OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: SSTC Conference Call Minutes, July 7







AI: Rick will review conformance document to ensure that requirements expressed in profile are met.

AI: Prateek, Jeff, Eve, Frederick to discuss errata proposal.

AI: Eve to check with Jeff on plans to update SAML Server Trust document.


1. Roll Call.
	Quorum present. Steve to provide attendance separately.

2. Agenda bashing -- added agenda item to discuss work item status. Several
e-mails have been posted on the list.

3. Minutes accepted from previous conference call.

http://lists.oasis-open.org/archives/security-services/200406/msg00091.html 

4. Document review.  Scott’s status message: 

http://lists.oasis-open.org/archives/security-services/200407/msg00017.html 

Scott:

Meta-data document has been updated. Web SSO parts of profile document have been
updated. Attribute profile component still incomplete and major work item.

John Hughes: 

Reviewing profiles and bindings for SAML 2.0 Overview document. 

Rick Randall: Possibility of incorporating profile submitted on June 23rd within 
SAML 2.0 profile document? 

Rick moves: sstc-saml-x509-authn-based-attribute-protocol-profile-2.0-draft-01
be included in the SAML 2.0 profiles document.

Hal seconds.

Discussion: 

Mike McIntosh - Concern that there is a deadline for proposals and it is long
past.

Tony Nadalin - havent had time enough to digest proposal.

Scott Cantor - concern that it is over-specific - requires attribute encryption 
and digital signing. Notes that the proposal does not actually add new features.

Eve Maler -- viewed deadline as speaking more to new work items. Does not want to
add new protocols or extend deadlines.

Prateek -- What is the goal here? Is the goal to have a named profile?

Rick -- Yes, we would like to have a named profile that RFP's could point to.

Bob Morgan -- concern that the name Identification: urn:oasis:names:tc:SAML:2.0:profiles:x509authattributesharing
is very general but the profile description is very narrow.

Rick -- would changing the name URI be adequate to address this issue?

Conor Cahill -- can we not progress this document independent of SAML 2.0? This could be a committee draft that 
appears independently and later.

Frederick Hirsch -- can this not be discussed in the conformance document?

Rob Philpott -- Would it be adequate if the document were progressed as a committee draft for the folks interested
in the profile?

Rick -- will check back with the profile proponents.

Maryann Hondo -- What about getting WS-I involved?

Eve Maler -- explains that SAML has a process of registering profiles and this fits well within it.

Rick --- perhaps combination of conformance and committee draft status is the right fit?

Frederick, Scott --- the profile would point to certain conformance criteria; this raises the issue of whether there is 
adequate detail in the conformance document to support this profile.

Rob P. -- suggestion that the SAML 2.0 conformance document has all the knobs to support implementation of the profile.
Further, profile be progressed as a committee draft within SSTC. 

Rick -- withdraw current motion, reflecting the sentiments of the TC.


Scott -- Continued discussion of meta-data draft 2.4.1.1. Changes to treatment of encryption
key descriptor from original ID-FF 1.2 submission. Other changes to meta-data includes section
on meta-data signing and validation. Split up meta-data publication methods into two part.

Separate schema file for Enhanced client profile also published.

Rob --- Plan on track for going into last call next week.

Eve Maler - based on e-mail interactions W2a, W-4 and W-9 are now considered closed. What are the other documents 
that need to be progressed?

Rob - DIscuss remaining open work items next week.

Eve -- please add agenda item next week for discussion of editorial issues.

Frederick - please review security considerations with specific emphasis on SSO assertions and their role as 
a counter-measure.

Hal -- discussion of new "one-time use" text. 

Scott -- intention to add new material about relationship with clock skew.

Rob -- TC to review action items and send note to list about current status.

Meeting Adjourned.


















[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]