[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: SSTC con call minutes 2008-08-26
OASIS SSTC conference call minutes 2008-08-26 Scribe: RL "Bob" Morgan ** Action Summary Voted to initiate a Committee Specification vote for (a revised version of) the document "Subject-based Profiles for SAML V1.1 Assertions" ** Minutes Roll Call & Agenda Review 1. Approve minutes from August 12, 2008 http://lists.oasis-open.org/archives/security-services/200808/msg00035.html ** Approved without comment 1b. Announcements Jeff Hodges announced that he has left NeuStar and is now an individual member of OASIS, and intends to continue participation in the TC. 2. Document Status 2.1 Subject-based Profiles for SAML V1.1 Assertions http://wiki.oasis-open.org/security/SamlSubjectProfiles Public review ended Aug 12 Brian: no comments received Tom: two URIs need to be corrected, "1.1" should be "1.0" not a big change? Hal: should be no problem to fix Brian: next step would be to vote as CD ... Hal: move to approve to-be-revised doc as CD, Tom seconds ** Approved without comment Hal: move to request TC Admin to conduct vote to move revised doc to Committee Specification, Tom seconds ** Approved without comment Tom will revise the doc, chairs will contact TC Admin 2.2 Holder-of-Key Web Browser SSO Profile http://wiki.oasis-open.org/security/SamlHoKWebSSOProfile Draft 6 uploaded last night http://lists.oasis-open.org/archives/security-services/200808/msg00078.html Nate: removed text supporting putting cert/key in authn request also removed text supporting keys other than public keys in certs in subject confirmation Tom: any changes to section on use of metadata? Nate: no, no alternative seems any better than current proposal Brian: OK, discuss further on list 2.3 SAML V2.0 Holder-of-Key Assertion (formerly Subject Confirmation) Profile http://wiki.oasis-open.org/security/SAMLHoKSubjectConfirmation Draft 2 on Aug 14 is latest Comments in http://lists.oasis-open.org/archives/security-services/200808/msg00049.html and thread (also note item 3.1) Tom: posted message to list on Aug 25 stating issues, request comments from all members, especially those other than Scott Scott: agree that the stated list is a good one Brian: OK, discuss further on list 2.4 SAML V2.0 Information Card Token Profile http://wiki.oasis-open.org/security/SAML2Infocard Draft 2 on Aug 8 is the latest Brian: has been no discussion Scott: made several changes in latest draft Microsoft released new ISIP version recently, haven't looked at it yet this doc may not get to any formal status pending new IMI TC which may want ownership of it 2.5 SAML V2.0 Metadata Interoperability Profile http://wiki.oasis-open.org/security/SAML2MetadataIOP Draft 1 on Aug 9 Comments in http://lists.oasis-open.org/archives/security-services/200808/msg00038.html and thread Brian: has been much discussion on list Scott: plan to produce draft 2 doc represents much work and deployment experience, so proposed technical elements are well-grounded Scott: questions on document status 5 docs are listed as CS as of March 27 2008 SimpleSign is to be worked on more, other 4 docs are "sitting there" what are we waiting for to advance them further? just attestation? Brian: just waiting on attestation ... Scott: encourage members to attest to implementation of any of these will make sure that attestations get listed on appropriate pages Tom: not aware of any attestations on any of those docs Scott: will look to see if new TC rules have changed format of attestation 3. Discussion Threads 3.1 Should SAML 2.0 be compatible with XML Signature, Second Edition? http://lists.oasis-open.org/archives/security-services/200808/msg00067.html + 70 & 71 Frederick: might want to update references nothing should be broken, there is an "explain" doc with info will send link to list Tom: second edition is much improved, much better to reference it eg in HoK specs Frederick: new edition adds canonicalization 1.1 as required ... 3.2 Suggested HoK URIs and namespace prefixes (and derivative conversations) http://lists.oasis-open.org/archives/security-services/200808/msg00057.html Tom: see latest discussion on list 4. Other business Nate: Danish want to support localization in IdP discovery can't just use XML "lang" tag since org entries are single-valued Scott: thought they were multi-valued, but yes, they're single- would require extension to fix, or actually ... organization can have repeating child elements for name, displayname etc so multiple language names can go in there Nate: OK David Staggs, VHA: looking for additional authors for doc on cross-enterprise security and authorization originally written to support health-care cases 5. Action Items (Report created 26 August 2008 09:10am EDT) #0334: SSTC home page cleanup after and linking to content from AI#335 Owner: Brian Campbell Status: Open Assigned: 2008-05-28 Due: --- Brian: finished, closed, thanks to Tom for moving material to wiki #0333: Publish a new revision of Profile for Use of DisplayName in OASIS template Owner: Sampo Kellomki Status: Open Assigned: 2008-05-19 Due: --- See below #0332: Revise Query Extension for SAML AuthnReq Owner: Sampo Kellomki Status: Open Assigned: 2008-05-19 Due: --- Sampo intends to complete both items, happy to hand to someone else if they'd like to see it done sooner Tom: would much like to see item #332 completed ... #0328: Revise SimpleSign Owner: Jeff Hodges Status: Open Assigned: 2008-05-19 Due: --- JeffH: intend to work on this item this week ** Attendance Anil Saldhana has formally applied for leave of absence from August 6th to August 27th. Brian Campbell will substitute for Anil today. Voting Members Present ---------------- George Fletcher AOL* Rob Philpott EMC Corporation John Bradley Individual Jeff Hodges Individual Scott Cantor Internet2 Nathan Klingenstein Internet2 Bob Morgan Internet2 Eric Tiffany Liberty Alliance Project Tom Scavo National Center for Supercomputing Applications Frederick Hirsch Nokia Corporation* Srinath Godavarthi Nortel Paul Madsen NTT Corporation* Ari Kermaier Oracle Corporation Hal Lockhart Oracle Corporation Brian Campbell Ping Identity Corporation* Eve Maler Sun Microsystems Duane DeCouteau Veterans Health Administration David Staggs Veterans Health Administration Members Present -------- Peter Davis NeuStar, Inc.* Brett Burley Veterans Health Administration
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]