OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: SSTC/SAML concall Draft Minutes Tue 2-Jun-2009

comments to the list please.

=JeffH

============================================================================
SSTC/SAML concall Tue Jun  2 09:12:38 PDT 2009
----------------------------------------------------------------------------

Hal Lockhart presiding

Minutes by Jeff Hodges (=JeffH)

NOTE: next TC concall/meeting is Tue 30-Jun-2009



AI summary
------------

AI -- Scott Cantor to post affirmation to list of no comments in public review 
on those docs

AI -- Tom Scavo to assemble list of comments from PR on the two HOK docs and 
begin processing them

AI -- Charis to make request noted in Motion 2.

AI -- Dwayne to add a page for the XSPA page in the SAML wiki



Motions Passed
--------------

1. Moved to re-affirm these specs as CD due to passing public review with no 
comments..
     SAML V2.0 Attribute Extensions Version 1.0
     SAML V2.0 Metadata Extension for Entity Attributes Version 1.0
     SAML V2.0 Metadata Interoperability Profile Version 1.0

2. Moved to request TC Admin to launch an electronic ballot to move the docs 
from Motion 1 to CD maturity level.

3. Moved to move modified XSPA profile to CD

4. Moved to have a 15-Day review of revised XSPA profile 
(xspa-saml-1.0-pr02.doc version 1) due to there being no substantive changes.

5. Moved to sstc-saml-approved-errata-2.0-draft-49 to CD, confirmed changes 
therein are not substantive, and to proceed to 15-Day public review.





 > Proposed Agenda SSTC Conference Call
 > June 2, 2009, 12:00pm ET
 >
 > Dial in info: +1 215 446 3648
 > Access code 270-9441#
 >
 > Roll Call & Agenda Review
 >
 > Need a volunteer to take minutes
 >
 > 1. Minutes
 >
 > 1.1 Minutes from SSTC/SAML conference call May 5, 2009:
 > http://lists.oasis-open.org/archives/security-services/200905/msg00018.html
 >
http://lists.oasis-open.org/archives/security-services/200906/msg00005.html
(with corrected meeting attendance)


prior minutes duly approved by unan consent.






 > 2. Announcements
 >
 >
 > 2.1 Public Review of SAML 2.0 Profiles has closed.
 >
 > http://lists.oasis-open.org/archives/security-services/200903/msg00062.html
 >
 > Question to Scott regarding last action item (Scott to talk to Mary about 
getting a Jira instance for SSTC.)

Scott Cantor (sc): did talk to her, she said "no problem, you don't do 
anything, I just create it...".  So SC will tug her sleeve again.


Nate Klingenstein (nk): wrt pub review, had long disc wrt changes they 
could/should make to HOK, how does that affect ? review, did I miss anything?

Tom Scavo (ts): didn't miss anything, need to compile comments on the docs, yes?

Hal Lockhart (hl): ques is whether we need to do short or long subsequent 
reviews, but in any case need to compile all the comments w/sources and such


sc: at least two or three docs didn't rec any comments..

hl: docs need to be re-affimed as CDs

sc: next step is to ask for vote for CS, yes?

hl: yes

sc: let's do that today since calls are infrequent?

   don't recall any comments on any but the delegation restriction one. that 
one is on hold until can produce new WD of it

  wrt #2, 5, 6 in the above-referenced message -- no comments on them?
     SAML V2.0 Attribute Extensions Version 1.0
     SAML V2.0 Metadata Extension for Entity Attributes Version 1.0
     SAML V2.0 Metadata Interoperability Profile Version 1.0

sc motion: move to reaffirm above as CD modulo received no comments on them

Jeff Hodges (jh): second

[no objection to unanimous consent to motion -- passed]

AI -- SC to post affirmation to list of no comments in public review on those docs


AI -- ts to assemble list of comments from PR on the two HOK docs and begin 
processing them


sc motion: req tc admin to conduct elec ballot to move the 3 docs to CS 
maturity level

ts: 2nd

[pass w/unan consent]

AI -- chairs, begin process on above listed docs



 > 2.2 Comment requested on removing DTD definitions from XML Signature 1.1 and 
on elliptic curve 
http://lists.oasis-open.org/archives/security-services/200904/msg00012.html
 >
 > Feedback requested.


hl: still not too late to comment.

sc: dtds are gone

hl: still debating elliptic curve, thus not to late to comment.


 >
 > 2.3 Reminder - Meetings will be every four weeks - Next call July 7.


hl: nope, next call is 30-Jun  (!!)


 >
 > 2.4 Announcement: Upcoming SAML 2.0 IOP event, July 14-Sept. 4
 > http://lists.oasis-open.org/archives/security-services/200905/msg00020.html
 >
 >

Kyle of drummond group: nxt IOP for SAML is 14-Jul-2009, registration is still open


 > 3. Discussion
 >
 > 3.1 Review of planned work. Discuss future work plans and indication of 
specs in the pipeline and approximate date for first drafts.

[worked down SAML Wiki page: <http://wiki.oasis-open.org/security>]

ts: noted general request that someone add a page for the XSPA page in the wiki,

AI -- Dwayne to add a page for the XSPA page in the SAML wiki


hl: OASIS BoD have debated at length non-implementable (informational?) docs, 
so have to work in framework, this applies to Tech Overview -- any objection to 
putting the latter into Pub Review at any point?  will leave in case anyone 
wants to champion it, can attach to future pub review...

jh: what about simplesign?

sc: there's comments in queue on it,   no cycles for it now.


sc: impl'd by two as-specificed, not sure about AOL's impl, not aware of other 
impls

hl: so no intent to progress at this time, not


hl: wrt token card profile

sc: on hold for IMI TC work


hl: SAML V2.0 Holder-of-Key Assertion Request Profiles

sc: active & moving fwd. there's a opengroup doc that depends on it, have 
public comments on it, intend to move forward

hl: Level of Assurance Authentication Context Profiles for SAML 2.0
status of draft 2 from march?

