Re: [security-services] Minutes, SSTC Concall, Feb 26, 2008

[Anil Saldhana <Anil.Saldhana@redhat.com>]

Hi Tom,
   thank god I recognized your voice as yours. Rest of the speakers I 
just assumed to be Scott. :) I guess I will blame myself for being under 
the weather (my state has worsened now).

I will wait for a couple of days to see if there are any other changes 
and then send amended minutes.

Regards,
Anil

Tom Scavo wrote:
> Hi Anil,
> 
> A few minor corrections to the minutes below.
> 
> On Tue, Feb 26, 2008 at 1:23 PM, Anil Saldhana <Anil.Saldhana@redhat.com> wrote:
>> Roll Call & Agenda Review
>>
>>  Voting Members:
>>  Hal Lockhart    BEA Systems, Inc.
>>  Rob Philpott    EMC Corporation
>>  Scott Cantor    Internet2
>>  Bob Morgan      Internet2
>>  Eric Tiffany    Liberty Alliance Project
>>  Tom Scavo       National Center for Supercomputing Applica...
>>  Peter Davis     Neustar, Inc.
>>  Jeff Hodges     Neustar, Inc.
>>  Frederick Hirsch Nokia Corporation
>>  Paul Madsen     NTT Corporation
>>  Ari Kermaier    Oracle Corporation
>>  Brian Campbell  Ping Identity Corporation
>>  Anil Saldhana   Red Hat
>>  Emily Xu        Sun Microsystems
>>  Kent Spaulding  Tripod Technology Group, Inc.
>>  David Staggs    Veterans Health Administration
>>
>>  Members: None
>>  Observers: None
>>
>>  16 out of 21 Voting Members - Quorum Achieved
>>
>>  Membership Status Change
>>  Lost Voting Status - Abbie Barbir(Nortel), Eve Maler (Sun) and Charles
>>  Knouse (HP)
>>
>>  Scott Cantor requested that at the end of each rollcall (future
>>  meetings), the observers need to be reminded that they cannot speak or
>>  make comments during the meeting.
>>
>>  Need a volunteer to take minutes
>>  Anil Saldhana
>>
>>  1. Approve minutes from Feb 12, 2008
>>  http://lists.oasis-open.org/archives/security-services/200802/msg00009.html
>>
>>  Approved
>>
>>  Administrative:
>>  Hal talks about Oasis IDTrust Steering Committee sponsored IDTrust08
>>  workshop at NIST.
>>     - TC members (SAML and XACML) speaking at the conference.
>>     - The chairs have received a preview proposal from Internet2 on SSO
>>  profile using TLS (Order of Key).
> 
> The profile requires holder-of-key subject confirmation, not "Order of Key."
> 
>>  3. Document Status
>>
>>  3.1 Five specs finished public review and are [slowly] on their way to CS
>>
>>  No public comment during review but some necessary minor changes
>>
>>  * SAMLv2.0 HTTP POST "SimpleSign" Binding
>>  - Had/has broken references
>>
>>  *Identity Provider Discovery Service Protocol and Profile
>>  ?
>>
>>  * SAML V2.0 Attribute Sharing Profile for X.509 Authentication-Based Systems
>>  ?
>>
>>  * SAML V2.0 Deployment Profiles for X.509 Subjects
>>  - Needs a minor change to the terminology previously introduced in the
>>  conformance section
>>
>>  * SAML V2.0 LDAP/X.500 Attribute Profile
>>  - Need to add Mark Wahl as a contributor.
>>
>>
>>  Brian: Not much public comment. Need some necessary minor changes.
> 
> No public comment was received.
> 
>>  Brian: Not aware of any issues associated with some profiles; hence
>>  marked as ?
>>         -- Need to move these drafts into community drafts.
>>         -- Mark Wahl needs to be added in the appendix.
>>         -- Next week, we need to have a CD vote.
>>
>>  Hal: We can do the voting as a batch.
>>
>>  Tom: Is there a need for fresh uploads of these documents?
>>  Hal: If there are no changes, then they can be left as committee drafts.
>>
>>
>>
>>  3.2 Technical Overview
>>  http://www.oasis-open.org/committees/download.php/25411/sstc-saml-tech-overview-2.0-draft-14.pdf
>>
>>  Much discussion:
>>  http://lists.oasis-open.org/archives/security-services/200802/msg00005.html
>>  + msgs 12-26
>>  Where do we stand?
>>
>>  Brian: No clear agreement/disagreement.
>>  Tom: No changes have been yet made.
>>      -- I will incorporate Frederick's comments.
> 
> Paul Madsen made the above remarks.  Frederick's comments will be found here:
> 
> http://www.oasis-open.org/archives/security-services/200802/msg00035.html
> 
>>  3.3 Subject-based Profiles for SAML V1.1 Assertions
>>  http://lists.oasis-open.org/archives/security-services/200801/msg00003.html
>>  and definition of "strongly matches"
>>  http://lists.oasis-open.org/archives/security-services/200801/msg00025.html
>>  [still] Awaiting further discussion.
>>
>>  Brian: Things have been pretty much silent.  Very little discussion
>>  happened.
>>  Tom: Uploaded Draft 2 this morning.
>>       -- Two changes - motivating text in introduction and definition of
>>  strongly matches.
>>       -- Close to completion.
>>   From Tom's email:
>>  http://www.oasis-open.org/apps/org/workgroup/security/download.php/27337/sstc-saml1-profiles-assertion-subject-draft-02.pdf
>>  http://www.oasis-open.org/apps/org/workgroup/security/download.php/27338/sstc-saml1-profiles-assertion-subject-draft-02-diff.pdf
>>
>>
>>  "I added some motivating text to the Introduction (along the lines of
>>  what Brian asked about) and added a working definition of "strongly
>>  matches" in section 2.5.  Much of the remaining profile depends on
>>  this definition, so if you're okay with that (as Scott pointed out),
>>  then the rest of the profile follows easily."
>>
>>  Brian: Encourage everyone to take a look.
>>
>>
>>  4 Errata
>>
>>  4.1 (AI#311) Additions/Adjustments to PE65 Second-level StatusCode
>>
>>  http://lists.oasis-open.org/archives/security-services/200802/msg00027.html
>>
>>  Abbie is handling this.
>>  **Scott has volunteered to maintain the errata document.**
>>
>>
>>  5 Other business
>>
>>  Silence.
>>
>>
>>  6 Action Items (Report created 25 February 2008 04:28pm EST)
>>
>>  #0323: Make errata on orig spec with correct reference in place of
>>  draft-mealling-uuid-urn-05.txt
>>  Owner: Jeff Hodges
>>  Status: Open
>>  Assigned: 2008-02-11
>>  Due: 2008-03-11
>>
>>  Scott will take care of this.  Reassigned to Scott.
>>
>>
>>  #0311: Propose specific document changes required for PE-65
>>  Owner: Scott Cantor
>>  Status: Open
>>  Assigned: 2007-10-23
>>  Due: 2008-03-11
>>
>>
>>  Call Adjourned