OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: SSTC con call minutes 2008-08-26




OASIS SSTC conference call minutes
2008-08-26
Scribe:  RL "Bob" Morgan

** Action Summary

  Voted to initiate a Committee Specification vote for (a revised version
  of) the document "Subject-based Profiles for SAML V1.1 Assertions"

** Minutes

Roll Call & Agenda Review

1. Approve minutes from August 12, 2008
http://lists.oasis-open.org/archives/security-services/200808/msg00035.html

** Approved without comment

1b.  Announcements

Jeff Hodges announced that he has left NeuStar and is now an individual
member of OASIS, and intends to continue participation in the TC.

2. Document Status

2.1 Subject-based Profiles for SAML V1.1 Assertions
http://wiki.oasis-open.org/security/SamlSubjectProfiles
Public review ended Aug 12

Brian:  no comments received
Tom:  two URIs need to be corrected, "1.1" should be "1.0"
   not a big change?
Hal:  should be no problem to fix
Brian:  next step would be to vote as CD ...
Hal:  move to approve to-be-revised doc as CD, Tom seconds
** Approved without comment
Hal:  move to request TC Admin to conduct vote to move revised doc to
   Committee Specification, Tom seconds
** Approved without comment
Tom will revise the doc, chairs will contact TC Admin

2.2 Holder-of-Key Web Browser SSO Profile
http://wiki.oasis-open.org/security/SamlHoKWebSSOProfile
Draft 6 uploaded last night
http://lists.oasis-open.org/archives/security-services/200808/msg00078.html

Nate:  removed text supporting putting cert/key in authn request
   also removed text supporting keys other than public keys in certs
     in subject confirmation
Tom:  any changes to section on use of metadata?
Nate:  no, no alternative seems any better than current proposal
Brian:  OK, discuss further on list

2.3 SAML V2.0 Holder-of-Key Assertion (formerly Subject Confirmation)
Profile
http://wiki.oasis-open.org/security/SAMLHoKSubjectConfirmation
Draft 2 on Aug 14 is latest
Comments in
http://lists.oasis-open.org/archives/security-services/200808/msg00049.html
and thread (also note item 3.1)

Tom:  posted message to list on Aug 25 stating issues, request comments
   from all members, especially those other than Scott
Scott:  agree that the stated list is a good one
Brian:  OK, discuss further on list

2.4 SAML V2.0 Information Card Token Profile
http://wiki.oasis-open.org/security/SAML2Infocard
Draft 2 on Aug 8 is the latest

Brian:  has been no discussion
Scott:  made several changes in latest draft
   Microsoft released new ISIP version recently, haven't looked at it yet
   this doc may not get to any formal status pending new IMI TC which may
     want ownership of it

2.5 SAML V2.0 Metadata Interoperability Profile
http://wiki.oasis-open.org/security/SAML2MetadataIOP
Draft 1 on Aug 9
Comments in
http://lists.oasis-open.org/archives/security-services/200808/msg00038.html
and thread

Brian:  has been much discussion on list
Scott:  plan to produce draft 2
   doc represents much work and deployment experience, so proposed
     technical elements are well-grounded

Scott:  questions on document status
   5 docs are listed as CS as of March 27 2008
   SimpleSign is to be worked on more, other 4 docs are "sitting there"
   what are we waiting for to advance them further?  just attestation?
Brian:  just waiting on attestation ...
Scott:  encourage members to attest to implementation of any of these
   will make sure that attestations get listed on appropriate pages
Tom:  not aware of any attestations on any of those docs
Scott:  will look to see if new TC rules have changed format of
   attestation

3.  Discussion Threads

3.1 Should SAML 2.0 be compatible with XML Signature, Second Edition?
http://lists.oasis-open.org/archives/security-services/200808/msg00067.html
+ 70 & 71

Frederick:  might want to update references
   nothing should be broken, there is an "explain" doc with info
   will send link to list
Tom:  second edition is much improved, much better to reference it
   eg in HoK specs
Frederick:  new edition adds canonicalization 1.1 as required ...

3.2 Suggested HoK URIs and namespace prefixes (and derivative 
conversations)
http://lists.oasis-open.org/archives/security-services/200808/msg00057.html

Tom:  see latest discussion on list


4. Other business

Nate:  Danish want to support localization in IdP discovery
   can't just use XML "lang" tag since org entries are single-valued
Scott:  thought they were multi-valued, but yes, they're single-
   would require extension to fix, or actually ...
   organization can have repeating child elements for name, displayname etc
     so multiple language names can go in there
Nate:  OK

David Staggs, VHA:  looking for additional authors for doc on
   cross-enterprise security and authorization
   originally written to support health-care cases


5. Action Items  (Report created 26 August 2008 09:10am EDT)

#0334: SSTC home page cleanup after and linking to content from AI#335
Owner: Brian Campbell
Status: Open
Assigned: 2008-05-28
Due: ---

Brian:  finished, closed, thanks to Tom for moving material to wiki

#0333: Publish a new revision of Profile for Use of DisplayName in OASIS
template
Owner: Sampo Kellomki
Status: Open
Assigned: 2008-05-19
Due: ---

See below

#0332: Revise Query Extension for SAML AuthnReq
Owner: Sampo Kellomki
Status: Open
Assigned: 2008-05-19
Due: ---

Sampo intends to complete both items, happy to hand to someone else if
   they'd like to see it done sooner
Tom:  would much like to see item #332 completed ...

#0328: Revise SimpleSign
Owner: Jeff Hodges
Status: Open
Assigned: 2008-05-19
Due: ---

JeffH:  intend to work on this item this week


** Attendance

Anil Saldhana has formally applied for leave of absence from August
6th to August 27th.  Brian Campbell will substitute for Anil today.

Voting Members Present
----------------
George Fletcher      AOL*
Rob Philpott     EMC Corporation
John Bradley     Individual
Jeff Hodges     Individual
Scott Cantor     Internet2
Nathan Klingenstein     Internet2
Bob Morgan     Internet2
Eric Tiffany     Liberty Alliance Project
Tom Scavo     National Center for Supercomputing Applications
Frederick Hirsch     Nokia Corporation*
Srinath Godavarthi     Nortel
Paul Madsen     NTT Corporation*
Ari Kermaier     Oracle Corporation
Hal Lockhart     Oracle Corporation
Brian Campbell     Ping Identity Corporation*
Eve Maler     Sun Microsystems
Duane DeCouteau     Veterans Health Administration
David Staggs     Veterans Health Administration

Members Present
--------
Peter Davis     NeuStar, Inc.*
Brett Burley     Veterans Health Administration


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]