Summary:
Moved SAML Protocol
Extensions for Third-Party Requests and SAML Metadata Extension for Query
Requesters to Committee Draft status, and moved to submit same to OASIS for
public review.
Actions:
Editors (Scott / Eve) to make necessary changes to the
above specifications for Committee Draft status.
Chairs (Prateek) to submit the documents to OASIS for
public review.
Rob Philpott / Rick Randall: Make sure changes to
resolve Action Item #0242: "Recommended text for SAML Attr Sharing
Profile" are made.
Jahan Moreh: open a Potential Erratum based on http://www.oasis-open.org/archives/saml-dev/200603/msg00017.html
1.
Roll Call
Voting Members
Bhavna
|
Bhatnagar
|
Sun Microsystems
|
Sharon
|
Boeyen
|
Entrust
|
Brian
|
Campbell
|
Ping Identity
|
Carolina
|
Canales-Valenzuela
|
Ericsson
|
Frederick
|
Hirsch
|
Nokia
|
Jeff
|
Hodges
|
NeuStar
|
Dana
|
Kaufman
|
Forum Systems
|
Hal
|
Lockhart
|
BEA Systems, Inc
|
Eve
|
Maler
|
Sun Microsystems
|
Prateek
|
Mishra
|
Oracle
|
Bob
|
Morgan
|
Internet2
|
Vamsi
|
Motukuru
|
Oracle
|
Ashish
|
Patel
|
France Telecom
|
Rob
|
Philpott
|
RSA Security
|
Rick
|
Randall
|
Booz Allen Hamilton
|
Irving
|
Reid
|
Hewlett-Packard Company
|
David
|
Staggs
|
Veteran's Health Admin
|
Eric
|
Tiffany
|
IEEE Industry Standards
|
Greg
|
Whitehead
|
Hewlett-Packard Company
|
Thomas
|
Wisniewski
|
Entrust
|
Non-Voting Members
Abbie
|
Barbir
|
Nortel
|
Colin
|
Wallis
|
NZ State Svcs Commission
|
Emily
|
Xu
|
Sun Microsystems
|
OASIS Staff
Jamie Clark
2. Approve minutes from 28-Feb con-call
http://www.oasis-open.org/archives/security-services/200602/msg00067.html <http://www.oasis-open.org/archives/security-services/200602/msg00067.html>
Approved.
3. Election of Co-Chair
Hal Lockhart, BEA elected Co-Chair, SSTC
http://www.oasis-open.org/archives/security-services/200603/msg00010.html <http://www.oasis-open.org/archives/security-services/200603/msg00010.html>
Thanks to Abbie Barbir and Hal Lockhart for their interest in the SSTC.
Election is complete, Hal is the
new co-chair. Congratulations.
4. Remarks from Colin Wallis on Emerging Crypto Algs SAML Conf Spec
http://www.oasis-open.org/apps/org/workgroup/security/download.php/16936/556735_1.pdf
Colin
Wallis: Government security folks in New Zealand (GCSB) have published new
specifications on crypto algorithm selection, in parallel with work coming out
of NIST and similar bodies. In particular, government agencies are leaning
toward Elliptic Curve cryptography. Currently the crypto algorithms recommended
by SAML are those supported by W3C, so changes may need to be made there.
Rob Philpott: Also some concern with availability of implementations for
emerging algorithms.
Hal Lockhart: There is not currently any effort at W3C to investigate new
cryptographic algorithms or other security issues. Doesn't feel that SAML
should go out on a limb and profile new crypto.
Rob: Should we include some explanatory text about why we list the algorithms
we do?
Colin: That would be helpful
5. Remarks from Abbie Barbir, Olivier Dubuisson, on ITU-T
standardization status
Prateek Mishra: Some question
about the role of errata in the ITU-T standardisation process
Abbie Barbir: Thought that errata could be ignored, but on closer review some
are required for interoperability.
Rob: None are normative changes, but some are clarification of intent.
Abbie: Erratum #36 is an example of one that is significant. For an implementer
of the ITU-T version of the spec, lack of access to the errata would cause
grief.
Abbie: Could publish errata as non-normative ITU-T note
Jamie: ITU-T want to put their stamp on a stable version; they need to
understand that our errata do not indicate an unstable specification.
...
Jamie: ITU-T only want to deal with things that are declared OASIS Standard; need
to be more formal about real specs, while having a non-normative channel to
convey to users of the ITU-T versions of the specs that there is an errata
process within OASIS.
Prateek: As Rob suggested, perhaps the TC needs to declare the current set of errata
as a CD.
