|
#0162: Proposal to replace SAML AuthenticationMethod
Ids
|
|
Owner: John Kemp
|
|
Status: Open
|
|
Assigned: 11 May 2004
|
|
Due: ---
|
|
Comments:
Prateek Mishra 2004-05-11 05:37 GMT
Replace AuthNMethod Ids by AuthNContext
framework
Scott, Bob: Maybe there is not enough context in the original definition
anyway, not very clear what
X.509 means, for example, could SSL-based mutual authentication fall into
this category?
Jahan: X.509 is not very descriptive, need more
detail.
Bob Morgan: suggests we proceed with a fresh approach based on our current
understanding of these
matters.
|
|
|
|
#0161: Remove KeyInfo from
Assertion top-level
|
|
Owner: Eve Maler
|
|
Status: Open
|
|
Assigned: 30 Apr 2004
|
|
Due: ---
|
|
Comments:
Prateek Mishra 2004-04-30 18:16 GMT
o Mike - what is difference in meaning for KeyInfo
at top versus KeyInfo inside SubjectConfirmationData
o Eve - no, just a syntactic
o discussion ensues, decision to remove KeyInfo
o Prateek - eliminating holder of key, Ron will have comments
o Decision - remove KeyInfo, allow within SubjectConfirmationData
*** AI - Eve to implement decision on core 18 after checking with Ron
|
|
|
|
#0160: Separate Privacy concerns language from
Element/Attribute descriptions
|
|
Owner: Prateek Mishra
|
|
Status: Open
|
|
Assigned: 30 Apr 2004
|
|
Due: ---
|
|
Comments:
Prateek Mishra 2004-04-30 18:14 GMT
Jeff H - We need to highlight privacy considerations related to core, could
be notes in core, could be section.
*** AI: Prateek - will generate list potential changes from core
|
|
|
|
#0158: Propose changes to definition of Federation in glossary
|
|
Owner: Prateek Mishra
|
|
Status: Open
|
|
Assigned: 30 Apr 2004
|
|
Due: ---
|
|
Comments:
|
|
|
|
#0157: Define Binding and Profile in Glossary
|
|
Owner: Jeff Hodges
|
|
Status: Open
|
|
Assigned: 30 Apr 2004
|
|
Due: ---
|
|
Comments:
Prateek Mishra 2004-04-30 18:10 GMT
o "atomic unit of interoperability" proposed
|
|
|
|
#0155: Message asking if deprecation of AuthenticationMethod
is acceptable
|
|
Owner: Prateek Mishra
|
|
Status: Open
|
|
Assigned: 30 Apr 2004
|
|
Due: ---
|
|
Comments:
|
|
|
|
#0154: Schema changes so that AuthenticationMethod
and AuthContext are parallel choices
|
|
Owner: John Kemp
|
|
Status: Open
|
|
Assigned: 30 Apr 2004
|
|
Due: ---
|
|
Comments:
Prateek Mishra 2004-04-30 17:58 GMT
We need to resolve if we will deprecate SAML AuthenticationMethod
*** AI: On hold - make schema changes so that AM and AuthContext
are parallel choices
|
|
|
|
#0153: add ReauthenticateOnOrAfter
|
|
Owner: Scott Cantor
|
|
Status: Open
|
|
Assigned: 29 Apr 2004
|
|
Due: ---
|
|
Comments:
|
|
|
|
#0151: Limit number of supported combinations
|
|
Owner: Prateek Mishra
|
|
Status: Open
|
|
Assigned: 29 Apr 2004
|
|
Due: ---
|
|
Comments:
Prateek Mishra 2004-04-29 22:04 GMT
o PM- just because we can do it 3 ways doesn't mean
we have to define them as SAML approved. Need to pull their weight. Somebody
needs to drive this discussion. So who is going to this?
*** AI: Prateek takes ownership of driving a discussion on limiting combinations.
|
|
|
|
#0150: Relax Single AuthNStatement
Constraint
|
|
Owner: Scott Cantor
|
|
Status: Open
|
|
Assigned: 29 Apr 2004
|
|
Due: ---
|
|
Comments:
Prateek Mishra 2004-04-29 22:02 GMT
o SC- Response Profile more extensive than that for AuthnRequest
o IR - the restriction that there be only a single AuthenticationStatement
is too strict, SC- OK (will change)
*** AI: Scott: Relax AuthenticationStatement
Occurrence
|
|
|
|
#0148: Artifact format proposal for SAML 2.0
|
|
Owner: Jeff Hodges
|
|
Status: Open
|
|
Assigned: 29 Apr 2004
|
|
Due: ---
|
|
Comments:
Prateek Mishra 2004-04-29 21:58 GMT
o An action is needed to propose artifact types;
SAML and Liberty have different types, and Liberty's includes metadata.
o Prateek believes that convergence on a single type
is desirable, and that this should have been done in SAML 1.1;
o Jeff Hodges agrees with this goal, but Rob sees this as less important.
o Liberty's artifact format contains a hash of a provider's identity,
which doesn't permit metadata lookup. Backward compatibility will need to be
considered if and as new types are specified.
