[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: SSTC con call minutes 2008-08-26
OASIS SSTC conference call minutes
2008-08-26
Scribe: RL "Bob" Morgan
** Action Summary
Voted to initiate a Committee Specification vote for (a revised version
of) the document "Subject-based Profiles for SAML V1.1 Assertions"
** Minutes
Roll Call & Agenda Review
1. Approve minutes from August 12, 2008
http://lists.oasis-open.org/archives/security-services/200808/msg00035.html
** Approved without comment
1b. Announcements
Jeff Hodges announced that he has left NeuStar and is now an individual
member of OASIS, and intends to continue participation in the TC.
2. Document Status
2.1 Subject-based Profiles for SAML V1.1 Assertions
http://wiki.oasis-open.org/security/SamlSubjectProfiles
Public review ended Aug 12
Brian: no comments received
Tom: two URIs need to be corrected, "1.1" should be "1.0"
not a big change?
Hal: should be no problem to fix
Brian: next step would be to vote as CD ...
Hal: move to approve to-be-revised doc as CD, Tom seconds
** Approved without comment
Hal: move to request TC Admin to conduct vote to move revised doc to
Committee Specification, Tom seconds
** Approved without comment
Tom will revise the doc, chairs will contact TC Admin
2.2 Holder-of-Key Web Browser SSO Profile
http://wiki.oasis-open.org/security/SamlHoKWebSSOProfile
Draft 6 uploaded last night
http://lists.oasis-open.org/archives/security-services/200808/msg00078.html
Nate: removed text supporting putting cert/key in authn request
also removed text supporting keys other than public keys in certs
in subject confirmation
Tom: any changes to section on use of metadata?
Nate: no, no alternative seems any better than current proposal
Brian: OK, discuss further on list
2.3 SAML V2.0 Holder-of-Key Assertion (formerly Subject Confirmation)
Profile
http://wiki.oasis-open.org/security/SAMLHoKSubjectConfirmation
Draft 2 on Aug 14 is latest
Comments in
http://lists.oasis-open.org/archives/security-services/200808/msg00049.html
and thread (also note item 3.1)
Tom: posted message to list on Aug 25 stating issues, request comments
from all members, especially those other than Scott
Scott: agree that the stated list is a good one
Brian: OK, discuss further on list
2.4 SAML V2.0 Information Card Token Profile
http://wiki.oasis-open.org/security/SAML2Infocard
Draft 2 on Aug 8 is the latest
Brian: has been no discussion
Scott: made several changes in latest draft
Microsoft released new ISIP version recently, haven't looked at it yet
this doc may not get to any formal status pending new IMI TC which may
want ownership of it
2.5 SAML V2.0 Metadata Interoperability Profile
http://wiki.oasis-open.org/security/SAML2MetadataIOP
Draft 1 on Aug 9
Comments in
http://lists.oasis-open.org/archives/security-services/200808/msg00038.html
and thread
Brian: has been much discussion on list
Scott: plan to produce draft 2
doc represents much work and deployment experience, so proposed
technical elements are well-grounded
Scott: questions on document status
5 docs are listed as CS as of March 27 2008
SimpleSign is to be worked on more, other 4 docs are "sitting there"
what are we waiting for to advance them further? just attestation?
Brian: just waiting on attestation ...
Scott: encourage members to attest to implementation of any of these
will make sure that attestations get listed on appropriate pages
Tom: not aware of any attestations on any of those docs
Scott: will look to see if new TC rules have changed format of
attestation
3. Discussion Threads
3.1 Should SAML 2.0 be compatible with XML Signature, Second Edition?
http://lists.oasis-open.org/archives/security-services/200808/msg00067.html
+ 70 & 71
Frederick: might want to update references
nothing should be broken, there is an "explain" doc with info
will send link to list
Tom: second edition is much improved, much better to reference it
eg in HoK specs
Frederick: new edition adds canonicalization 1.1 as required ...
3.2 Suggested HoK URIs and namespace prefixes (and derivative
conversations)
http://lists.oasis-open.org/archives/security-services/200808/msg00057.html
Tom: see latest discussion on list
4. Other business
Nate: Danish want to support localization in IdP discovery
can't just use XML "lang" tag since org entries are single-valued
Scott: thought they were multi-valued, but yes, they're single-
would require extension to fix, or actually ...
organization can have repeating child elements for name, displayname etc
so multiple language names can go in there
Nate: OK
David Staggs, VHA: looking for additional authors for doc on
cross-enterprise security and authorization
originally written to support health-care cases
5. Action Items (Report created 26 August 2008 09:10am EDT)
#0334: SSTC home page cleanup after and linking to content from AI#335
Owner: Brian Campbell
Status: Open
Assigned: 2008-05-28
Due: ---
Brian: finished, closed, thanks to Tom for moving material to wiki
#0333: Publish a new revision of Profile for Use of DisplayName in OASIS
template
Owner: Sampo Kellomki
Status: Open
Assigned: 2008-05-19
Due: ---
See below
#0332: Revise Query Extension for SAML AuthnReq
Owner: Sampo Kellomki
Status: Open
Assigned: 2008-05-19
Due: ---
Sampo intends to complete both items, happy to hand to someone else if
they'd like to see it done sooner
Tom: would much like to see item #332 completed ...
#0328: Revise SimpleSign
Owner: Jeff Hodges
Status: Open
Assigned: 2008-05-19
Due: ---
JeffH: intend to work on this item this week
** Attendance
Anil Saldhana has formally applied for leave of absence from August
6th to August 27th. Brian Campbell will substitute for Anil today.
Voting Members Present
----------------
George Fletcher AOL*
Rob Philpott EMC Corporation
John Bradley Individual
Jeff Hodges Individual
Scott Cantor Internet2
Nathan Klingenstein Internet2
Bob Morgan Internet2
Eric Tiffany Liberty Alliance Project
Tom Scavo National Center for Supercomputing Applications
Frederick Hirsch Nokia Corporation*
Srinath Godavarthi Nortel
Paul Madsen NTT Corporation*
Ari Kermaier Oracle Corporation
Hal Lockhart Oracle Corporation
Brian Campbell Ping Identity Corporation*
Eve Maler Sun Microsystems
Duane DeCouteau Veterans Health Administration
David Staggs Veterans Health Administration
Members Present
--------
Peter Davis NeuStar, Inc.*
Brett Burley Veterans Health Administration
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]