Minutes for the SSTC meeting on August 14, 2007 [DRAFT]

[Anil Saldhana <Anil.Saldhana@redhat.com>]

Proposed Agenda SSTC Concall, August 14, 2007

Dial in info: +1 865 673 6950
Access code: 270-9441#

Roll Call & Agenda Review
19 out of 22 voting members present, have quorum. Quorum was achieved


We need a volunteer to take minutes.  
Anil Saldhana, Red Hat


1. Approve minutes from July 31
http://lists.oasis-open.org/archives/security-services/200708/msg00006.html

Approved


2. Administrative

2.1 News: E-Authentication now supports SAML V2.0
http://lists.oasis-open.org/archives/security-services/200708/msg00010.html
Paul has updated the SSTC home page

2.2 Liberty Interoperability Testing coming up

- Eric:
* Registration information can be found on the liberty website.
* Still not public yet.
* Planning on a SAML interop workshop focusing on eGovernment. Sept 17-21.
* IEEE Head Quarters at Piscataway, NJ

2.3 SAML Auth Contexts extension work
http://wiki.enisa.europa.eu/index.php?title=Authentication_Interoperability

* Guest invited (Giles) from ENISA to discuss some informal work done on 
AuthContext extension.
* Giles-
  - collecting use cases on the wiki.
  - feels that it is relevant to the SAML standard.
  - Tokens issued from a government standard.
  - some way of abstracting info for easier understanding by users.
  - Privacy features of Authentication Token.
  - Reputation needs to be associated with authentication.
    -- E-Reputation an important aspect of authentication (Electonic 
Passwords/ID Cards)

* TC Questions:
  - Evidence that authentication context is used for Trust?
  - Some work going on in ITU Identity Group.
  - Scope of work for the TC.
    -- Either work with TC to standardize or develop it as a third party.
    -- Giles wants to standardize it via the TC.
  - Apart from the privacy(which is orthogonal), every other aspect 
seems to fit in the AuthContext work.
  - Privacy may be better handled in the authorization context language 
such as XACML TC.
  - The type of credential used for authentication has a privacy aspect 
which is in scope for this TC.

Conclusion:
Draw up a proposal and the TC can have a chartered discussion.
Next step from Giles is to create some requirements from SAML 
AuthenticationContext.


2.4 Metadata and DNSSEC
http://www.oasis-open.org/archives/saml-dev/200708/msg00001.html
and
http://www.oasis-open.org/archives/saml-dev/200708/msg00002.html

Conclusion: Normative change needed if there was a direct reference. If 
not, no change.

* General question from Bob Morgan about possible intersection between 
SAML and Kerberos (after
a recent topic from IETF)


3. Document Status

3.1 Docs on their way to Oasis Standard
3.1.1 Metadata Profile for the OASIS Security Assertion Markup Language
(SAML) V1.x
CS Version now done
OASIS admin notified 8/13

Conclusion:
- Mary has not reviewed them yet. 
- Will be a Oasis standard in a week or two

3.1.2 Metadata Extension for SAML V2.0 and V1.x Query Requesters
CS Version now done
OASIS admin notified 8/13

Conclusion:
- Same as 3.1.1

3.2 SAML V2.0 Errata
Public Review ended 31 July 2007
SSTC home page has been updated.  Next steps?

Conclusion:
- Since there have been zero public comments, we will need one more TC 
vote before taking it public.
- Hal motioned for acceptance of Errata Document. Eve seconded the motion.
- Unanimous Consent - APPROVED

3.3 Docs pending public review
2.3.1 Documents needing conformance clauses
*SAML V2.0 Attribute Sharing Profile for X.509 Authentication-Based
Systems (Tom maybe has done this)
*SAML V2.0 Deployment Profiles for X.509 Subjects (also Tom)

Conclusion:  Tom has uploaded the docs last week to Kavi.

*Identity Provider Discovery Service Protocol and Profile
*SAMLv2.0 HTTP POST "SimpleSign" Binding

Conclusion: TC members to review the conformance clauses (2 weeks time) 
before public review.

Eve's question: Orderly expiration of certs in metadata?
* Eve will ask for an email to be sent before the next meeting.
* Will need to be put on the next meeting's agenda


4 Other business

5 Action Items (as of 13 August 2007 05:30pm EDT)
 
#0286: Research the use of LDAP language tags
Owner: Bob Morgan
Status: Open
Assigned: 2007-04-11
Due: 2007-04-24

Conclusion: Bob is ready to close it.

#0283: Change final arrows to solid in Tech Overview diagrams throughout.
Owner: Paul Madsen
Status: Open
Assigned: 2007-03-27
Due: ---

Conclusion: Paul absent.

#0282: AuthnContextDecl and AuthnContextDeclRef Confusion
Owner: Eric Tiffany
Status: Open
Assigned: 2007-03-27
Due: ---

Conclusion: Leave it open to figure out where the explanatory text goes.
 



-- 
Anil Saldhana
Project/Technical Lead,
JBoss Security & Identity Management
JBoss, A division of Red Hat Inc.
http://labs.jboss.com/portal/jbosssecurity/