*** AI: Jeff Hodges will make a concrete proposal for a common artifact
format.
|
|
|
|
#0147: Chairs to solicit comment from saml-dev
on gzip encoding
|
|
Owner: Prateek Mishra
|
|
Status: Open
|
|
Assigned: 29 Apr 2004
|
|
Due: ---
|
|
Comments:
Prateek Mishra 2004-04-29 21:57 GMT
Prateek wants to avoid having multiple encoding methods, and a working
consensus in favor of the gzip approach appears to
be developing.
o Jeff Hodges suggests that implementers' comments
be solicited, and Prateek recommends that the chairs send a message to the saml-dev list.
*** AI: Chairs to solicit comments.
|
|
|
|
#0146: SOAP Binding works with WSS Model
|
|
Owner: Hal Lockhart
|
|
Status: Open
|
|
Assigned: 29 Apr 2004
|
|
Due: ---
|
|
Comments:
Prateek Mishra 2004-04-29 21:54 GMT
*** AI: Hal: Look at SOAP binding and make sure hand waving on WS-Security
works.
|
|
|
|
#0145: Encryption Schema and Examples
|
|
Owner: Hal Lockhart
|
|
Status: Open
|
|
Assigned: 29 Apr 2004
|
|
Due: ---
|
|
Comments:
Prateek Mishra 2004-04-29 21:53 GMT
Hal: Summary: agreement to encrypt SAML Attribute Statement. Allow encryption
of Assertion Statement, NameIdentifier and
Attribute Statement.
*** Follow-up: Need schema and some examples.
|
|
|
|
#0144: Explain optional subject decision
|
|
Owner: Eve Maler
|
|
Status: Open
|
|
Assigned: 29 Apr 2004
|
|
Due: ---
|
|
Comments:
Prateek Mishra 2004-04-29 21:51 GMT
*** AI: Eve: Optional subject implemented in core spec prose. Schema shows
that subject is optional.
o Eve: Has wanted to create a rationale for some of the decisions made on
spec. Decision on subject less statements is a good example of what needs to
be documented. Making an explicit design decision that is not really explicit
on. By choosing to add prose to core spec we're making a stealth abstract
profile (generic design decision) that applies to all explicit profiles.
o Scott: data model (design) decision to require
subjects in all SAML statements.
|
|
|
|
#0143: Check SAML schema for consistency
|
|
Owner: Eve Maler
|
|
Status: Open
|
|
Assigned: 29 Apr 2004
|
|
Due: ---
|
|
Comments:
Prateek Mishra 2004-04-29 21:49 GMT
*** Follow-up: Examine SAML schema for consistent use of XML attributes vs.
elements
|
|
|
|
#0141: Review/fix boilerplace
text for Artifact Protocol
|
|
Owner: Eve Maler
|
|
Status: Open
|
|
Assigned: 27 Apr 2004
|
|
Due: ---
|
|
Comments:
Prateek Mishra 2004-04-27 15:24 GMT
o Prateek: Should we sign or authenticate?
o Scott: Common language on all protocol messages.
o Prateek: Concerned about text on line 2118
"...SHOULD be signed or otherwise authenticated...."
o Scott: Not a MUST, need to provide some recommendation to protect message.
o Eve: this is boiler plate text for all messages.
Need to agree on the correct text for this.
***Follow-up: Review/fix boilerplate text re: recommendation for protecting
messages
|
|
|
|
#0140: Update extensions element to use ##other
|
|
Owner: Eve Maler
|
|
Status: Open
|
|
Assigned: 27 Apr 2004
|
|
Due: ---
|
|
Comments:
Prateek Mishra 2004-04-27 15:22 GMT
Scott - added Extensions element - modeled to be consistent with SOAP header
element - i.e. multiple extensions within one Extensions (header) element.
o Discussion of ##any vs. ##other.
o Should use ##other.
o Scott - should we have a wrapper element for
extensions?
*** Follow-up: Resolution: change Extension to use ##other
|
|
|
|
#0139: Followup on a recipient
attribute for the encryption key
|
|
Owner: Scott Cantor
|
|
Status: Open
|
|
Assigned: 27 Apr 2004
|
|
Due: ---
|
|
Comments:
Prateek Mishra 2004-04-27 15:20 GMT
Eve reviews EncryptedNameID
o Scott mentions 0 or more key distribution for Enc NameIDs. Scott also mentions 'recipient' attribute for
the key - do we want to make that a MUST?