Abbie: This could add a significant turnaround time
Rob: Would CD be enough for ITU-T, or does it have to be OASIS standard?
...
Abbie: We don't need to rework our errata, we just need to
publish a current version at a stable location so that the ITU-T version of the
spec can refer to it.
6. CD Vote (Full
Majority Vote Required)
a.
http://www.oasis-open.org/apps/org/workgroup/security/download.php/16913/draft-sstc-saml-protocol-ext-thirdparty-01.pdf <http://www.oasis-open.org/apps/org/workgroup/security/download.php/16913/draft-sstc-saml-protocol-ext-thirdparty-01.pdf>
b.
http://www.oasis-open.org/apps/org/workgroup/security/download.php/16914/sstc-saml-protocol-ext-thirdparty.xsd <http://www.oasis-open.org/apps/org/workgroup/security/download.php/16914/sstc-saml-protocol-ext-thirdparty.xsd>
c.
http://www.oasis-open.org/apps/org/workgroup/security/download.php/16910/draft-sstc-saml-metadata-ext-query-01.pdf <http://www.oasis-open.org/apps/org/workgroup/security/download.php/16910/draft-sstc-saml-metadata-ext-query-01.pdf>
d.
http://www.oasis-open.org/apps/org/workgroup/security/download.php/16911/sstc-saml-metadata-ext-query.xsd <http://www.oasis-open.org/apps/org/workgroup/security/download.php/16911/sstc-saml-metadata-ext-query.xsd>
Hal: should we schedule an electronic ballot? Do we need
to go through Mary for that?
Some
agreement expressed.
Jeff Hodges: Move that the
committee declare the four specs listed in 6.(a)-(d) to be Committee
Drafts.
Rob: seconds
No discussion, no
objections. Motion carries.
Editor (Scott / Eve) will
make the necessary changes to the documents, and add them to the CD section of
the web page
Hal: Moves that these
documents go to public review once the CD changes are made.
Jeff: seconds
No discussion, no
objections. Motion carries.
Chairs are directed to
prepare the documents and submit them to OASIS for public review.
7. Active Threads
a.
*Audience Restriction nit... <msg00001.html>*
http://www.oasis-open.org/archives/security-services/200603/msg00001.html <http://www.oasis-open.org/archives/security-services/200603/msg00001.html>
b. *Additional errata for PE45*
http://www.oasis-open.org/archives/security-services/200603/msg00007.html
c.
*SubjectConfirmation errata < msg00008.html>*
http://www.oasis-open.org/archives/security-services/200603/msg00008.html
Interested folks are not on the call.
Rob: is there anything on
the saml-dev list that needs TC consideration?
Prateek: anyone want to
bring one of those issues before the TC?
Rob: do we want to create
an erratum around the artifact format discussion, such as the point that format
0x04 was intended to be mandatory to implement?
Prateek: Action for Jahan:
saml-dev message number 17 in March (http://www.oasis-open.org/archives/saml-dev/200603/msg00017.html) contains
a potential erratum.
8. Open AIs
#0250: PE 43
Owner: Heather Hinton
Status: Open
Assigned: 2006-02-13
Due: ---
No discussion.
--------------------------------------------------------------------------------
#0248: Provide draft of IBM's SAML 2.0 research report
Owner: Anthony Nadalin
Status: Open
Assigned: 2006-02-13
Due: ---
No discussion.
--------------------------------------------------------------------------------
#0245: Per 17-Jan con-call: Greg W. to propose some clarifying text for
the attribute profile section re: the issues discussed on the call.
Owner: Greg Whitehead
Status: Open
Assigned: 2006-01-30
Due: ---
No discussion.
--------------------------------------------------------------------------------
#0242: Recommended text for SAML Attr Sharing Profile
Owner: Rob Philpott
Status: Open
Assigned: 2006-01-17
Due: ---
Rob: changes must be put
in the document before it goes to public review. Rob to sync up with Rick
Randall to make sure changes are made.
--------------------------------------------------------------------------------
#0240: Status of SAML 2.0 submission to ITU T
Owner: Olivier Dubuisson
Status: Open
Assigned: 2005-11-07
Due: ---
Discussed above.
--------------------------------------------------------------------------------
#0238: Plan for red-line versions of SAML 2.0
Owner: Eve Maler
Status: Open
Assigned: 2005-11-07
Due: ---
No discussion.
--------------------------------------------------------------------------------
#0230: SAML Conformance SSL/TLS requirements
Owner: Eric Tiffany
Status: Open
Assigned: 2005-09-12
Due: ---
No
discussion.
Any other business? No.
Call for updates to
attendee list.
Rob moves to adjourn.