[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: IMI TC Minutes, Aug 20th 2009
1. Call to order/roll call Jeffrey Broberg CA* Michael McIntosh IBM John Bradley Individual Scott Cantor Internet2 Marc Goodner Microsoft Corporation Michael Jones Microsoft Corporation Anthony Nadalin Microsoft Corporation Dale Olds Novell* Observers: Rob Philpott EMC Corporation Lost voting status None Gained voting status None 2. Discussion Initial submission of SAML 2.0 token profile http://www.oasis-open.org/committees/download.php/33841/draft-imi-saml2-profile-01.pdf http://www.oasis-open.org/committees/download.php/33840/draft-imi-saml2-profile-01.odt Reformatted from earlier SSTC submission Describes a managed token profile for SAML 2.0 Main motivation to produce a profile consistent with SAML usage in other authentication protocols Minimize need for code changes from other existing implementations Patterned after usage in other profiles Describes rules for mapping infocard claims to SAML attributes NameIdentifier conventions also described - Does allow for requesting NameIdentifier as a claim Assertion content, confirmation method (esp. for Bearer), encryption usage, and identifiers described Some outstanding work in relation to open discussion about identifying relying parties Note editorial issue: SIP should be IMI Mapping of claims to attributes Current practice dividing claims into attribute statements usually takes attribute name past last /, namespace uri before the / Mapping urn to claim is difficult given lack of / Opinion 1) we should not dictate this mapping, that should be done only in profiles 2) claims should be defined by URIs and that fidelity should be maintained in mapping to tokens These principles are covered in the SAML 2.0 token profile above What about non uri forms, e.g. OIDs? Disagreement on mapping OIDs to URIs Base claim type in the identity schema is typed as URI Still an issue around SAML 1.1 token, no profile for managed cards Should we define one that describes current practice to improve interoperability? Discussion of how to set the marker for getting attribute name out of a claim uri vs. not the uri being the name (and should thus not be changed) Most of the text in the SAML 2.0 profile should be applicable to a 1.1 profile as well Mike to follow up with proposal to TC Object tag extensions or not Should we look at extensions to point to SP, e.g. object tag, xhtml, uris, xrds If no resource STS required, may be relevant to object tag Describing IdP discovery, not sure where discussions are going, different communities, may need a straw man to move forward Track current proposals or work on a new one to unify later? Probably premature to take a position that the object tag is near obsolescence Top issues not covered by object tag syntax today: What about multiple issuers, particularly a set? SP can express, but selectors ignore Control ApplisTo without SP? Value filtering on claims? 3. Other business Next call is Sept 3rd 4. Adjournment |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]