|
|
|
|
#0138: Schema snippet for UID Attribute Profile
|
|
Owner: Scott Cantor
|
|
Status: Open
|
|
Assigned: 27 Apr 2004
|
|
Due: ---
|
|
Comments:
Prateek Mishra 2004-04-27 15:10 GMT
XML schema for UID/OID plus friendly name
|
|
|
|
#0137: Propose text for core on validity of assertions
|
|
Owner: Bob Morgan
|
|
Status: Open
|
|
Assigned: 27 Apr 2004
|
|
Due: ---
|
|
Comments:
Prateek Mishra 2004-04-27 15:07 GMT
http://lists.oasis-open.org/archives/security-services/200404/msg00048.html
|
|
|
|
#0136: SSO Validity Proposal to be moved into bindings
draft
|
|
Owner: Scott Cantor
|
|
Status: Open
|
|
Assigned: 27 Apr 2004
|
|
Due: ---
|
|
Comments:
Prateek Mishra 2004-04-27 15:02 GMT
- Scott to implement SSO validity from proposal into
next draft
|
|
|
|
#0135: Why does signature need to be the first element?
|
|
Owner: Eve Maler
|
|
Status: Open
|
|
Assigned: 27 Apr 2004
|
|
Due: ---
|
|
Comments:
Prateek Mishra 2004-04-27 15:00 GMT
- Eve to ask Bhavna to post motivation for moving
Signature to
front
|
|
|
|
#0134: Availability of GZIP Implementations
|
|
Owner: Greg Whitehead
|
|
Status: Open
|
|
Assigned: 27 Apr 2004
|
|
Due: ---
|
|
Comments:
Prateek Mishra 2004-04-27 14:58 GMT
- Greg to ensure that readily available GZIP implementations
can conform to our description in bindings
|
|
|
|
#0133: Review role of EncryptedNameID
recipient attribute
|
|
Owner: Scott Cantor
|
|
Status: Open
|
|
Assigned: 13 Apr 2004
|
|
Due: ---
|
|
Comments:
|
|
|
|
#0132: Text to explain privacy reqts
when using certain NameFormat values
|
|
Owner: John Kemp
|
|
Status: Open
|
|
Assigned: 13 Apr 2004
|
|
Due: ---
|
|
Comments:
|
|
|
|
#0131: Migration document describing changes to subject in
SAML 2.0
|
|
Owner: Jeff Hodges
|
|
Status: Open
|
|
Assigned: 13 Apr 2004
|
|
Due: ---
|
|
Comments:
Prateek Mishra 2004-04-13 04:31 GMT
Explain how treatment of subjects have changed in going from SAML 1.X
to SAML 2.0. This might be an action for Scott?
|
|
|
|
#0130: Respond to paper on SAML 1.1 Browser Profiles
|
|
Owner: Prateek Mishra
|
|
Status: Open
|
|
Assigned: 29 Mar 2004
|
|
Due: ---
|
|
Comments:
Prateek Mishra 2004-03-29 17:04 GMT
Maryann Hondo and Prateek Mishra to draft response to paper by Thomas Gross.
|
|
|
|
#0128: Liason with XRI Data
Interchange
|
|
Owner: Hal Lockhart
|
|
Status: Open
|
|
Assigned: 02 Mar 2004
|
|
Due: ---
|
|
Comments:
Prateek Mishra 2004-03-02 04:33 GMT
Hal will generate a posting on possible need to liaison.
|
|
|
|
#0125: Propose language to explain that AuthNResponse
may contain attribute statements
|
|
Owner: Prateek Mishra
|
|
Status: Open
|
|
Assigned: 16 Feb 2004
|
|
Due: ---
|
|
Comments:
Prateek Mishra 2004-02-16 14:46 GMT
Easy to do but needs proposal on validity of assertion life-times as well.
|
|
|
|
#0123: Obtain MIME type registration for HTTP lookup of
SAML
|
|
Owner: Jeff Hodges
|
|
Status: Open
|
|
Assigned: 13 Feb 2004
|
|
Due: ---
|
|
Comments:
|
|
|
|
#0117: Describe use-cases for attribute-based SSO in
relationship to ID-FF 1.2 NameIdPolicy
|
|
Owner: Prateek Mishra
|
|
Status: Open
|
|
Assigned: 11 Feb 2004
|
|
Due: ---
|
|
Comments:
|
|
|
|
#0114: Propose language to address attribute-based
federation
|
|
Owner: Prateek Mishra
|
|
Status: Open
|
|
Assigned: 19 Jan 2004
|
|
Due: ---
|
|
Comments:
Prateek Mishra 2004-01-20 03:22 GMT
http://lists.oasis-open.org/archives/security-services/200312/msg00064.html
|
|
|
|
#0105: Respond to IBM Analysis Paper
|
|
Owner:
|
|
Status: Open
|
|
Assigned: 19 Jan 2004
|
|
Due: ---
|
|
Comments:
Prateek Mishra 2004-01-19 23:09 GMT
- [ACTION] Scott & Tony to make recommendations based on IBM security
analysis paper
|