[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Resend - Oasis SSTC Meeting Minutes (Oct7, 2008)
Roll call: ======== Voting Members: Brian Campbell Ping Identity Scott Cantor Internet2 Jeff Hodges Individual Ari Kermaier Oracle Hal Lockhart BEA Systems, Inc Paul Madsen NTT Corporation Frederick Hirsch Nokia Tom Scavo NCSA David Staggs Veteran's Health Admin Eric Tiffany Liberty Alliance Project George Fletcher AOL Srinath Godavarthi Nortel John Bradley Individual Duane DeCouteau Veteran's Health Admin Anil Saldhana Red Hat Brett Burley Veteran's Health Admin Kent Spaulding Tripod Technology Group Members: Bob Morgan Internet2 Emily Xu Sun Microsystems Peter Davis NeuStar Quorum Reached: 17 out of 20 Voting Members Membership Status Changes: Gained Voting Status (Emily Xu and Peter Davis). Lost Voting Status (Nate Klingenstein) Anil Saldhana wrote: > ============================================================================ > > sstc/saml concall minutes Tue Oct 7 09:09:50 PDT 2008 > ---------------------------------------------------------------------------- > > > co-chair Brian Campbell (bc) presiding. > > ------------------- > Action Item Summary: > > * AI -- Dave Staggs & Duane DeCouteau to revise XSPA SAML Profile doc, > incorp'g > ScottC's comments, and re-publish to list. > >> > Note: Fixed link to 9/23 minutes and added several items to section 2. >> > >> > Proposed Agenda SSTC Conference Call >> > October 7, 2008, 12:00pm ET >> > >> > Dial in info: +1 215 446 3648 >> > Access code 270-9441# >> > >> > Roll Call & Agenda Review > Roll call: > ======== > Voting Members: > Brian Campbell Ping Identity > Scott Cantor Internet2 > Jeff Hodges Individual > Ari Kermaier Oracle > Hal Lockhart BEA Systems, Inc > Paul Madsen NTT Corporation > Frederick Hirsch Nokia > Tom Scavo NCSA David Staggs Veteran's Health Admin > Eric Tiffany Liberty Alliance Project > George Fletcher AOL > Srinath Godavarthi Nortel John Bradley Individual Duane > DeCouteau Veteran's Health Admin > Anil Saldhana Red Hat > Brett Burley Veteran's Health Admin > Kent Spaulding Tripod Technology Group > > Members: > Bob Morgan Internet2 > Emily Xu Sun Microsystems > Peter Davis NeuStar Quorum Reached: 17 out of 20 Voting Members > Membership Status Changes: Gained Voting Status (Emily Xu and Peter > Davis). Lost Voting Status (Nate Klingenstein) >> > >> > Need a volunteer to take minutes > > =JeffH (jh) volunteered. > > >> > 1. Minutes from SSTC/SAML concall September 23, 2008 >> > >> http://lists.oasis-open.org/archives/security-services/200809/msg00052.html > > > > > duly approved by unanimous consent. > > >> > 2. Document Status >> > >> > 2.1 Subject-based Profiles for SAML V1.1 Assertions >> > http://wiki.oasis-open.org/security/SamlSubjectProfiles >> > New CS ballot set to close end of 10/6 and currently has 74% 'yes' > > ballot appears to be successful. > > will do ballot for a CS version after we hear from Mary, yes Tom? > > tom scavo (ts): yes > > >> > 2.2 SAML V2.0 Holder-of-Key Assertion Profile (draft 4) >> > >> http://lists.oasis-open.org/archives/security-services/200810/msg00006.html > > > > > bc: TS had too questions wrt this item... followup on list or now? > > ts: scott brought up the encoding issue, consider this open, this is > the most > important issue at this point. > > Scott Cantor (sc): don't know if there's any parts of w3c sec group on > this > call, but tried to relay on the list...seems the w3c folk want to keep it > unspecified... > > [see > http://lists.oasis-open.org/archives/security-services/200809/msg00063.htm > > l > and > http://lists.oasis-open.org/archives/security-services/200810/msg00001.html > > ] > > > bc: tend to agree with you that we should leave this unspec'd > > sc: not that concerned about it, the w3c folk think it shd remain > unspec'd, we > need to remember to profile this down in any future spec that touches > on this > > hl: thought it was unambiguously defined by algorithm identifiers.. > > sc: no, this is cert encoding -- so they left it as-is because there > are other > cert encodings folks might want to use, but aren't in practice, but.... > > bc: ok, so this remains open for further discussion... > > ts: so we'll leave this open for further comment > > >> > 2.3 Cross-Enterprise Security and Privacy Authorization (XSPA) >> Profile of >> > SAML for Healthcare >> > >> http://lists.oasis-open.org/archives/security-services/200809/msg00062.html > > > > > bc: scott supplied longish comments, but no followups as yet > > ds: got great comments from scott, detailed ones, don't want to change > draft > just yet, want to left folks think about making it a CD and then > rolling in > the comments > > fyi, actually parts of this profile were demonstrated in London last week > under the covers in XACML context. have folks digested it enough to > make it a > CD at this point. > > bc: think we probably want to roll changes and such into it before > going to CD > > sc: agree, going to CD then gets more formal > > ds: ok, that makes sense to me, will take an AI to incorp scotts > comments, put > it back on list and get more comments. > > >> > 2.4 SAML V2.0 Holder-of-Key Web Browser SSO Profile > > bc: NateK not here today, so this is a reminder for folks to review, any > further comments? > > [none] > >> > 2.5 SAML V2.0 Information Card Token Profile > > bc: john bradley (jb)? comments on this item? > > jb: IMI TC <http://oasis-open.org/committees/imi/> had its > firstmeeting in > London, discussed samlv2 infocard token profile.. > > http://www.oasis-open.org/committees/download.php/29019/draft-sstc-saml2-infoca > > rd-02.pdf > > ..decided it would be in scope for TC were there demand, so IMI will > work with > SSTC, will take it if it wants to be contribed