OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes from focus group call, June 1





Eve Maler
Rob Phillpot
Irving Reid
Jeff Hodges
Peter Davis
John Lien
John Hughes
Scott Cantor


1. Review of recently updated documents

Scott walks us through

(a) http://www.oasis-open.org/apps/org/workgroup/security/download.php/6998/sstc-saml-core-2.0-draft-14-diff.pdf

includes changes to SubjectConfirmationData which are moved from profile into core. AuthenticationMethod replaced
by AuthenticationCOntext work. Number of smaller changes based on instructions from previous conference call.

Missing items:
 + schema fragments from ECP to be pulled into core-15



(b) http://www.oasis-open.org/apps/org/workgroup/security/download.php/7000/sstc-saml-bindings-2.0-draft-12-diff.pdf

Substantive changes: replace GZIP by deflate. Split out HTTP re-direct from HTTP POST binding. 


(c) http://www.oasis-open.org/apps/org/workgroup/security/download.php/7002/sstc-saml-profiles-2.0-draft-09-diff.pdf

DIscussion around the use of "SHOULD" for describing processing rules around assertion validity.

Frederick: joins late, wants to catch up on ECP changes in profile etc.

(d)  http://www.oasis-open.org/apps/org/workgroup/security/download.php/7018/sstc-saml-metadata-2.0-draft-05-diff.pdf

No substantive changes to metadata, just includes updates from Peter and others.

2. Discussion around limiting possible combinations of implementations for bindings and profiles.

One model is to focus on implementations of pairs of messages
<AuthNRequest, AuthNResponse> and to figure out the mandatory implementations.

Scott:

Typical use-cases in ID-FF 1.2 that have been implemented 

AuthNRequest : HTTP-redirect
AuthNResponse: FORM Post, artifact

Prateek: This addresses some of the issues that have been of concern in my organization.

AI: Prateek to address how this might be reflected in a conformance document.
AI: Prateek to initiate discussion of the conformance model and create draft by June 15.


3. Issue List

Eve steps us through issues:

Core-07: stay with SOAP 1.1
Core-08: closed.
Core-09: discuss further
Core-12: discuss further
Core-16: changes have been proposed in a mesage from EVe, accept at F2F
Core-19: closed
Core-21: Stays open.
Core-22: Stays open, should be easy to close.
Core-24: Closed.
Core-25: Open, attention to John Kemp

Bind-3: Open till F2F

4. discussion of latest attribute profile document

Attribute Profile update to main profile document, contact Scott and Frederick.

Eve to ping XACML committee concerning submission of XACML Attribute profile.

Update to Attrname instead Attname. Suggestion to replace "Simple" by "Basic".

5.

ACTION TO ALL: At next conference call, work thru issues list and assign owners to report/resolve
by June 15 F2F.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]