[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: draft minutes (w/o attendance) SSTC concall 20-May-2008
============================================================================ SSTC/SAML concall Tue May 20 09:10:06 PDT 2008 ---------------------------------------------------------------------------- minutes by =JeffH proposed agenda: http://lists.oasis-open.org/archives/security-services/200805/msg00050.html AI summary ---------- AI: BC signs up to help Eve on SSTC home page revamp AI: PM to address this bug in Technical Overview CD-02 Section 4.6 AI: SSTC at large to be prepared to discuss/consider xspa-saml-profile-01 as a work item on next call Brian Campbell wrote: > (Added 4.4 at the suggestion of David Staggs) > > Proposed Agenda SSTC Conference Call > May 20, 2008, 12:00pm ET > > Dial in info: +1 215 446 3648 > Access code 270-9441# > > Roll Call & Agenda Review > > Need a volunteer to take minutes > > > 1. Approve minutes from May 6, 2008 > http://lists.oasis-open.org/archives/security-services/200805/msg00024.html Brian Campbell (bc): approved by unanimous consent. > 2. Administrative > > 2.1 SSTC Home Page > Eve Maler (closing out AI#327) submitted proposal > http://lists.oasis-open.org/archives/security-services/200805/msg00033.html Eve (em) working on this. see msg on list.. "AI #0327: Draft proposal for SSTC home page cleanup" Eve doesn't want to "loose data", wishing to have folks looking over her shoulder and to take action items and help do editing AI: BC signs up to help Eve - will connect offline on specifics Scott Cantor(sc): proposes that the wiki "saml dev" discussion forum shud be shut down and pointed to saml-dev@ list Jeff Hodges (jh) agrees, as does em > 2.2 Updating Specification Status after ballots > http://lists.oasis-open.org/archives/security-services/200805/msg00042.html bc: references Fredericks msg on the topic, he thinks that this won't affect us in near term. msg thread beginning 19-May-2008 entitled "[security-services] FW: [chairs] Updating Specification Status after ballots" bc: so if anyone has questions, can ask Mary and/or BC; but otherwise thinks we proceed as we are and see what happens, if anything > 3. Document Status > > 3.1 Subject-based Profiles for SAML V1.1 Assertions > (Re)Submitted to TC Admin for initial public review on May 19th bc: just fyi, wrt these docs... > 3.3 Holder-of-Key Web Browser SSO Profile > AIs #329, 330 & 331 > > 3.4 Proposal: Query Extension for SAML AuthnReq > AI #332 > > 3.5 Proposal: Profile for Use of DisplayName > AI #333 bc: ..all above, just want to do bookkeeping on them, no additional discussion today? we just need to track the AIs (will cover them again at the end of this meeting..) > 4 Other business > 4.1 Error in Technical Overview CD-02 Section 4.6 > http://lists.oasis-open.org/archives/security-services/200805/msg00027.html bc: Rob noticed this, treatment of signatures on the response. see msg above. seems to be something we shud fix pm: I'm most recent editor, will fix it. AI: PM to address this bug in Technical Overview CD-02 Section 4.6 > 4.2 SAML 2.0 Interoperability Testing > http://lists.oasis-open.org/archives/security-services/200805/msg00026.html > http://projectliberty.org/liberty_interoperable/events/saml_2_0_interoperabi > lity_test Eric Tiffany (et): any questions on this? read the msgs and sign up if yer interested. > 4.3 X509SubjectAltName or full cert as in nameid? > http://lists.oasis-open.org/archives/security-services-comment/200805/msg00002.html bc: discussion btwn David Kemp & Tom Scavo wrt SubjectAltNames as a NameIdentifier, or perhaps entire cert Tom Scavo (ts): so david is basically wondering about the attr sharing profile which is at CS stage, he's suggesting that perhaps somethg other than (just) x.509 SubjectNamem might be used as NameIdentifier. ts: suggested that if he has something specific in mind, he should make his suggestions more explicit. ts doesn't plan on doing anything unless others also believe should be done. sc: agrees with TS that just using SubAltName might not be enough granularity [disc of all the name types in SubAltName... general