OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Draft minutes for 19 December 2006 SSTC meeting (minus roll data)


> 1. Roll Call & Agenda Review, Select Minute Taker
> 
> 2. Approve minutes from December 5 con-call
> http://www.oasis-open.org/archives/security-services/200612/msg00012.html
> 
> with correction:
> 
> http://www.oasis-open.org/archives/security-services/200612/msg00017.html

Corrected minutes APPROVED by unanimous consent.

AI: Prateek to post a cleanly corrected version of 5 Dec 2006 
minutes for reference.

2a. 2007 meeting schedule

We will skip the 2 Jan 2007 meeting because many people will still 
be on holiday.

Our first meeting of the new year will be 16 Jan 2006.

AI: Hal to post the 2007 meeting schedule in the OASIS calendar.

> 3. Security Services TC IPR Ballot
> 
> Ballot passed. TC will operate in RF on RAND terms as of December 26

Note the built-in delay before this takes effect.

In the interim, at least Entrust has dropped its membership. 
Members who have dropped during this period might decide to join 
again eventually.

Hal is looking into the status of documents drafted under the old 
rules but to be finished under the new rules.

> 4. Pending 60-day reviews - waiting on minor doc edits from authors (now
> complete)

Mary McRae had noted some minor editing and consistency errors. 
Paul has talked to Scott and JeffH about the status of fixes.

> Should the Simple Sign Binding be withdrawn from the Public Review?

http://www.oasis-open.org/committees/download.php/21433/draft-sstc-saml-binding-simplesign-cd-01.pdf

Scott had noted in email that a significant flaw has been found 
already in private review.  Since the start of the public review 
period was significantly delayed, the TC has an opportunity to 
withdraw it for public review in this call.

MOTION to cancel the 60-day public review of the SimpleSign 
document: Moved by Scott and seconded by Rob.
APPROVED by unanimous consent.

AI: Paul to pull together the links for the documents that will be 
going to public review.

AI: Scott to correct the SimpleSign document.  (He might "delegate" 
to JeffH...)

> 5. SAML V2.0 X.500/LDAP Attribute Profile
> 
> Vote for Committee Draft.

http://www.oasis-open.org/committees/download.php/20650/draft-sstc-saml-attribute-x500-01.pdf

This is the attribute profile that was originally part of SAML V2.0 
but had an erratum, PE53, that required a normative change to fix.

MOTION to take SAML V2.0 X.500/LDAP Attribute Profile to Committee 
Draft status: Moved by RLBob and seconded by Rob.
APPROVED by unanimous consent.

MOTION to take the SAML V2.0 X.500/LDAP Attribute Profile to public 
review with the rest of the ongoing public-review package: Moved by 
Scott and seconded by Peter.
APPROVED by unanimous consent.

AI: Scott to edit/assemble the OASIS-required forms of the SAML V2.0 
X.500/LDAP Attribute Profile CD for public review.

After this public review cycle is completed, we can safely decide on 
deprecation wording in response to PE53.

> 6. Documents Posted
> 
> SAML V2.0 Deployment Profiles for X.509 Subjects
> http://www.oasis-open.org/archives/security-services/200612/msg00024.html

http://www.oasis-open.org/committees/download.php/21568/sstc-saml2-profiles-deploy-x509-draft-01.pdf

Tom Scavo notes that this is first in a new document stream that 
came from the attribute-sharing profile draft.  The cornerstone of 
this new document is an attribute query for X.509 subjects.

There is an outstanding bug in the overall set of deployment 
profiles that has been fixed in this particular profile document, 
but not yet in the others.  The bug is that, in draft 10 of the 
attribute-sharing profile, the name qualifier on NameID had the 
value of the issuer DN, which goes against the SAML2 core spec (it's 
supposed to be omitted in the case of standard NameID formats).

http://www.oasis-open.org/committees/download.php/19054/sstc-saml-x509-authn-attrib-profile-draft-10.pdf

> 7. Need new Errata maintainer

Jahan Moreh is no longer able to participate in the TC.  The TC 
thanks him for his service!

Eve agrees to maintain both the working and OASIS-Standard-bound 
errata documents up through the 16 Jan 2006 meeting.  After that, 
someone else needs to step up.

> 8. Action Items
> 
> #0272: Errata around TLS keys in metadata
> Owner:
> Status: Open
> Assigned: 2006-12-19
> Due: ---

AI: Scott to send Eve his notes on the erratum.

AI: Eve to add a "TLS keys" erratum to the errata documents.

> #0271: submit a draft of an alternative approach to IdP Discovery on
> behalf of Shibboleth Project
> Owner: Scott Cantor
> Status: Open
> Assigned: 2006-12-19
> Due: 2007-01-31

Scott accepts this due date.

> #0270: Draft Errata re: IdP Discovery Profile
> Owner: Scott Cantor
> Status: Open
> Assigned: 2006-12-19
> Due: 2007-01-31

Scott accepts this due date.

> #0269: CDize errata based on draft 35
> Owner: Eve Maler
> Status: Open
> Assigned: 2006-09-25
> Due: ---

New due date of 16 Jan 2006.

> #0266: New deployment profile
> Owner: Tom Scavo*
> Status: Open
> Assigned: 2006-09-25
> Due: ---

Completed.

> #0265: Updated draft of X.500 attribute sharing deployment profile
> Owner: Ari Kermaier
> Status: Open
> Assigned: 2006-09-25
> Due: ---

In the title of this AI, s/X.500/X.509/

We don't know that Ari is willing to do this.

AI: Prateek to confirm that Ari is willing to take on AI #0265 and 
get a due date from him.

> 9. Other business

Eve notes that at the recent Internet Identity Workshop (IIW2006b), 
she and others got together to discuss ways in which SAML and OpenID 
could be used together.  Pat Patterson of Sun demonstrated a way of 
hooking up OpenID IdP discovery and metadata to a 100% SAML 
authentication/SSO cycle in his "Lightbulb" subproject of OpenSSO. 
Both the discussion and the demo were very well received.  Some 
profiling work may arise from this, which may show up in the SSTC at 
some point.  Contact Eve if you'd like more info.

JeffH had sent around information about the OASIS Adoption Forum, 
including highlights of SAML adoption.  Hal noted how gratifying it 
is to see that SAML is being assessed for suitability for existing 
use cases, and is being chosen as the best solution.

> 10. Adjourn

Adjourned at 12:43pm ET.

-- 
Eve Maler                                         +1 425 947 4522
Technology Director                           eve.maler @ sun.com
CTO Business Alliances group                Sun Microsystems, Inc.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]