[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] SSTC/SAML concall Draft Minutes Tue 2-Jun-2009
Comments inline. On Tue, Jun 2, 2009 at 2:18 PM, =JeffH <Jeff.Hodges@kingsmountain.com> wrote: > comments to the list please. > > =JeffH > > ============================================================================ > SSTC/SAML concall Tue Jun 2 09:12:38 PDT 2009 > ---------------------------------------------------------------------------- > > Hal Lockhart presiding > > Minutes by Jeff Hodges (=JeffH) > > NOTE: next TC concall/meeting is Tue 30-Jun-2009 > > > > AI summary > ------------ > > AI -- Scott Cantor to post affirmation to list of no comments in public > review on those docs > > AI -- Tom Scavo to assemble list of comments from PR on the two HOK docs and > begin processing them > > AI -- Charis to make request noted in Motion 2. > > AI -- Dwayne to add a page for the XSPA page in the SAML wiki > > > > Motions Passed > -------------- > > 1. Moved to re-affirm these specs as CD due to passing public review with no > comments.. > SAML V2.0 Attribute Extensions Version 1.0 > SAML V2.0 Metadata Extension for Entity Attributes Version 1.0 > SAML V2.0 Metadata Interoperability Profile Version 1.0 > > 2. Moved to request TC Admin to launch an electronic ballot to move the docs > from Motion 1 to CD maturity level. > > 3. Moved to move modified XSPA profile to CD > > 4. Moved to have a 15-Day review of revised XSPA profile > (xspa-saml-1.0-pr02.doc version 1) due to there being no substantive > changes. > > 5. Moved to sstc-saml-approved-errata-2.0-draft-49 to CD, confirmed changes > therein are not substantive, and to proceed to 15-Day public review. > > > > > >> Proposed Agenda SSTC Conference Call >> June 2, 2009, 12:00pm ET >> >> Dial in info: +1 215 446 3648 >> Access code 270-9441# >> >> Roll Call & Agenda Review >> >> Need a volunteer to take minutes >> >> 1. Minutes >> >> 1.1 Minutes from SSTC/SAML conference call May 5, 2009: >> >> http://lists.oasis-open.org/archives/security-services/200905/msg00018.html >> > http://lists.oasis-open.org/archives/security-services/200906/msg00005.html > (with corrected meeting attendance) > > > prior minutes duly approved by unan consent. > > > > > > >> 2. Announcements >> >> >> 2.1 Public Review of SAML 2.0 Profiles has closed. >> >> >> http://lists.oasis-open.org/archives/security-services/200903/msg00062.html >> >> Question to Scott regarding last action item (Scott to talk to Mary about >> getting a Jira instance for SSTC.) > > Scott Cantor (sc): did talk to her, she said "no problem, you don't do > anything, I just create it...". So SC will tug her sleeve again. > > > Nate Klingenstein (nk): wrt pub review, had long disc wrt changes they > could/should make to HOK, how does that affect ? review, did I miss > anything? > > Tom Scavo (ts): didn't miss anything, need to compile comments on the docs, > yes? > > Hal Lockhart (hl): ques is whether we need to do short or long subsequent > reviews, but in any case need to compile all the comments w/sources and such > > > sc: at least two or three docs didn't rec any comments.. > > hl: docs need to be re-affimed as CDs > > sc: next step is to ask for vote for CS, yes? > > hl: yes > > sc: let's do that today since calls are infrequent? > > don't recall any comments on any but the delegation restriction one. that > one is on hold until can produce new WD of it > > wrt #2, 5, 6 in the above-referenced message -- no comments on them? > SAML V2.0 Attribute Extensions Version 1.0 > SAML V2.0 Metadata Extension for Entity Attributes Version 1.0 > SAML V2.0 Metadata Interoperability Profile Version 1.0 > > sc motion: move to reaffirm above as CD modulo received no comments on them > > Jeff Hodges (jh): second > > [no objection to unanimous consent to motion -- passed] > > AI -- SC to post affirmation to list of no comments in public review on > those docs > > > AI -- ts to assemble list of comments from PR on the two HOK docs and begin > processing them > > > sc motion: req tc admin to conduct