RE: [security-services] Draft minutes (with attendance) of 11 Sep 2007 SSTC meeting

["Thiyagarajan, Lakshmi" <lakshmi.thiyagarajan@hp.com>]

Hi,
One minor Correction. Charles Knouse is with HP now.
-Lakshmi 

-----Original Message-----
From: Eve.Maler@Sun.COM [mailto:Eve.Maler@Sun.COM] 
Sent: Tuesday, September 11, 2007 9:45 AM
To: security-services@lists.oasis-open.org
Subject: [security-services] Draft minutes (with attendance) of 11 Sep
2007 SSTC meeting

Brian Campbell wrote:
> Proposed Agenda SSTC Concall, September 11, 2007

Meeting called to order at x:02.

> Roll Call & Agenda Review

13 (later 14) of 23 voting members present; quorum achieved.

Attending (voting members):
Jeff	Bohren	BMC Software
Brian	Campbell	Ping Identity
Scott	Cantor	Internet2
Frederick	Hirsch	Nokia
Eve	Maler	Sun Microsystems
Bob	Morgan	Internet2
Anthony	Nadalin	IBM
Rob	Philpott	EMC Corporation
Anil	Saldhana	Red Hat
Tom	Scavo	National Center for Supercomputing Applications
Kent	Spaulding	Tripod Technology Group
David	Staggs	Veteran's Health Admin
Lakshmi	Thiyagarajan	Hewlett-Packard Company
Emily	Xu	Sun Microsystems

Attending (non-voting members):
Jeff	Hodges	NeuStar
Ari	Kermaier	Oracle

Attending (observers):
Charles	Knouse	Oblix
Jason Woloz

> Need a volunteer to take minutes

Eve volunteered.

> 1. Approve minutes from August 28
> http://lists.oasis-open.org/archives/security-services/200708/msg00041
> .html

Minutes APPROVED without objection.

> 2. Administrative
> 2.1 Potential Erratum on 2nd-level status codes 
> http://lists.oasis-open.org/archives/security-services/200708/msg00053
> .html

The current wording in some locations appears to mandate the return of a
2nd-level code, which is excessive.  Rob reported the issue and Conor
followed up with suggested language.

AI: Eve to locate the link to the current "working errata" document and
follow up with Abbie Barbir (who we think volunteered) about getting the
new crop of errata recorded.

> 2.2 Potential Erratum with metadata and DNSSEC 
> http://lists.oasis-open.org/archives/security-services/200709/msg00014
> .html

AI: Peter Davis to recommend wording on potential erratum on metadata
and DNSSEC.

> 2.3 SAML 2.0 WSDL on SSTC home page?
> http://lists.oasis-open.org/archives/security-services/200709/msg00000
> .html

We'd like to consider a reorganization of the SSTC home page, which is
getting long and complicated.  Maybe we can use the wiki more cleverly
to get rid of the busyness.

AI: Brian to do a slightly invasive edit to the SSTC home page to point
to the wiki, and to the wiki to add a link to the WSDL.

> 3. Document Status
> 3.1 Docs on their way to OS
> Metadata Profile for the OASIS Security Assertion Markup Language 
> (SAML) V1.x & Metadata Extension for SAML V2.0 and V1.x Query 
> Requesters

> Ballot to submit for OASIS Standard Vote passed 
> http://lists.oasis-open.org/archives/security-services/200709/msg00001
> .html Submitted to OASIS admin on Friday 9/7/07

Brian has gotten the submission to Mary in time for the current review
cycle.

> 3.2 Docs pending public review
> 
> Pending 15 Day Review
> *SAML V2.0 Attribute Sharing Profile for X.509 Authentication-Based 
> Systems (CD 04) *SAMLv2.0 HTTP POST "SimpleSign" Binding (CD 02)
> 
> Pending 60 Day Review
> *SAML V2.0 Deployment Profiles for X.509 Subjects (CD 02) *Identity 
> Provider Discovery Service Protocol and Profile (CD 02)
> 
> Need AI(s) to submit for public review?

Brian believes that we simply need to submit them, with no other steps
required.  Tom wonders if Hal had already contacted Mary, but Brian
didn't see a cc: about this.

AI: Brian to follow up with Mary on correct next steps.

> 3.3 SAML v2.0 Errata
> Mary needs updated copies
> http://lists.oasis-open.org/archives/security-services/200708/msg00030
> .html (AI#305)

We think this was a very minor title-page cleanup, but can't recall the
holdup.  Brian has put the links to the latest revs on the SSTC home
page.  Abbie had taken the AI to do these edits.

AI: Eve to check with Mary on what edits were required and take care of
them (either by getting Abbie to do them or by doing them herself).

> 4 Discussions
> 
> 4.1 SAML metadata lifecycle issues
> Status

We haven't seen much more discussion on the list about this issue. 
No one wanted to speak up on the call to continue the conversation at
this juncture.

> 4.2 Proposal for extensions to Authentication Context Giles to attend 
> the Sept 25 call for discussion Hal was going to post some discussion

Be prepared for this discussion during the next call.

AI: Brian to follow up with Hal to make sure the latter's commentary on
Giles's authn context proposal goes out to the list in time.

> 5 Other business

None today.

> 6 Action Items (Report created 10 September 2007 11:26am EDT)
>  
> #0305: Prepare final version(s) of the SAML v2.0 Errata document
> Owner: Abbie Barbir
> Status: Open
> Assigned: 2007-08-23
> Due: ---

See above AIs for followup.  This remains open.

> #0304: Incorporate appropriate use of LDAP language tags in new LDAP 
> attr profile
> Owner: Scott Cantor
> Status: Open
> Assigned: 2007-08-23
> Due: ---

This remains open.

> #0283: Change final arrows to solid in Tech Overview diagrams 
> throughout.
> Owner: Paul Madsen
> Status: Open
> Assigned: 2007-03-27
> Due: ---

This was uploaded on July 31:

http://www.oasis-open.org/apps/org/workgroup/security/download.php/24832
/TechOvwGraphics02.zip

A check of a sample file (SSO-SP-POST) shows that the first step
("access resource") and last step ("supply resource") are dotted, as are
the authentication steps ("challenge for credentials" and "user login").
Is this correct?

AI: Eve to check with Paul Madsen about whether arrows are correct in
the Tech Overview diagrams and about publishing a rev of the doc with
the corrected versions.

Meeting adjourned at x:30.

-- 
Eve Maler                                         +1 425 947 4522
Technology Director                           eve.maler @ sun.com
CTO Business Alliances group                Sun Microsystems, Inc.