agreement that suggestion isn't specific enough...] bc: so pending any further discussion at this time, wait for him to reply.. where do we have NameIDFormats that apply to SubjectAltName?... Hal Lockhart (hl): in section 8.3 in -core- we have these name types... [general agreement that they might map, but not directly nor conguently, but something cud be done...] > 4.4 Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of > SAML & XSPA TC > http://lists.oasis-open.org/archives/security-services/200805/msg00048.html [note draft spec attached to above message: xspa-saml-profile-01] david staggs (ds): HITSP (health info tech stds panel) -- trying to create a "transaction package" for health info package(s) -- hoping SAML TC can help do this correctly, want to create a profile for American health info council use case -- attached a draft of such a profile to that message, hope the TC can pick up as a work item and do it correctly xspa-saml-profile-01 "Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of Security Assertion Markup Language (SAML)" bc: what do you want us to do? advise or progress the doc? ds: the latter, would be a good idea to do this in the SSTC em: criterion for doing this in sstc is eg wide applicability of such a profile if widely applicable maybe we shud do it here... ds: likely users/deployers will be government-wide most likely, so pretty wide applicability em: so we should hear more about it ds: HITSP needs to identify/reference "Standards", rather that cook up own profile a la GSA did with eGov effort, so really needs this to run thru a group like SSTC rob philpott (rp): we've done such w/x.508 attr profile, but this draft spec looks more govt-specific -- there's a lot of health-care specific stuff in this draft spec -- so perhaps another health-specific group shoudl progress this, ds: IHG has looked at this, but they are out of bandwidth,and we think oasis might be a good one too, so up to sstc to figure out whether sstc wants to just comment or progress it or whatever...also this new TC that's being created (by TS), it might take it on... XSPA - Cross Security Privacy Authz TC looking for conveners (talked to e.g. EM) mostly of interest to those serving health care. [discussion/queries wrt the HITSP IPR policies and ramifications thereof] em: was this sent to sstc as submission or ? ds: this is a proposed work item... em: so there are default IPR mode wrt sstc... hl: but that applies to only sstc output...and with stuff sent to the (list) archives means that there's some default IPR licensing on that stuff upon submission ds: getting back to the spec... hl: suggests defer it to next call, can review before then and then consider the request on next call... bc: concurs... AI: SSTC at large to be prepared to discuss/consider xspa-saml-profile-01 as a work item on next call > 5 Action Items (Report created 19 May 2008 04:36pm EDT) > #0333: Publish a new revision of Profile for Use of DisplayName in OASIS > template > Owner: Sampo Kellomki > Status: Open > Assigned: 2008-05-19 > Due: --- remains open > #0332: Revise Query Extension for SAML AuthnReq > Owner: Sampo Kellomki > Status: Open > Assigned: 2008-05-19 > Due: --- remains open > #0331: Revise Holder-of-Key Web Browser SSO Profile to make X.509 mandatory > to implement > Owner: Nathan Klingenstein > Status: Open > Assigned: 2008-05-19 > Due: --- remains open > #0330: Revise Holder-of-Key Web Browser SSO Profile to make clear what 'TLS' > means, i.e. SSL 3, TLS 1, or TLS 1.1 > Owner: Nathan Klingenstein > Status: Open > Assigned: 2008-05-19 > Due: --- remains open > #0329: Revise Holder-of-Key Web Browser SSO Profile WRT Authn Statements > Owner: Nathan Klingenstein > Status: Open > Assigned: 2008-05-19 > Due: --- remains open > #0328: Revise SimpleSign > Owner: Jeff Hodges > Status: Open > Assigned: 2008-05-19 > Due: --- remains open Additional business? --------------------------------- em: any thoughts from IIW that are saml-relevant? [no answer] **meeting adjorned** ============================================================================
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]