elec ballot to move the 3 docs to CS > maturity level > > ts: 2nd > > [pass w/unan consent] > > AI -- chairs, begin process on above listed docs > > > >> 2.2 Comment requested on removing DTD definitions from XML Signature 1.1 >> and on elliptic curve >> http://lists.oasis-open.org/archives/security-services/200904/msg00012.html >> >> Feedback requested. > > > hl: still not too late to comment. > > sc: dtds are gone > > hl: still debating elliptic curve, thus not to late to comment. > > >> >> 2.3 Reminder - Meetings will be every four weeks - Next call July 7. > > > hl: nope, next call is 30-Jun (!!) > > >> >> 2.4 Announcement: Upcoming SAML 2.0 IOP event, July 14-Sept. 4 >> >> http://lists.oasis-open.org/archives/security-services/200905/msg00020.html >> >> > > Kyle of drummond group: nxt IOP for SAML is 14-Jul-2009, registration is > still open > > >> 3. Discussion >> >> 3.1 Review of planned work. Discuss future work plans and indication of >> specs in the pipeline and approximate date for first drafts. > > [worked down SAML Wiki page: <http://wiki.oasis-open.org/security>] > > ts: noted general request that someone add a page for the XSPA page in the > wiki, > > AI -- Dwayne to add a page for the XSPA page in the SAML wiki > > > hl: OASIS BoD have debated at length non-implementable (informational?) > docs, so have to work in framework, this applies to Tech Overview -- any > objection to putting the latter into Pub Review at any point? will leave in > case anyone wants to champion it, can attach to future pub review... > > jh: what about simplesign? > > sc: there's comments in queue on it, no cycles for it now. > > > sc: impl'd by two as-specificed, not sure about AOL's impl, not aware of > other impls > > hl: so no intent to progress at this time, not > > > hl: wrt token card profile > > sc: on hold for IMI TC work > > > hl: SAML V2.0 Holder-of-Key Assertion Request Profiles > > sc: active & moving fwd. there's a opengroup doc that depends on it The Open Grid Forum's AuthZ-WG is preparing to rev a profile based on this draft document. > have public comments on it, intend to move forward http://lists.oasis-open.org/archives/security-services/200906/msg00004.html > hl: Level of Assurance Authentication Context Profiles for SAML 2.0 > status of draft 2 from march? > > [no answer] > > sc: is this one that's on agenda as another doc? is this one Paul just > posted? > that's paul's doc > > hl: this is actively being progressed.. > sounds like we have 3 or 4 that will be ready for pub rev "soon" > > any other profiles to propose soon? > > fredrick hirsch (fh): there might be something more, can't say just yet.... > > >> 3.2 XSPA Profile updated >> >> http://lists.oasis-open.org/archives/security-services/200905/msg00022.html > > > david staggs (ds): public comment period on this doc ended on 13-Mar, > analyzed all comments, made approp updates, discussed cmts at last meeting, > have spreadsheet for all 34 comments, have changes for comments, there's > lots of interest in XSPA (calling from Healthcare SOA comments and will be > talking about the spec on Thu this week) > > want to propose a motion to move doc forward. last update was recently > posted. > > would be helpful to do vote today due to infrequent TC calls these days. > > ds: motion to move modified XSPA profile to CD (would be CD2 rev) > > dwayne: 2nd > > hl: any objs > > [motion passed by unan consent] > > hl: can get by w/short pub review. 