OGSA Express Authentiation Protocol Session
9 May 2007
------------------------------------------
	Meeting Minutes:  Mark Morgan

Proposed Agenda
---------------
	* Agenda Bashing
	* Objective
	* Use Cases
	* Draft Profiles
	* Actions going forward

* We need to clarify what we mean by client in the documents.
* This group should focus on how tokens are passed around, not what you
  do with those tokens at the remote sight.
	- Title of this group seems to be too narrow for what this group
	  is really doing.
	- Group should not focus on the content of the message, just the
	  names of the elements.
* WS-SecurityPolicy has a mechanism for describing how to describe things,
  but not where.  We should look into this.
* What use case drives the not mutual authentication?
	- The client may not have a useful cert. to authenticate with (other
		authenticate with).
	- Web sites don't do mutual auth.
	- We have to have a use case for non-mutual auth.
* They should about 3 different ways for client/server pairs to
  interroperate.  Is there a guaranteed way that two can communicate?
* We must consider a MUST in the documents.  i.e. a provider MUST support
  one or more of the following.

Should we continue?
	Strawpoll? only people in favor of continuing.