Draft minutes (with attendance) of 11 Sep 2007 SSTC meeting

["Eve L. Maler" <Eve.Maler@Sun.COM>]

Brian Campbell wrote:
> Proposed Agenda SSTC Concall, September 11, 2007

Meeting called to order at x:02.

> Roll Call & Agenda Review

13 (later 14) of 23 voting members present; quorum achieved.

Attending (voting members):
Jeff	Bohren	BMC Software
Brian	Campbell	Ping Identity
Scott	Cantor	Internet2
Frederick	Hirsch	Nokia
Eve	Maler	Sun Microsystems
Bob	Morgan	Internet2
Anthony	Nadalin	IBM
Rob	Philpott	EMC Corporation
Anil	Saldhana	Red Hat
Tom	Scavo	National Center for Supercomputing Applications
Kent	Spaulding	Tripod Technology Group
David	Staggs	Veteran's Health Admin
Lakshmi	Thiyagarajan	Hewlett-Packard Company
Emily	Xu	Sun Microsystems

Attending (non-voting members):
Jeff	Hodges	NeuStar
Ari	Kermaier	Oracle

Attending (observers):
Charles	Knouse	Oblix
Jason Woloz

> Need a volunteer to take minutes 

Eve volunteered.

> 1. Approve minutes from August 28 
> http://lists.oasis-open.org/archives/security-services/200708/msg00041.html

Minutes APPROVED without objection.

> 2. Administrative
> 2.1 Potential Erratum on 2nd-level status codes 
> http://lists.oasis-open.org/archives/security-services/200708/msg00053.html

The current wording in some locations appears to mandate the return 
of a 2nd-level code, which is excessive.  Rob reported the issue and 
Conor followed up with suggested language.

AI: Eve to locate the link to the current "working errata" document 
and follow up with Abbie Barbir (who we think volunteered) about 
getting the new crop of errata recorded.

> 2.2 Potential Erratum with metadata and DNSSEC
> http://lists.oasis-open.org/archives/security-services/200709/msg00014.html

AI: Peter Davis to recommend wording on potential erratum on 
metadata and DNSSEC.

> 2.3 SAML 2.0 WSDL on SSTC home page?
> http://lists.oasis-open.org/archives/security-services/200709/msg00000.html

We'd like to consider a reorganization of the SSTC home page, which 
is getting long and complicated.  Maybe we can use the wiki more 
cleverly to get rid of the busyness.

AI: Brian to do a slightly invasive edit to the SSTC home page to 
point to the wiki, and to the wiki to add a link to the WSDL.

> 3. Document Status
> 3.1 Docs on their way to OS
> Metadata Profile for the OASIS Security Assertion Markup Language (SAML)
> V1.x & Metadata Extension for SAML V2.0 and V1.x Query Requesters

> Ballot to submit for OASIS Standard Vote passed
> http://lists.oasis-open.org/archives/security-services/200709/msg00001.html
> Submitted to OASIS admin on Friday 9/7/07

Brian has gotten the submission to Mary in time for the current 
review cycle.

> 3.2 Docs pending public review
> 
> Pending 15 Day Review
> *SAML V2.0 Attribute Sharing Profile for X.509 Authentication-Based
> Systems (CD 04)
> *SAMLv2.0 HTTP POST "SimpleSign" Binding (CD 02)
> 
> Pending 60 Day Review
> *SAML V2.0 Deployment Profiles for X.509 Subjects (CD 02)
> *Identity Provider Discovery Service Protocol and Profile (CD 02)
> 
> Need AI(s) to submit for public review?

Brian believes that we simply need to submit them, with no other 
steps required.  Tom wonders if Hal had already contacted Mary, but 
Brian didn't see a cc: about this.

AI: Brian to follow up with Mary on correct next steps.

> 3.3 SAML v2.0 Errata
> Mary needs updated copies
> http://lists.oasis-open.org/archives/security-services/200708/msg00030.html (AI#305)

We think this was a very minor title-page cleanup, but can't recall 
the holdup.  Brian has put the links to the latest revs on the SSTC 
home page.  Abbie had taken the AI to do these edits.

AI: Eve to check with Mary on what edits were required and take care 
of them (either by getting Abbie to do them or by doing them herself).

> 4 Discussions
> 
> 4.1 SAML metadata lifecycle issues
> Status

We haven't seen much more discussion on the list about this issue. 
No one wanted to speak up on the call to continue the conversation 
at this juncture.

> 4.2 Proposal for extensions to Authentication Context 
> Giles to attend the Sept 25 call for discussion
> Hal was going to post some discussion

Be prepared for this discussion during the next call.

AI: Brian to follow up with Hal to make sure the latter's commentary 
on Giles's authn context proposal goes out to the list in time.

> 5 Other business

None today.

> 6 Action Items (Report created 10 September 2007 11:26am EDT)
>  
> #0305: Prepare final version(s) of the SAML v2.0 Errata document
> Owner: Abbie Barbir
> Status: Open
> Assigned: 2007-08-23
> Due: ---

See above AIs for followup.  This remains open.

> #0304: Incorporate appropriate use of LDAP language tags in new LDAP
> attr profile
> Owner: Scott Cantor
> Status: Open
> Assigned: 2007-08-23
> Due: ---

This remains open.

> #0283: Change final arrows to solid in Tech Overview diagrams
> throughout.
> Owner: Paul Madsen
> Status: Open
> Assigned: 2007-03-27
> Due: ---

This was uploaded on July 31:

http://www.oasis-open.org/apps/org/workgroup/security/download.php/24832/TechOvwGraphics02.zip

A check of a sample file (SSO-SP-POST) shows that the first step 
("access resource") and last step ("supply resource") are dotted, as 
are the authentication steps ("challenge for credentials" and "user 
login").  Is this correct?

AI: Eve to check with Paul Madsen about whether arrows are correct 
in the Tech Overview diagrams and about publishing a rev of the doc 
with the corrected versions.

Meeting adjourned at x:30.

-- 
Eve Maler                                         +1 425 947 4522
Technology Director                           eve.maler @ sun.com
CTO Business Alliances group                Sun Microsystems, Inc.