[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes from Focus group meeting, January 27
Focus Call on January 27, 2004 ------------------------------ Eve Maler Scott Cantor Prateek Mishra Rob Philpott Ron Monzillo Darren Platt Bob Morgan (1) Discussion of issuer representation proposal draft-sstc-AssertIssue-02: Solution proposal for updating the issuer attribute along the lines of subject. Eve has published core-03 with updates based on this draft. Core-03 also addresses the question of providing an issuer attributes for all the different messages found in SAML. Further suggestion from Scott: change default on the issuer format indicator to the common case. This will help with maintaining compactness in situations where size is a constraint. (2) Eve suggests that reviewers look at the new core document. At the F2F we should plan to vote on suggested changes. SSTC members should be aware that we are planning to move along these lines. People should look at both 03-diff and 03-interim-diff draft. Between them they have all of the changes highlighted. (3) Eve's review of normative references from SAML 1.1. This list is being sent forward to the ITU as part of this standardization. The proposal is structured starting with conformance which points to relevant SAML normative documents. Eve will send message to Karl later today. (4) W-5: SSO Profile enhancements This proposal suggests we a ccept text from ID-FF 1.2, Section 3.2 to be included within SAML 2.0. Scott suggests that web sso profiles are protocol bindings for this message flow. This brings in both "profiles" and "bindings" within a single framework. The suggestion is that we will break the discussion at the F2F into two parts: Section 3.2 and amendments vs. profiles/bindings. Bob questions whether the AuthNRequest message is really similar to the other SAML query messages. The SAML query messages refer to authentication events that took place in the past. The AuthNRequest message may cause an authentication to take place as a result. Discussion whether ID-FF has made the correct choices in terms of mingling profiles and protocol schema. (a) Liberty places inResponseTo within the assertion -- is this a good design? (b) Liberty use of audience to replace SAML "recipient". This issue needs to be discussed at the F2F systematically. (5) W2a: Attribute-based SSO Provide processing statements for attribute based processing and models. SSO assertion has a short life-time and does it have an impact on attribute statements. Clarify relationship been assertion life-time and attribute life-time. Do we still need this concept of short-lived SSO assertion in SAML 2.0? Or does ID-FF 1.2 alternative counter-measures? So is there an need to update to ID-FF 1.2 protocols? Should the AuthNRequest hold attribute names? Whether SAML 2.0 processors will implement attribute processing is going to be determined by the conference statements. (6) Scott comments on the latest core draft. The proposed changes to SAML protocol is based on use of a wrapper element that holds a generic request/response element. Protocol flows are re-spun so that many different message flows can be dealt with uniformly. Eve also raises an issue about the domain model --- should it really be directly reflected in the domain model. (7) Bob Morgan discusses the credential collector work. (8) What are the goals of the F2F? - approval of core 03 - Liberty ID-FF 1.2, Section 3.2 - Editor's work in a break-out room - Contact all champions who are in arrears concerning their solution proposals - Chairs should give status and champions should describe progress - How to prioritize and start closing on specific items? Call on Friday. - WS-I Security call on THursday, 3-5. - Tuesday, 1:30-2:30, InterOp call (9) Darren Platt to present at the F2F on PingID/SourceID protocol testing/scripting engine
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]