by a newer documenr which does not include this definition. I was not able to find the definitions anywhere else even in academic references.

Kathleen: The ASTM must include these definitions.

Kathleen said she will provide some references.

 

Mike: We should refer to NIST-800-63-2 instead of NIST-800-63-1.

Mohammad will fix this. 

 

Mohammad: The issue of conformance to SAML 2.0 has been raised by the OASIS TAB. To what parts of SAML 2.0 do we need to require conformance? I think only the format of the SAML assertions (part 2) is required and we do not need conformance to any specific protocols since SAML assertions might be used in other protocols like OAuth.

 

Mike: How about conformance to HL7 vocabularies?

 

Mohammad: We intended to leave that open to keep the profile international.

 

Kathleen: Maybe we can have a US-realm conformance clause.

 

Mike: Is that OK with OASIS? We need to check this.

 

Mohammad: I will check with OASIS. This will not be a matter of a sentence in the conformance section though. We need to refer to the standards for each attributed.

 

Mike: Maybe a table that specifies the normative value-set for each attribute.

 

- Approval of the minutes from the previous meeting (1 July 2014):

https://lists.oasis-open.org/archives/xspa/201407/msg00000.html

Unanimously approved.

 

Kathleen: How about the issue of using URNs for encoding attribute values which was raised in the last meeting.

 

Mohammad: I haven't got a chance to researched that yet.

 

Kathleen: We probably need to check that with the respective HL7 work groups if the values are not represented as HL7 data types.

 

Mohammad: If we make that decision we will certainly check that.  

 

Mohammad: I will send an updated version of the documents and if members are comfortable with the text we need to take votes for another round of public reviews in the next meeting. 

 

Adjourned at: 2:55pm EDT. 

 

Regards,

Mohammad Jafari, Ph.D.

Chair, OASIS Cross-Enterprise Security and Privacy Authorization (XSPA) Technical Committee