[no answer]

sc: is this one that's on agenda as another doc? is this one Paul just posted?
  that's paul's doc

hl: this is actively being progressed..
   sounds like we have 3 or 4 that will be ready for pub rev "soon"

any other profiles to propose soon?

fredrick hirsch (fh): there might be something more, can't say just yet....


 > 3.2 XSPA Profile updated
 > http://lists.oasis-open.org/archives/security-services/200905/msg00022.html


david staggs (ds): public comment period on this doc ended on 13-Mar, analyzed 
all comments, made approp updates, discussed cmts at last meeting, have 
spreadsheet for all 34 comments, have changes for comments, there's lots of 
interest in XSPA (calling from Healthcare SOA comments and will be talking 
about the spec on Thu this week)

want to propose a motion to move doc forward. last update was recently posted.

would be helpful to do vote today due to infrequent TC calls these days.

ds: motion to move modified XSPA profile to CD (would be CD2 rev)

dwayne: 2nd

hl: any objs

[motion passed by unan consent]

hl: can get by w/short pub review. 15-day


ds: is cd2 a "major change" from cd1 ?

hl: term is "substantive changes"....

ds: don't believe made "substantive changes"....

hl: [eads process para on this]
e.g. schema changes are substative, else judgement call

will entertain motion to have 15-day review, comments are limited to the 
changes only, and is judgement of tc that haven't made substan changes

so moved by DS, 2nd Dwayne

hl: any obj's ?

[motion passed by unan consent]


hl: expectation is that you create a diff -- do CD version, and diff with prev CD
let hl know when done that. then hl will contact Mary.

enumeration of changes may be sufficient. e.g. just put spreadsheet in 
repository, send hl links to new CD version and spreadsheet.


ds: have source file with "tracking" turned on....



 > 3.3 Any more comments to on saml-loa-authncontext-profile:
 >
 > - remove 800-63 schemas 
http://lists.oasis-open.org/archives/security-services/200904/msg00013.html
 >
 > - Paul to remove specific references to NIST LOA values in a new draft.

hl: paul not on call ... any comments on above?


RLBob Morgag (rlm): propsal on email in last week or so, add to this doc a new 
notion that in addition to being able to express LOA using AC, a metadata 
publisher say can express that an IDP has been "vertified" to use a particular 
profile, using attrs from the attrs-for-metadata draft

see..

http://lists.oasis-open.org/archives/security-services/200905/msg00013.html


have heard from other members of their federation that this would be a good thing.


john bradley (jb): this isi the "why should i trust you" problem...

rlm: yes, essentially. metadata signing addresses this, but folks wishing for 
more explicit attestation

hl: how does this work?

sc: have an assnertion (assn) about entity, has attribute (attr) in it, 
attestation, can do anything you want with assn of course, is just a common 
claim one can reference. this would be another saml-tc-defined attr

hl: a reg attr statement can refer to any system entity. this one is particular 
to an entity that issues assns

sc: yes, not a big deal

rlm: paul supported it on list


jb: provides for IC and other RPs to adopt it (by doing it here)


rlm: usual nitpicking wrt actual attr name...

sc: may want to do something similar to orig saml attr work.  sc is fine with 
this proposal



 > 3.4 Assorted threads on saml-dev/comment list
 >
 >

 > 3.6 Draft Approved Errata posted
 > http://lists.oasis-open.org/archives/security-services/200905/msg00023.html


sc: anyone doing errata shud do all this in parallel, rather than waiting to 
end.  tried to emulate ELM's example, hopefully essentially equivalent

used 49 as increment number to try to keep it consistent

removed refs to non-normative redlined spec

altered lang that there _may_ be redlined specs available

otherwise is just a sync up with working draft.


hl: can put info wrt errata in wiki?

AI - SC to put in wiki info wrt making errata process easier


hl: do you have list of what orig specs are being altered by this errata?

sc: every normative doc we pub'd as orig spec...

hl: tc process reqs us to supply doc that proposes changes, and optionally 
provide mod'd specs incorp'g errata

sc: doing the latter is burdensome

hl: need to formulate motion to see that boiler plate fixes are made...  in 
order to proc approved errata, need doc w/ "corrections".  we would need to 
vote -49 to CD, 2nd vote to confirm that corrections do not constitute substan 
change, 3d vote to 15-day pub review, 4th  full-majority vote to replace the 
existing errata doc

today, can do first 3 things.

entertain motion to do all first three things (noted above). all these errata 
items we process

sc: so moved

jh: 2nd

hl: any obj's?

[motion passed by unan consent]




 > 3.5 SAML simplesign useful in practice?
 > http://lists.oasis-open.org/archives/security-services/200905/msg00015.html

hl: any more to be said on this?

sc: trying to get the xmlsec wg to do a simplesign-like thing, that's where 
question comes in


 >
 >
 > 4. Other business

hl: any discussion wrt recent threads on saml-dev and comments@ lists?

[silence, none]



 > 5. Action Items
 > none open

[see summary at beginning of these minutes for AIs opened during this meeting]


[meeting adjourned]


============================================================================

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]