[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Agenda for the April 27 Conference Call
Agenda for SSTC Telecom, Tuesday, 27 April ------------------------------------------ Dial in info: +1 865 673 6950 #351-8396 1. Approval of Minutes from Previous Conference Call http://lists.oasis-open.org/archives/security-services/200404/msg00057.html 2. F2F Meeting Ballots have closed I can attend during the week of 07-June 13 I can attend during the week of 14-June 13 With Toronto leading. 3. F2F Proposed dates Monday, June 14, 10:00-5:00 Tuesday, June 15, 9:00-5:00 Wednesday, June 16, 9:00-2:00 HP/Irving Reid to host in Toronto, Ontario, Canada 4. (a) proposal concerning attributes in core text and relationship to SAML Attribute Profiles document: (1) The SAML Core document retain a fairly high-level approach towards <samlp:AttributeQuery> and <saml:AttributeDesignator> elements. In particular, it should not specify elements/attributes/values which are of interest only to particular communities. We would retain URI-based attribute naming within core and also include language explaining how to determine identity of <attributedesignators> for this case This would also mean removal of <samlp:Resource> (2) Guidance on creating specific attribute profiles be provided in a separate document (A first cut is available in the most recent draft of the Attribute Profiles for SAML 2.0, draft-hughes-mishra-baseline-attributes-03.pdf). This would include the naming profiles (ValueType attribute), any additional XML attributes defined by the profile, syntax for attribute names, rules for determining equality of attribute designators. (3) Specific attribute profiles of interest to the SAML community be added to the document. The current document includes definitions of a X.500/LDAP and DCE UUID profile. (b) XACML Attribute Profile Proposal We see value in there being a SAML attribute profile that is compatible with XACML's needs. Such a profile would in no way constrain application of the more general definition of SAML. To this end, we make the following proposal: we would develop a profile for SAML attributes that are to form input to an XACML decision engine. Such a profile would be progressed under the procedures of the SAML committee, but the XACML committee would supply the development effort. Members of the SAML committee (of course) would be expected to review the profile from the point of view of consistency with the aims of the SAML committee and to approve it as one of their products. There are a number of reasons for proposing this as a SAML (rather than an XACML) work item. The first is that we want to ensure that the SAML expertise is brought to bear on the topic. The second is that we expect SAML attribute designers to seek guidance amongst the documents of the SAML committee, rather than any other (such as XACML). The final reason is that (obviously) we ARE talking about a profile of the SAML spec., not the XACML spec.. (c) Review of recently published drafts http://www.oasis-open.org/apps/org/workgroup/security/download.php/6527/sstc -saml-authn-context-2.0-draft-04a-diff.sxw http://www.oasis-open.org/apps/org/workgroup/security/download.php/6438/sstc -saml-profiles-2.0-draft-06-diff.pdf (d) Action Item Review CONSOLIDATED LIST TO FOLLOW IN THE AM
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]