[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Draft Minutes for June 30 2009 SSTC Call
Anil Saldhana wrote: > Frederick Hirsch wrote: >> Draft Minutes, Frederick Hirsch >> SSTC Conference Call >> June 30, 2009, 12:00pm ET >> >> 1. Roll Call & Agenda Review >> > Voting Members > ============== > Rob Philpott EMC Corporation > Scott Cantor Internet2 > Nathan Klingenstein Internet2 > Bob Morgan Internet2 > Thomas Hardjono M.I.T. > Tom Scavo NCSA > Frederick Hirsch Nokia Corporation > Paul Madsen NTT Corporation > Ari Kermaier Oracle Corporation > Hal Lockhart Oracle Corporation > Anil Saldhana Red Hat > Kent Spaulding Skyworth TTG Holdings Limited > Eve Maler Sun Microsystems > Emily Xu Sun Microsystems > Duane DeCouteau Veterans Health Administration > David Staggs Veterans Health Administration > > Members > ======= > Kyle Meadors Drummond Group > George Fletcher AOL > Richard Franck IBM > Joshua Howlett Individual > > Quorum Achieved: 16 out of 20 voting members > > Status Change: Kyle Gains Voting Rights. > >> >> >> 2. Need a volunteer to take minutes >> >> Frederick Hirsch volunteered to take minutes. >> >> 3. Approval of minutes from last meeting (2 June 2009) >> >> Motion: Approve minutes from 2 June 2009 >> Moved by Eve, seconded by Nate. >> Motion passed - Minutes approved without objection. >> >> 4. AIs & progress on current work-items: >> >> (a) Request TC Admin to launch an electronic ballot. >> >> All documents are now in CD format. In progress, open action for >> chairs. Hal Lockhart took action item on this. >> >> (b) 15-Day review of revised XSPA profile. >> >> David Staggs will put comments into spreadsheet for committee, for >> discussion on next teleconference. >> >> (c) 15-Day review of sstc-saml-approved-errata-2.0-draft-49. >> >> Hal Lockhart will take action to start formal review. >> Scott Cantor has action to produce redline drafts, but this is not in >> critical path for starting public review. He noted the document for >> review is ready. >> >> (d) Progress on getting Jira instance for SSTC (Scott). >> >> Scott Cantor will contact Mary McRae again, this item was deferred >> earlier >> >> (e) Dwayne to add a page for the XSPA page in the SAML wiki. >> >> This remains open. >> >> (f) SAML V2.0 Holder-of-Key Assertion Request Profiles. >> >> Tom Scavo noted draft uploaded to Kavi. Some comments received on >> SAML dev list. Considering comment regarding need for TLS. >> Planning to produce a third draft. >> >> (g) SAML LOA Assurance profile. >> >> Bob Morgan is working on this document with regards to authentication >> context, how to express certified assurance levels to metadata. Still >> working on this, planning to provide before the next teleconference. >> >> (i) Discuss comments received on HoK Profile (Tom/Nate): >> >> http://lists.oasis-open.org/archives/security-services/200906/msg00009.html >> >> >> http://lists.oasis-open.org/archives/security-services/200906/msg00019.html >> >> >> http://lists.oasis-open.org/archives/security-services/200906/msg00023.html >> >> >> a) SAML V2.0 Holder-of-Key Web Browser SSO Profile >> >> Tom Scavo noted thread initiated by Mark Stern during public review, >> leading to a number of significant comments, also comment by Scott >> Cantor, producing four comments. He has documented these comments in >> the wiki ( >> http://wiki.oasis-open.org/security/PublicComments20090326-20090525 ) >> >> Reverted the document back to draft, draft 12. Lines 416-421 in diff >> show the most important changes in response to the comments, >> emphasizing dependency on assertion profile to address man in middle >> concerns. Relaxing TLS requirement not easy to do so did not address >> comment #2, all others have been addressed. >> >> Scott Cantor noted that if hard to do then could leave it as is, >> noting it is a web browser profile, so therefore it is reasonable to >> keep. Bob Morgan agreed. >> >> Hal Lockhart asked if commenter had a suggestion for alternative >> approach, answer was