[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Draft minutes from 16 Dec 2008 SSTC telecon [roll to be added]
> > Roll Call & Agenda Review Logistics note: Hal is canceling the 30 December 2008 call. Our next call will be 13 January 2009. > Need a volunteer to take minutes Eve volunteered. > 1. Minutes > > 1.1 Minutes from SSTC/SAML conference call November 18, 2008 > http://lists.oasis-open.org/archives/security-services/200812/msg00010.html APPROVED by unanimous consent. > 1.2 Minutes from SSTC/SAML conference call December 2, 2008 > http://lists.oasis-open.org/archives/security-services/200812/msg00017.html APPROVED by unanimous consent. > 2. Announcements > > 2.1 Draft SP 800-63 Revision 1: E-Authentication Guideline is > available for a second public comment period (Assertions are in for > Level 4) > http://lists.oasis-open.org/archives/security-services/200812/msg00036.html Eric Tiffany noted this news recently. Our attempt to "raise NIST's consciousness" has resulted in this new guideline, which is good news. Please do review it to ensure it's accurate. > 2.2 xspa-saml-profile-cd-01 for public review > Bounced back by TC Admin for changes to meet OASIS Requirements Mary McRae asked us to fix a few formatting issues to bring it into alignment with OASIS requirements. It's in process. > 3. Document Status > > 2.1 sstc-saml-attribute-ext-cd-01.pdf uploaded > http://lists.oasis-open.org/archives/security-services/200812/msg00019.html Scott Cantor has posted the CD version (voted to this status last time). We anticipate packaging up a number of items for public review, including this. > 2.2 HoK Assertion Profile (draft-07) > http://lists.oasis-open.org/archives/security-services/200812/msg00030.html > > 2.3 HoK Assertion Request Profiles (draft-01) > http://lists.oasis-open.org/archives/security-services/200812/msg00031.html Tom, holder of the pen on these to date, notes: Draft 07 of the HoK assertion profile had some changes to the NotBefore and NotOnOrAfter bits, as requested in some (unsolicited!) public comments that came in. He believes it's ready to move to CD, but it can also sit and wait for the HOK browser SSO profile (Nate's profile). Hal will plan for a CD vote after the holidays, with a packaging of related specs for public review when they're all ready for that. The HoK assertion request profile is still new so it's a bit rough, and the requirements are very conservative. Please take a look. > 2.4 sstc-saml-holder-of-key-browser-sso-draft-10.pdf (sstc-saml- > holder-of-key-browser-sso-draft-10.pdf) uploaded > http://lists.oasis-open.org/archives/security-services/200812/msg00033.html Nate, holder of the pen on this to date, notes: This draft clarifies which assertions should be bundled with the response. Tom will pick this up going forward, with some changes he's got planned. Tom can have draft 11 ready by the 13 Jan 2009 meeting, including all changes/cleanup already planned and also changes suggested by the comments that have come in. > 3. Discussion Threads > > 3.1 PE78: Reassignment of persistent identifiers > http://lists.oasis-open.org/archives/security-services/200812/msg00012.html Tom, who started the thread, summarizes: The bottom line is that if the SSTC believes that non-reassignability was intended in the original spec, then we're free to add this clarification as an erratum. Otherwise we need to consider spinning off a new identifier. Scott feels the original intent was close to this, and the opposite proposition is nonsensical, so an erratum would be reasonable. Hal is concerned that the proposition isn't testable. Option 2, "A given value, once associated with a principal, MUST NOT be assigned to a different principal at any time in the future.", isn't testable but it's the intended sense of the committee. Scott moves, and JeffH seconds, TO accept option 2 on PE78. PASSED by unanimous consent. Scott suggests that we dispose of PE75, PE76, and PE77 on the next call. > 3.2 2.3 SAMLv2.0 HTTP POST "SimpleSign" Binding > http://lists.oasis-open.org/archives/security-services/200812/msg00005.html > Ready for Public Review? And if it's ready, how do we want to bundle specs? Eve suggests putting it out to public review separately from others, to ensure it gets sufficient attention from communities that are starting to use it in interesting ways. JeffH agrees. That means XSPA would be on its own too. It turns out they can't be packaged together anyway, so never mind. :-) We had thought a 15-day review on SimpleSign would be sufficient, but with the holidays, either starting a 30-day review now or deferring the start to after the holidays would be best. Tom sent a diff to JeffH, and he will add it to the document repository. Eve moves (and JeffH seconds) that we move SimpleSign to a public review, of at least 15 days in length, ending no sooner than January 9. Motion PASSED by unanimous consent. (The point of the motion is to ensure that Mary can tackle the request soonish, ideally this week.) Hal will work with Mary on the request. > 4. Other business 4.1 Scott notes that the other profile he submitted last week (for tagging metadata: the Metadata Extension for Entity Attributes Profile) had some comments from Brian. We should tackle that next time. He's looking for comments on the list prior to then. 4.2 Eve asks about the InfoCard Profile work. Scott says it's tabled until the IMI group figures out its schedules; it's likely to pick up that work, though John B. notes that there isn't much appetite for taking on additional work until the initial ISIP wave of work is done. Hal wonders if the scenario documents used in the RSA '08 Concordia workshop would make good work items for the SSTC, or at least get them submitted so they're more "official". Eve thinks they might indeed be useful as guidelines. The scenario Scott had written is fully encapsulated in the InfoCard token profile he's already written, he feels. Eve will bring this up as a discussion topic in the Concordia call later today. 4.3 Eric notes that Liberty is changing its staffing, and he'll no longer be on staff in the new year. Joni Brennan is taking over his staff responsibilities at least in the interim. The Level of Assurance profile document that he wrote a while back is due for a revision; he'll make a small edit but he hopes others will pick up that work item and he'll reach out to them. > 5. Action Items (Report created 15 December 2008 09:15pm EST) > > #0332: Revise Query Extension for SAML AuthnReq > Owner: Sampo Kellomki > Status: Open > Assigned: 2008-05-19 > Due: --- > > #0333: Publish a new revision of Profile for Use of DisplayName in > OASIS template > Owner: Sampo Kellomki > Status: Open > Assigned: 2008-05-19 > Due: --- These are still open. Eve Maler +1 425 947 4522 Principal Engineer eve.maler @ sun.com Business Alliances group Sun Microsystems, Inc.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]