Minutes from Focus group meeting, January 27

["Mishra, Prateek" <pmishra@netegrity.com>]

Focus Call on January 27, 2004
------------------------------

Eve Maler
Scott Cantor
Prateek Mishra
Rob Philpott
Ron Monzillo
Darren Platt
Bob Morgan


(1) Discussion of issuer representation proposal draft-sstc-AssertIssue-02: 
Solution proposal for updating the issuer attribute along the lines of
subject. 

Eve has published core-03 with updates based on this draft. Core-03 also
addresses
the question of providing an issuer attributes for all the different
messages
found in SAML. 

Further suggestion from Scott: change default on the issuer format indicator
to the common case. This will help with maintaining compactness in
situations where
size is a constraint.



(2) Eve suggests that reviewers look at the new core document. At the F2F we
should
plan to vote on suggested changes. SSTC members should be aware that we are
planning 
to move along these lines.

People should look at both 03-diff and 03-interim-diff draft. Between them
they have all
of the changes highlighted.

(3) Eve's review of normative references from SAML 1.1. This list is being
sent forward to
the ITU as part of this standardization. The proposal is structured starting
with conformance
which points to relevant SAML normative documents. Eve will send message to
Karl later today.

(4) W-5: SSO Profile enhancements 
This proposal suggests we a
ccept text from ID-FF 1.2, Section 3.2 to be included within SAML 2.0.

Scott suggests that web sso profiles are protocol bindings for this message
flow. This brings in
both "profiles" and "bindings" within a single framework. 

The suggestion is that we will break the discussion at the F2F into two
parts: Section 3.2 and amendments
vs. profiles/bindings. 

Bob questions whether the AuthNRequest message is really similar to the
other SAML query messages. 
The SAML query messages refer to authentication events that took place in
the past. The AuthNRequest
message may cause an authentication to take place as a result.

Discussion whether ID-FF has made the correct choices in terms of mingling
profiles and protocol
schema. 

(a) Liberty places inResponseTo within the assertion -- is this a good
design? 
(b) Liberty use of audience to replace SAML "recipient".

This issue needs to be discussed at the F2F systematically.

(5) W2a: Attribute-based SSO

Provide processing statements for attribute based processing and models. SSO
assertion has a short life-time
and does it have an impact on attribute statements. Clarify relationship
been assertion life-time and 
attribute life-time. Do we still need this concept of short-lived SSO
assertion in SAML 2.0? Or does
ID-FF 1.2 alternative counter-measures?

So is there an need to update to ID-FF 1.2 protocols? Should the
AuthNRequest hold attribute names?

Whether SAML 2.0 processors will implement attribute processing is going to
be determined by the
conference statements.


(6) Scott comments on the latest core draft. The proposed changes to SAML
protocol is based on use of a
wrapper element that holds a generic request/response element. 
Protocol flows are re-spun so that many different message flows can be dealt
with uniformly. Eve also 
raises an issue about the domain model --- should it really be directly
reflected in the domain model.


(7) Bob Morgan discusses the credential collector work. 


(8) What are the goals of the F2F?
    - approval of core 03
    - Liberty ID-FF 1.2, Section 3.2
    - Editor's work in a break-out room
    - Contact all champions who are in arrears concerning their solution
proposals
    - Chairs should give status and champions should describe progress
    - How to prioritize and start closing on specific items? Call on Friday.
    - WS-I Security call on THursday, 3-5. 
    - Tuesday, 1:30-2:30, InterOp call

(9) Darren Platt to present at the F2F on PingID/SourceID protocol
testing/scripting engine