[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [security-services] Minutes: SSTC Conference Call, July 5
Minutes of SSTC Conference Call, July
5
1. Accept minutes from June 21 conference call
http://lists.oasis-open.org/archives/security-services/200506/msg00149.html
--- Minutes accepted with no objections.
2. Errata Update and Review
n Added two more items.
n Scott sent some feedback to the list
n PE 17 and 18 are still open
n Looking at PE 17 as documented in draft 10 of the errata (No objections, passed)
n Moving on to PE 18 (Came from discussions from Nick, hold on the vote until July 19th)
3. Edit status of CD documents
(NOTE: new OASIS
rules also require HTML versions of CD documents)
i. sstc-saml1x-metadata (AI #213)
available from
http://www.oasis-open.org/apps/org/workgroup/security/documents.php?close_folder_id=1348#folder_1348
--- Eve this should be done
ii. SAML 2.0 meta-data extension (AI #213)
-- In progress, also the overview document.
iii. SSTC Response to "Security Analysis of SAML SSO Browser/Artifact Profile"
Please e-mail SSTC list if you wish to have your name listed as a contributor.
iv. .509 Authn attribute protocol
Needs post-CD edits as described in AI #224. Action is Rob and Rick are to update with required edits. Wait to next SSTC call
-- Eve, did a lot of cut and paste (on i-iii), fixed name spaces, hopefully i-iii are ok. Need to check about HTML versions. Will do more testing and work on HTML
4. Technical Overview Status (John Hughes)
-- John, progress has been slow, 70/80 percent done. Eve will do the 1.0/2.0 comparison stuff after they hand her the document. Expect a draft before the next call.
5. SAML Adoption Subcommittee Status (Merritt
Maxim)
http://lists.oasis-open.org/archives/security-services/200506/msg00117.html
--- Waiting for more info/status. Better feedback on next call.
6. Recent Threads
--- Need to confirm if both cases will lead to no action.
i. Rejecting SAML Requests (SOAP Binding) - Thomas Wisniewski
http://lists.oasis-open.org/archives/security-services/200506/msg00121.html
--- There is a statement ion SOAP bing about when to fault. Need to make sure where it applies (whether we know the issuer or not). Up to the implementer to determine the kind of response to generate (SOAP fault vs SAML error).
--Eve, it may be at the SAML level not the SOAP level.
-- XXX: What if we do not know the sender.
-- If we can logically process the message then we should send SAML fault, if we can not then SOAP fault.
n If we can not verify the signature, we should do a silent drop (no response). Thye situation also depend if we have validated the sender or not. Properly might send a response if we choose to.
n Hal: Generating a SOAP fault may not mean sending a message (Terminology may be vague). Configuration determines if a message is sent.
n XXX: WSA allow the fault to be sent into a different location.
n SOAP fault says sending it in a massage. ( Many discussions)
n Eve: we may need to provide more info such as an implementation guideline.
n XXX: AT least we should say if you respond, you should do it this way.
n AI: Conner is assigned the above action. (Look at Thomas thread and propose a solution based on your comments)
ii. ECP SSO Profile and Metadata - Greg Whitehead
http://lists.oasis-open.org/archives/security-services/200506/msg00131.html
n Worked on it for some time. Greg any action that need to be taken.
n XXX: Need to propose an ERRATA for this (end point is SOAP, should point to consumer data, when processing at the SOAP level ………..)
n Action item on Thomas to propose a solution.
8. Open AIs
#0228: Adding Metadata to SAMLConf? |
Owner: Nick Ragouzis |
Status: Open |
Assigned: 2005-07-04 |
Due: --- |
|
#0227: Potential Errata, HTTPS in URI Binding |
Owner: Nick Ragouzis |
Status: Open |
Assigned: 2005-07-04 |
Due: --- |
|
#0226: PE2 and ArtifactResolutionService |
Owner: Nick Ragouzis |
Status: Open |
Assigned: 2005-07-04 |
Due: --- |
|
#0225: Third-party AuthnRequest use case |
Owner: Scott Cantor |
Status: Open |
Assigned: 2005-07-04 |
Due: --- |
|
#0224: Re-work X.509 Authn attribute protocol profile to address SSTC comments. |
Owner: Rick Randall |
Status: Open |
Assigned: 2005-06-20 |
Due: --- |
|
#0223: Proposal for subcommittee to address enhancing SAML Adoption. |
Owner: |
Status: Open |
Assigned: 2005-06-20 |
Due: --- |
|
#0216: Formulate some suggested redline text for E7 for review. |
Owner: Jahan Moreh |
Status: Open |
Assigned: 2005-03-30 |
Due: --- |
|
#0213: Prepare final CD draft of metadata-1x document and submit it to OASIS |
Owner: Eve Maler |
Status: Open |
Assigned: 2005-03-29 |
Due: --- |
|
#0210: Links to new IPR policy to be sent to SSTC |
Owner: Rob Philpott |
Status: Open |
Assigned: 2005-03-15 |
Due: --- |
|
#0180: Need to update SAML server trust document |
Owner: Jeff Hodges |
Status: Open |
Assigned: 2004-07-12 |
Due: --- |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]