15-day > > > ds: is cd2 a "major change" from cd1 ? > > hl: term is "substantive changes".... > > ds: don't believe made "substantive changes".... > > hl: [eads process para on this] > e.g. schema changes are substative, else judgement call > > will entertain motion to have 15-day review, comments are limited to the > changes only, and is judgement of tc that haven't made substan changes > > so moved by DS, 2nd Dwayne > > hl: any obj's ? > > [motion passed by unan consent] > > > hl: expectation is that you create a diff -- do CD version, and diff with > prev CD > let hl know when done that. then hl will contact Mary. > > enumeration of changes may be sufficient. e.g. just put spreadsheet in > repository, send hl links to new CD version and spreadsheet. > > > ds: have source file with "tracking" turned on.... > > > >> 3.3 Any more comments to on saml-loa-authncontext-profile: >> >> - remove 800-63 schemas >> http://lists.oasis-open.org/archives/security-services/200904/msg00013.html >> >> - Paul to remove specific references to NIST LOA values in a new draft. > > hl: paul not on call ... any comments on above? > > > RLBob Morgag (rlm): propsal on email in last week or so, add to this doc a > new notion that in addition to being able to express LOA using AC, a > metadata publisher say can express that an IDP has been "vertified" to use a > particular profile, using attrs from the attrs-for-metadata draft > > see.. > > http://lists.oasis-open.org/archives/security-services/200905/msg00013.html > > > have heard from other members of their federation that this would be a good > thing. > > > john bradley (jb): this isi the "why should i trust you" problem... > > rlm: yes, essentially. metadata signing addresses this, but folks wishing > for more explicit attestation > > hl: how does this work? > > sc: have an assnertion (assn) about entity, has attribute (attr) in it, > attestation, can do anything you want with assn of course, is just a common > claim one can reference. this would be another saml-tc-defined attr > > hl: a reg attr statement can refer to any system entity. this one is > particular to an entity that issues assns > > sc: yes, not a big deal > > rlm: paul supported it on list > > > jb: provides for IC and other RPs to adopt it (by doing it here) > > > rlm: usual nitpicking wrt actual attr name... > > sc: may want to do something similar to orig saml attr work. sc is fine > with this proposal > > > >> 3.4 Assorted threads on saml-dev/comment list >> >> > >> 3.6 Draft Approved Errata posted >> >> http://lists.oasis-open.org/archives/security-services/200905/msg00023.html > > > sc: anyone doing errata shud do all this in parallel, rather than waiting to > end. tried to emulate ELM's example, hopefully essentially equivalent > > used 49 as increment number to try to keep it consistent > > removed refs to non-normative redlined spec > > altered lang that there _may_ be redlined specs available > > otherwise is just a sync up with working draft. > > > hl: can put info wrt errata in wiki? > > AI - SC to put in wiki info wrt making errata process easier > > > hl: do you have list of what orig specs are being altered by this errata? > > sc: every normative doc we pub'd as orig spec... > > hl: tc process reqs us to supply doc that proposes changes, and optionally > provide mod'd specs incorp'g errata > > sc: doing the latter is burdensome > > hl: need to formulate motion to see that boiler plate fixes are made... in > order to proc approved errata, need doc w/ "corrections". we would need to > vote -49 to CD, 2nd vote to confirm that corrections do not constitute > substan change, 3d vote to 15-day pub review, 4th full-majority vote to > replace the existing errata doc > > today, can do first 3 things. > > entertain motion to do all first three things (noted above). all these > errata items we process > > sc: so moved > > jh: 2nd > > hl: any obj's? > > [motion passed by unan consent] > > > > >> 3.5 SAML simplesign useful in practice? >> >> http://lists.oasis-open.org/archives/security-services/200905/msg00015.html > > hl: any more to be said on this? > > sc: trying to get the xmlsec wg to do a simplesign-like thing, that's where > question comes in > > >> >> >> 4. Other business > > hl: any discussion wrt recent threads on saml-dev and comments@ lists? > > [silence, none] > > > >> 5. Action Items >> none open > > [see summary at beginning of these minutes for AIs opened during this > meeting] > > > [meeting adjourned] > > > ============================================================================ > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]