[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Draft minutes from 7 Apr 2009 SSTC call
Eve Maler wrote: > On Apr 6, 2009, at 7:49 PM, <Mail Display Name> > <hal.lockhart@oracle.com> wrote: >> Roll Call & Agenda Review Voting Members ============= > Hal Lockhart Oracle Corporation (Co-Chair) > Rob Philpott EMC Corporation > John Bradley Individual > Jeff Hodges Individual > Scott Cantor Internet2 > Nathan Klingenstein Internet2 > Bob Morgan Internet2 > Tom Scavo NCSA > Frederick Hirsch Nokia Corporation > Paul Madsen NTT Corporation > Ari Kermaier Oracle Corporation > Kent Spaulding Skyworth TTG Holdings Limited > Eve Maler Sun Microsystems > Emily Xu Sun Microsystems > David Staggs Veterans Health Administration > > Members ============== > Brian Campbell Ping Identity Corporation > Srinath Godavarthi Nortel > Thomas Hardjono M.I.T. (Co-chair) Quorum: 15 out of 17 voting members Membership Status Change: Thomas has been elected co-chair but needs next meeting attendance to gain voting status. > Official attendance to be supplied. Quorum reached handily. > >> Need a volunteer to take minutes > > Eve agreed to take minutes. > >> 1. Minutes >> >> 1.1 Minutes from SSTC/SAML conference call March 24, 2009 >> http://lists.oasis-open.org/archives/security-services/200903/msg00059.html >> > > Minutes APPROVED by unanimous consent. > >> 2. Announcements >> >> 2.1 Public Review of SAML 2.0 Profiles >> http://lists.oasis-open.org/archives/security-services/200903/msg00062.html >> >> Review ends May 25th >> >> 2.2 Thomas Hardjono has nominated himself for Co-Chair >> http://lists.oasis-open.org/archives/security-services/200904/msg00005.html >> >> >> 2.3 Reminder - Meetings will be every four weeks - Next call May 5 > > If there's a period of intense work, we can always increase the > frequency temporarily, but Hal has removed the alternate meetings from > our online calendar through August. > >> 3. Document Status >> >> 3.1 Diff version of LOA Authncontext Profile Draft 2 uploaded >> http://lists.oasis-open.org/archives/security-services/200903/msg00053.html >> >> >> >> 4. Discussion >> >> 4.1 Election of Co-Chair > > Hearing no other nominations besides Thomas, a motion was made by Rob > and seconded by Bob to accept Thomas Hardjono as co-chair. Eve spoke > in favor. Motion APPROVED by unanimous consent. > > Thomas introduced himself. Starting in December 2008, he's been > working with the MIT Kerberos Consortium. He started to work with > SAML in 2002, while at VeriSign. (Phill Hallam-Baker was his peer in > the CTO's office there.) Thomas had spent more time on the XACML and > XRML efforts at OASIS in that era. His motivation for nominating > himself was to begin contributing more actively to the community, and > a formal co-chair role is recognized as constructive contribution by > his new employer. > > Hal with work with Thomas to get him up to speed on procedures and such. > >> 4.2 question on MNI request for SP Lite/IdP Lite >> http://lists.oasis-open.org/archives/security-services/200903/msg00055.html >> > > (Kyle Meadors isn't on the call.) > > Ari notes that the Liberty folks are still discussing the matter. The > MUST NOT clauses in question seem ill-considered in retrospect. At > the time, the discussion had to do with relieving SPs of an MNI burden > if they didn't generally deal with any kind of persistent state. > Scott recalls that we didn't want to set this as OPTIONAL because it > would somehow make second-class citizens of some implementations (in > marketing terms), which indeed does seem weird. But given experience > with last year's conformance testing, Ari observes that some > implementors do seem committed to testing both full and lite. > > Hal suggests that the answer is to define some additional > conformance/operational mode. Dealing with this in errata doesn't > seem appropriate. Scott isn't not heavily focused on this issue, and > so isn't offering assistance to do this. > > There's a difference between the capability of supporting a feature > and deployment with the feature turned on (or otherwise explicitly > exposed). We don't want to get into deployment > configuration/variation questions. > >> 5. Other business > > XSPA Profile of SAML: > > http://lists.oasis-open.org/archives/security-services/200904/msg00007.html > > > David will add a column to his spreadsheet (attached to the message > referenced above) where he'll propose dispositions, in such a way that > people can easily track and comment on those proposals. Hal suggests > that we field responses to comments on the list. > > Don't miss David's mail, which has a photo from the floor of HIMSS. > > Distinguishing Basic HTTP authentication mechanisms from form-auth: > > http://lists.oasis-open.org/archives/security-services/200904/msg00008.html > > > In a project to use SAML with WebDAV, a question has come up. Let's > continue the discussion on the list. > > RSA conference: > > Hal is speaking on XACML on the Friday. Come on down! And the big > day-long identity workshop being held on the Monday had 1000 signups. > >> 6. Action Items >> >> None open > > Scott agreed to clean up the errata, so this is pending. > > > Eve Maler eve.maler @ sun.com > Emerging Technologies Director cell +1 425 345 6756 > Sun Microsystems Identity Software www.xmlgrrl.com/blog
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]