[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for 21-Jun SSTC con-call
Actions or votes have a * next to them. 1. Approve minutes from 7-Jun-2005 con-call: a. Minutes of SSTC Conference Call, 07-June-2005 >*no objections, accepted. 2. Pending CD edit status? a. metadata-ext [Eve: AI 213] b. X.509 Authn-based attribute protocol profile c. Thomas Grosz response paper >*Action: Rob to check with Eve on status of documents 3. John H: Groups - sstc-saml-tech-overview-2.0-draft-06.pdf uploaded a. Technical Overview - comments request > John H: Received several comments, need to review. > Nick R: 4 images that the left right order needs to be swapped. ECP Diagrams, show more endpoints. > Thomas: Do not associate logout with federation, move to SSO configuration or another section. Previous version labeled SSO Federation, current version should have that label. > John H: Please get comments to me quickly >*Action: John H to get feedback from Nick R and Thomas. Post any outstanding issues to list. John H to get new version out for next meeting (2 weeks). Need help with SAML 1.1 to 2.0 sections. Needs input from Eve on SAML 1.1 to SAML 2.0 4. Jahan: Errata. a. PE14 (Overlaps with PE5) - We agreed to vote on PE14 on this call >Motion to Eliminate PE5 in favor of PE14. >*Moved: Scott, no objections, accepted. >PE7 Still open - Rob to review >PE10 Still Open - Jahan >PE14 - Needs to vote (text to be accepted). >Scott: - not perfect but vast improvement >*Moved: Greg, no objections, accepted. >PE16 >Prateek: There is a gap here. Is the ECP going to generate the cookie or consume. Based on Nick and John Kemps response. Consensus was, ECP would consume. We need a sentence to explain this. >Connor: Want to make sure the ECP passes on the cookie. >Prateek: Seprate issue, sometimes the ECP will behave like an SP >Connor: Not sure it will. SP does a redirect and then back to get the cookie. SP doesn't do discovery it asks ECP to do it. >Nick: Liberty says it may use cookie to discover this. Devices find they don't already know >Connor: Not opposed to wording - If ECP can figure out where common domain is, it can use that. >Greg: No reason to preclude anything. >Prateek: Change the conformance matrix to include an option entry for identity discovery profile >Prateek: ECP acts as an SP as discussed in the profile >Prateek: 2nd, it doesn't pick anything >ECP chooses whatever is available to it to use >Scott: Line 725 - Language ill-chosen >Strike Line 725 >Mention this topic in guidelines >Prateek proposes: Close this item without making change to conformance matrix >Prateek: Open new errata to strike line 725 >Jahan motions to close this item without making change to conformance matrix >Nick: Difference between allowing someone to do this and interoperability testing. ECP can do a lot of thing >Connor: No requirement for ECP to use cookie >Nick: Ability to use cookie discover info is useful. Many ways ECP can do this, one of them is feature in matrix. Putting this as optional makes it possible to test this >Connor: ECP is not in the domain so profile needs to be changed >Nick: Nothing to prohibit the ECP from doing this >Prateek: These are implementation guidelines >Connor: Cookie always in client or in ECP, not up on host, stored on client. If ECP knows about cookie it can catch it on the fly. Question is how does it know that. >Nick: Multiple users from multiple security context. ECP doesn't know this until client declares this. >Connor: Your ECP needs to have the concept of a session >Nick: It can use ECP or discovery. One of these is listed in the matrix. One is list that the ECP might want conformance certified on. >Connor: Specs don't address using it fully on an ECP. Only way to do it is if Common Domain should be in meta data. Isn't in meta data because both systems would need servers that can access entities in that domain. >Nick: ECP will decide what common domain is applicable based on user agent. Taking context of request and figure out what domain it is placed in. >Nick: In the list because IDP discovery feature, give the opportunity if they can demonstrate to give them interoperability. >Nick: We should not remove this item and leave it. >Connor: I think it is confusing. >Prateek: As conformance editor I found it confusing. >*Motion to close errata with no change to conformance matrix >*Moved: Jahan, no objections, accepted. >PE17 >Thomas -Scott's e-mail has new text. >*Action: Hold on for next draft 5. Merritt: SAML Adoption Enhancement subcommittee a. Merritt provided first draft to chairs for review. >Prateek: Merritt's proposal to create sub-committee. >Rob: Wait for Merrit to get voting rights in TC. >Hal: Someone can offer to act as chair >*Action: Table for next meeting 6. Other list discussions and postings: a. Greg: Third-party AuthnRequest use case >Scott: Easy way to handle this is to add an extension and profile it. Text I proposed is not very nice. >Rob: Errata is one thing, changing spec is more of a process >Scott: Not in favor of errata text he is proposing >Rob: Any suggestions on how to proceed? Maybe we should keep it in the errata document so we have it for next rev of spec. >Scott: Believes Greg thinks it is pretty bad >Rob: Propose we do a new profile document for this >*Action item: Nick work with Scott and Greg to author new profile document. b. Prateek M: ECP operational mode and the identity provider discovery profile c. Jeff H: fyi: upcoming SAMLv2 Conformance Event d. Nick R: SAML over SOAP in a Multipart/Related MIME part of SwA? >Covered in discussion on list e. Nick R: PE2 and <ArtifactResolutionService> >Scott proposed new text with clarifications. >*Action: Nick R to send Scott text. f. Nick R: Potential Errata, HTTPS in URI Binding >*Action: Remove line 1349 text. Nick R to coordinate with Jahan g. Nick R: Adding Metadata to SAMLConf? A strawman >Scott: In Toronto, people claimed it is not testable so not in conformance document. >Nick R: If we adopt this, Liberty would have to re-examine metadata requirements >Nick R: Proposal is to add it to conformance document. Company doing conformance testing will have to come up with a way to test it. >Rob: This is a significant change to specification; we would need a new rev. of standard. >Nick R: Leave it all optional and refer to parts of metadata specification now. >Scott: If we can articulate it in a concrete form then we can add it to conformance. >*Action: Nick R to make a proposal to add an errata for this h. Ron M: [Fwd: [wss] Groups - SAML Token profile V1.1 - Working Draft 3 (withchanges) (WSS-SAML-TOKEN-PROFILE-1.1-wd-03.pdf) uploaded] > Rob: Please review this document and send comment to WSS TC i. Tom W: Authentication Response IssuerName vs. Assertion IssuerName j. Tom W: Affiliation ID k. Tom W: ECP SSO Profile and Metadata >Scott: Need clarification in the metadata section >*Action: Scott to take up with Jahan for an errata. Attendance of Voting Members Conor P. Cahill AOL, Inc. Hal Lockhart BEA Systems, Inc Steve Anderson BMC Software Rick Randall Booz Allen Hamilton Thomas Wisniewski Entrust Carolina Canales-Valenzuela Ericsson Dana Kaufman Forum Systems Irving Reid Hewlett-Packard Company Guy Denton IBM Heather Hinton IBM Anthony Nadalin IBM John Hughes Individual Nick Ragouzis Individual Scott Cantor Internet2 Bob Morgan Internet2 Frederick Hirsch Nokia Cameron Morris Novell Ari Kermaier Oracle Vamsi Motukuru Oracle Brian Campbell Ping Identity Darren Platt Ping Identity Alberto Squassabia Ping Identity Prateek Mishra Principal Identity Jim Lien RSA Security Rob Philpott RSA Security Jahan Moreh Sigaba Greg Whitehead Trustgenix Attendance of Non-Voting Members Gilbert Pilz BEA Systems, Inc. Attendance of Voting Members - Probation Abbie Barbir Nortel David Staggs Veteran's Health Admin Attendance of Applicants Merritt Maxim CA Attendance of Observers Martin Soukup Nortel Membership Status Changes Guy Denton IBM - Restored voting status due to 7 June dial-in issues Claude Louis-Charles BAE Systems - Requested membership 6/15/2005 Eve Maler Sun Microsystems - Requested Voting status 6/17/2005 Peter Michalek Individual - Lost Voting status after 6/21/2005 call Peter Davis NeuStar - Lost Voting status after 6/21/2005 call Paul Madsen NTT USA - Lost Voting status after 6/21/2005 call John Linn RSA Security - Lost Voting status after 6/21/2005 call Merritt Maxim CA - Requested membership 6/21/2005
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]