to allow alternate secure channels. >> >> Tom Scavo noted draft 12 is not substantive change, since changes >> were only clarifications, since TLS change not made. >> >> b) Holder of Key Assertion profile had comments >> >> http://wiki.oasis-open.org/security/PublicComments20090326-20090525 >> >> Some were requests for clarification. Question of SAML NameID was not >> clear, so added paragraph in lines 258-260 draft 10 diff to clarify >> by referencing constrained delegation profile. Draft 10 had minor >> changes and has been uploaded to Kavi. >> >> Hal Lockhart suggested committee respond to commenters with >> resolutions of actions (link to wiki) indicating no action on >> suggested TLS change. >> >> Hal Lockhart noted that if the changes are non-substantive no >> additional public review needed. >> >> Tom Scavo noted that the latest drafts include all changes. >> >> Motion: Draft 12 of Holder -of-Key Web Browser SSO Profile and >> Draft 10 of HOK assertion profile be moved to Committee Draft >> Moved by Tom Scavo, Second by Bob Morgan >> Motion passed -No objection to unanimous consent >> >> Action: to Tom Scavo to produce CDs of Holder -of-Key Web Browser SS >> Profile and Holder of Key Assertion Profile >> >> Motion: Hold electronic ballot of Holder -of-Key Web Browser SSO >> Profile and Holder of Key Assertion Profile >> Moved by Scott Cantor >> Second by Bob Morgan >> Motion passed - No objection to unanimous consent. >> >> 5. New work items: >> >> (i) Kerberos HOK profile (Josh/thomas): >> >> http://www.oasisopen.org/apps/org/workgroup/security/email/archives/200906/msg00027.html >> >> >> Josh Howlett gave some background on Kerberos Holder of key and >> attribute query profiles, noted that shared proposals by email. Also >> noted that shared high level architecture document on list (PDF). >> >> Three protocols proposed for (i) encapsulating Kerberos service >> ticket, (ii) how to use attribute query to ask for attribute, and >> (iii) use holder of key assertion protocol to obtain confirmation >> using Kerberos. Plan to define fourth protocol for composition of >> these for SSO. >> >> Request for comment, some questions are also noted in the documents >> themselves. >> >> Scott Cantor suggested combining two profiles into one single >> attribute profile. Scott Cantor has additional comment on the XML, >> such as requests for multiple attributes (e.g. tickets). He will send >> message to list with details. >> >> Josh Howlett plans to have update before the next teleconference. He >> asks committee that if Kerberos HoK Assertion Profile is based on >> X.509 HoK profile would it be confusing due to duplicate material. >> Tom Scavo asked if X.509 and Kerberos profiles could be unified, in a >> clear manner. He also noted that this would need to happen if Web >> Browser SSO Profile is not unnecessarily delayed. Tom, Josh and Nate >> agreed it would be good to unify the documents into a single >> document. The committee noted this would be a substantive change, >> requiring a new CD. >> >> Hal Lockhart suggested editors work offline to produce a combined >> document. The editors noted this will probably not be ready for the >> next call. >> >> Hal Lockhart will delay request for Committee Specification ballot >> for Holder of Key Assertion Profile and not have one if decision is >> reached on email list to have combined document ( to avoid confusion). >> >> ii) Attribute Query profile (Josh/thomas): >> >> http://www.oasisopen.org/apps/org/workgroup/security/email/archives/200906/msg00027.html >> >> >> Josh Howlett asked question of whether to support requests for >> multiple service tickets at one time. Not clear if use cases exist. >> >> iii) Encapsulating service ticket document >> >> Josh Howlett noted this is a very simple profile that defines >> attribute - will wait for comments from Scott Cantor. >> >> Meeting adjourned. >> >> regards, Frederick >> >> Frederick Hirsch >> Nokia
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]