to IMI tc, init profile > from > microsoft has only SAML 1.1 personal card, there are no managed cards at > moment, (folks scratch head), so there may be desire for a samlv1.1 > managed > card profile. so the IMI TC is up and going now, so we can figure out > how we > want to move that work forward > > Hal Lockhart (hl): personally would like to see that profile go > forward in the > IMI TC > > jb: will have to work with jamie on how to do that.. > > hl: is simple, authors just submit it to the other TC, and if they > have any > issues with that, then it gets more complex -- as long as TC/ipr > processes are > followed and work is in scope than can proceed -- ie sub to other TC > is act of > individual > > sc: don't care real stongly which tc takes up the doc > > jb: sentiment was that there ought to be a samlv2 token profile, just > a matter > of figuring out who/how it will get done > > bc: so just need some offline conv btwn you scott on how to contrib > spec draft? > > jb: yep > > >> > 2.6 SAML V2.0 Metadata Interoperability Profile > > sc: reviewed most of responses, will edit & republish > > > > >> > 2.7 Level of Assurance Authentication Context Profiles for SAML 2.0 > > bc: this intersects with work of Giles from a few meetings ago > > Eric Tiffany (et): 3 things: first, there's the LOA profile doc still out > there, not much change needs to be done to it to move it forward, 2nd > thing is > Giles doc, that's much different approach, haven't gotten disc w/Giles > as yet > wrt a simpler approach, [then there's an enigma document at ITU ?], 3d > then I > need to make some changes to a doc, just sent it to the list, going to be > offline for two weeks, hopefully there'll be productive comments on it > while > I'm away > > Paul Madsen (pm): i could take over in interim > > et: sure, should be voted on in some fashion by TC, then sent to NIST > eg by TC > chairs, then some folks might want to jump on coattails, > hipsi/NZ/Denmark etc > -- there may need to be a bit of corralling folks to keep them in loop > > pm: ok i can contact you offline on that. > > > >> > 3. Discussion Threads >> > >> > 3.1 SAML Cook Book >> > >> http://lists.oasis-open.org/archives/security-services/200809/msg00057.html > > > > > pm: started to collect content on saml.xml.org wiki, pulled info from > tech > overview; collecting config data would be a good thing; SC thot that > putting > that sort of stuff upon wiki might be problematic > > bc: do you mean prop prod config info? or metadata? > > pm: eg how do you config prod X to work with prod Y; some of this info is > collected by liberty in conformance program, supplied by vendors, > might not be > useful > > George Fletcher (gf): well, we could just link to such info; or keep it > generic and add best practices > > pm: see that as distinct from the two classes already have there; does > saml > best practices exist somewhere? > > sc: got electrodes handy to hook up to everyones brains? > > my concerns are answered in the thread... > > if you want to outline what you want to provide material for, we > (shibb/opensaml) could flesh that out and maintain our stuff > ourselves, e.g. > template outlining topics, we've written some howtos, we haven't had > time to > brainstorm others we might want to write, but you could stim ideas... > > pm: interested in your howtos, just need a link from folks who want to > provide > theirs... > > > >> > 3.2 OAuth as a potential HTTP server-to-server binding for SAML >> > >> http://lists.oasis-open.org/archives/security-services/200809/msg00056.html > > > > > bc: lengthy msg w/ no followup > > gf: i sent msg, but took silence as no interest > > sc: am interested, but only in last week have had time to look at it; > will > post questions on list; one of concerns is that it isn't clear that > oauth spec > can make things separable... > > gf: key that looking at it, is svr-to-svr msgs that aren't > ident-bound, eg > manageId calls, in oauth spec just signing that with consumers secret and > spec'g consumerid.... > > sc: not sure comfortable spec'g a binding to oauth spec > > gf: this two-legged flow is intended to be supported in a v2 spec > > sc: it isn't easy to normatively ref into the spec the way spec is > written; > its not that i'm thinking it can't be done > > jb: eran is about to release a bunch of changes to that spec if we can > get > that comment to him maybe he can incorp it > > gf: what would make it easier > > sc; if the conveyance stuff is sep from message construct.... > > jh: agree, not clean to build other specs "on top of" oauth > > gf: ok, will convey back to oauth folks eg eran > > rlbob: there will be bof on oauth at ietf, sep'g convey from msg const > will be > a topic > > jh: you'll convey back on the public oauth list, yes? > > gf: yes, and you guys can followup if i mess up > > > >> > 4. Other business > > jh: have saml logo, done pro-bono by graphic artist, will post to > saml.xml.org > wiki and announce to list > > > >> > 5. Action Items (Report created 06 October 2008 02:57pm EDT) >> > >> > #0341: Draft text for SSTC submission to NIST >> > Owner: Eric Tiffany >> > Status: Open >> > Assigned: 2008-08-26 >> > Due: 2008-10-07 > > bc: everyone read and resp to his latest msg > > >> > #0333: Publish a new revision of Profile for Use of DisplayName in >> OASIS >> > template >> > Owner: Sampo Kellomki >> > Status: Open >> > Assigned: 2008-05-19 >> > Due: -- > > open (sampo not here) > > > >> > #0332: Revise Query Extension for SAML AuthnReq >> > Owner: Sampo Kellomki >> > Status: Open >> > Assigned: 2008-05-19 >> > Due: --- > > open (sampo not here) > > > ============================================================================ > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]