[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes from Oct 10 Conference Call
SSTC/SAML concall Tue 10/10/2006 9:01:28 AM ---------------------------------------------------------------------------- > > 1. Roll Call & Agenda Review, Appoint Secretary duly performed VOTING MEMBERS ----------------------- Bhavna Bhatnagar Brian Campbell Carolina Calales-Valenzuela Scott Cantor Peter Davis Frederick Hisch Jeff Hodges John Hughes Chris Laskowski Hal Lockhart Paul Madsen Eve Maler Prateek Mishra Jahan Moreh Bob Morgan Anthony Nadalin Ashish Patel Rob Phillpot Tom Scavo david Staggs Eric Tiffany Greg Whitehead Thomas Wisniewski Emily Xu 24/28 voting members present Abbie Barbir Guy Denton Jim Lien Rebekah Metz Michael Bowman Greg Desmarais John Moerhke > > 2. Approve minutes from Sep 26 con-call > http://lists.oasis-open.org/archives/security-services/200609/msg00051.h > tml accept via unanimous consent > > 3. SAML TC IPR Transition Ballot failed > > http://lists.oasis-open.org/archives/security-services/200610/msg00003.h > tml > > RSA Statement > > http://lists.oasis-open.org/archives/security-services/200610/msg00000.h > tml hal lockhart(hl): 3 diff IPR modes. we can take as many ballots on which mode between now and apr-2007. feels a ballot for plain RAND would fail in this TC. there's some support apparently for RF-RAND. EMC-RSA stmt speaks for itself, they need some time to think about which IPR mode is acceptable for them. Folks need to confer in their companies and figure out what IPR mode is acceptable for them, and then we can re-ballot. scott cantor(sc): we don't want to waste time holding a ballot if we have companies that need to figure out where they sit. hl: concerned that after 2..3 months of discussing this that folks weren't ready to vote. rob philpott(rp): working with EMC-RSA internally, looking like some possibility to go for RF-RAND > 4. Informational > > a. The following documents were submitted to OASIS for 15 day Public > Review > > i. Metadata Profile for the OASIS Security Assertion Markup Language > (SAML) V1.x > ii. SAML Metadata Extension for Query Requesters > iii. SAML Protocol Extension for Third-Party Requests <no comments> > Public Review has not begun > > b. SAML Basics Slide Presentation Updated > http://lists.oasis-open.org/archives/security-services/200610/msg00002.h > tml eve maler(em):open for use, no sun slide template, one can simply credit eve as appropriate. ready for use now. > c. Replacement for original X.500/LDAP attribute profile posted > http://www.oasis-open.org/apps/org/workgroup/security/download.php/20650 > /draft-sstc-saml-attribute-x500-01.pdf sc: just a copy of earlier version except for moving the Encoding="LDAP" attribute up to a higher level element. hl: please review and send comments to the list > 5. Discussion on List > > b. X.509 Subject/Deployment Profiles > http://lists.oasis-open.org/archives/security-services/200609/msg00065.h > tml Tom Scavo(ts): ari is drafting a new rev of profiles, ts is working on a deployment profile. there is some work that needs to be done before its ready to submit to archive (per sc's comments). > 6. CD Vote > > a. Simple Sign Binding > http://www.oasis-open.org/apps/org/workgroup/security/download.php/20561 > /draft-hodges-saml-binding-simplesign-02.pdf > > > 7. Public Review Vote (first time - 60 days) > > a. Shared Credentials > http://www.oasis-open.org/apps/org/workgroup/security/download.php/20482 > /draft-sstc-saml-protocol-ext-rac-cd-03.pdf > http://www.oasis-open.org/apps/org/workgroup/security/download.php/20484 > /draft-sstc-saml-context-ext-sc-cd-03.pdf > http://www.oasis-open.org/apps/org/workgroup/security/download.php/20486 > /sstc-saml-protocol-ext-rac.xsd > http://www.oasis-open.org/apps/org/workgroup/security/download.php/20487 > /sstc-saml-context-ext-sc.xsd > http://www.oasis-open.org/apps/org/workgroup/security/download.php/20488 > /sstc-saml-authn-context-ext-unique.xsd > http://www.oasis-open.org/apps/org/workgroup/security/download.php/20487 > /sstc-saml-context-ext-sc.xsd > > b. Text-based Challenge Response > http://www.oasis-open.org/apps/org/workgroup/security/download.php/20480 > /sstc-saml-text-based-challenge-response-authn-context-class-cd-01.pdf > http://www.oasis-open.org/apps/org/workgroup/security/download.php/20481 > /sstc-saml-authncont-ext-tcr2.xsd > > c. Simple Sign Binding (If previously voted CD) > http://www.oasis-open.org/apps/org/workgroup/security/download.php/20561 > /draft-hodges-saml-binding-simplesign-02.pdf jeff hodges(jh): explains the changes to the -02 rev of the HTTP POST-SimpleSign draft jh: moves that this goes to CD sc: 2nds [motion carries via unanimous consent] hl: do we have a motion to move a,b,c to pub review? paul madsen(pm): so moves tom wizneuski(tw)??: 2nds [motion carries via unanimous consent] > 5. Discussion on List > > a. Tech Overview Updated > http://lists.oasis-open.org/archives/security-services/200610/msg00014.h > tml em: describes edits in the document ts: will make a minor agreed-upon change to doc pm: describes editing effort to get a non-monolithic html doc that's more useful abbie barbir(ab): but this'll goto itu-t eventually and they use word and thus needs to be manually re-edited, witness his effort to re-edit SAMLv2 specs to word [digression wrt word, OpenOffice, etc] hl: water is under bridge wrt our using .odt format pm: I'll just do the manual editing to do a multi-part .html rev, .5 hr, will just have to re-do it when there's substantive rev to the spec. em: ok, so we have out answer em: continues describing updates that are in the queue to this overview. one item is a non-trivial aspect, eg describing attained security properties hl: thinks that putting the concepts into context security-wise is a reasonable thing to do em: we'll send the chunk of text to the list such that we can get feedback quickly em: old line 591, sec 3.5, sugg here is that it's too detailed, breaks up the flow, move to end of main section? rp: move this stuff to sec 5? hl: likes rob's suggestion em: figure 5 ought to be re-done? rp: fig 5 looks good to him. described as a typical example of containment. hl: genericizing the containment is likely reasonable jh: yes, [points to "how to learn saml" doc, ensuing discussion of adopting that doc into overview] hl: jh should cast that doc as an sstc draft and submit it so copyright et al is ok jh: will do em: now discussing of holder-of-key hl: which brings up confirmation method, which a signal invention sc: tho it has evolved into something somewhat different in SAMLv2 em & hl welcome such a contrib em: and this will feature SAML's unique value-add sc: timeline? em: do in a week? sc: will try em: new line # 628, sec 4.1.1, ques about adding an advanced topic here wrt RelayState. perhaps RelayState needs to be described in more detail pm: there's privacy implications of RelayState, need to be careful sc: one can make claim it's not worth discussing, and as well as discussing in detail. eg if have unsolicited response, don't need it. hl: perhaps at too detailed level rp: it has its uses, perhaps shd discuss it sc: but there's limitations to it, and it is not in metadata and is an out of band agreement, etc gw: so there's perhaps usefulness to defining that behavior [in some appr fashion] em: consensus is to mention it here with approp caveats? not add "advanced topic" stuff? gw,rp,sc: yes, yes. em: new line 635, sec 4.1.2, step 3 of redirect post, just after fig 15. [peering at it... ] looks like it is correct now em: new line 655, sec 4.1.3, immed above fig 16, describe how to do artifact exchange? via a "swooping" line? several: swoooping is fine em: this is the old fig, need to redo anyway [disc of diagram and the comment em is responding to. gnarly details elided.] em: moving onto single logout -- there's several scenarios now, shall we cull it to one ? rp: there's 3 now.... hl: one is sufficient (?) rp: but there's salient differences.... em: so keep the two mult SP scenarios, and drop the single SP one, cuz propogating the logout is what is interesting.... em: sec 4.4.1.... jim lien(jl)??: had two diff comments there.... em: may have made a mistake on pasting.... em: now the sec on allowCreate? sec 4.4.3 rp: need to describe allowCreate how it works pm: will craft some text.... em: new line , sec 4.4.4, transient pseudonyms... someone didn't like the membership number, perhaps we shud use some sort of membership status em: new sec 4.5, but left in old 4.4.5, in comparison, do we want to show a flow that shows just attrs being exchanged? do we want to show the two diff flows? if not, will delete 4.4.5 rp: never liked it em: out it goes modulo objections.... em: last stuff is about validity periods and artifact identifiers em: now taking suggestions for things that were diffs btwn saml v1.x and saml v2 that trips them up? [no suggestions right off] jl: to clarify comment on nameid format -- its not applicable anymore hl: noone should be planning an implementation around this overview doc, and the details are in the normative docs... > 8. Errata Update > > No new document published. Official Errata document in progress. hl: eve is still working on putting errat doc in form for new oasis errata process. > > 9. Open AIs > > #0269: CDize errata based on draft 35 > Owner: Eve Maler > Status: Open > Assigned: 2006-09-25 > Due: --- still open > > #0268: CD-cize Shared Credentials doc > Owner: Ashish Patel > Status: Open > Assigned: 2006-09-25 > Due: --- done. > > #0267: Chairs to move docs to new public review > Owner: > Status: Open > Assigned: 2006-09-25 > Due: --- done. > > #0266: New deployment profile > Owner: Tom Scavo* > Status: Open > Assigned: 2006-09-25 > Due: --- still open. > > #0265: Updated draft of X.500 attribute sharing deployment profile > Owner: Ari Kermaier > Status: Open > Assigned: 2006-09-25 > Due: --- still open. > > #0263: NameID and the use of SPProvidedID > Owner: Jahan Moreh > Status: Open > Assigned: 2006-07-18 > Due: --- still open. > > #0262: Creation of the "new" LDAP/X.500 profile > Owner: Scott Cantor > Status: Open > Assigned: 2006-07-18 > Due: --- done. > > #0261: Chairs to contact GUIDE for follow-up > Owner: > Status: Open > Assigned: 2006-07-18 > Due: --- still open. > > #0240: Status of SAML 2.0 submission to ITU T > Owner: Abbie Barbir > Status: Open > Assigned: 2005-11-08 > Due: --- still open. hl: assigned numbers for the specs are set and wont be changed. em: thx to tom scavo, has been updating the saml doc template, has current refs that are accurate, will post when done sc: what about ack's section? em: will endeavor to cover that too. will maintain all this as a continually-updated "working doc" --- end
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]