[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: OASIS SSTC con call minutes 2009-08-25
Let me know if any corrections are needed. - RL "Bob" --- SSTC Conference Call August 25, 2009, 12:00pm ET ** Summary * XSPA spec to be submitted to OASIS for approval as Full Standard. * Several docs (metadata, holder-of-key) were approved by ballot as Committee Specifications; Scott and Hal will work with Mary on getting proper new versions in the right place. * SAML 2 token profile for IMI has been moved to IMI TC. ** Detailed notes 1. Roll Call & Agenda Review 2. Need a volunteer to take minutes RL "Bob", your humble scribe 3. Approval of minutes from last meeting (28 July 2009) http://www.oasis-open.org/apps/org/workgroup/security/email/archives/200907/msg00041.html Approved without objection. 4. AIs & progress on current work-items: (a) Current electronic ballots: XSPA Profile of SAML for Healthcare V1.0 http://www.oasis-open.org/apps/org/workgroup/security/ballots.php DavidS: there was a question about XSPA schema. Schema work is being done in XSPA TC, so presence of schema is not an issue for advancement of the XSPA spec in the SSTC. DavidS: motion in 3 parts: (1) confirm that schema fragments in document are valid (2) assert that there have been no substantive changes to spec since adoption as a committee spec (3) propose submission of XSPA spec to OASIS membership for approval as full OASIS standard Duane: second Discussion: TomS: any evidence that schema fragments are valid? Duane: yes, these schema were successfully used in HIMSS interop by several implementations TomS: linked in wiki? Duane: yes Hal: submission requires attestations, 4 have been submitted ** Approved without objection. Hal: <explains OASIS approval process> need material on relationship of this spec to others DavidS: Duane and I will help prepare this (b) Status of past (closed) ballots: SAML V2.0 Attribute Extensions Version 1.0 SAML V2.0 Metadata Extension for Entity Attributes Version 1.0 SAML V2.0 Metadata Interoperability Profile Version 1.0 SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0 SAML V2.0 Holder-of-Key Assertion Profile Version 1.0 Scott: ballots passed, but ... process seems to have problems. Prepared CS versions, but Mary did this also, without some needed tweaks, so need to rationalize. HoK documents are in similar state. Would be best if Mary can apply fixes to Scott/Tom versions. Hal: process is indeed in flux. Will work with Mary to clarify. Scott: will work with Mary to get clean versions in place. Need attestations to move forward in any case. (c) 15-Day review of sstc-saml-approved-errata-2.0-draft-49 (action for Hal) Hal still needs to check on this. (d) Progress on getting Jira instance for SSTC (Scott). No progress to report. (e) Duane to add a page for the XSPA page in the SAML wiki. http://www.oasis-open.org/apps/org/workgroup/security/ballots.php Duane: still needs to be finished, probably today. (f) Kerberos Attribute Profile (Josh/Thomas). http://www.oasis-open.org/apps/org/workgroup/security/download.php/33861/sstc-saml-attribute-kerberos-01.odt Josh: new doc posted incorporating various comments. Any review? Scott: there are several questions in the text? Josh: yes, mostly administrative Josh: discussion on list about Kerberos Token Profile, strawman proposal sent Scott: seems elegant, and to match semantics of core elements used. Josh: additional question about using Kerberos to establish trust between SAML entities. Might imply using KeyInfo ... Scott: KeyInfo extension seems clearer, though less usable by existing implementations Thomas: planning a document submission? Josh: will continue to work on two approaches in parallel, see where they go (g) Expressing Identity Assurance profile for SAML2.0 (LOA) (Bob Morgan) http://www.oasis-open.org/apps/org/workgroup/security/download.php/33546/sstc-saml-assurance-profile-draft-00.pdf RLBob: will submit new version shortly, adding conformance section for attribute profile (h) Delegation Condition Extension Profile (part of item (g)) (Scott) Scott: not part of assurance, will rev doc based on public review comments. 5. New work items Scott: SAML 2 token profile for IMI has been moved to IMI TC, so no longer a SSTC item. JeffH: now with PayPal, problems renewing OASIS membership as individual, PayPal not currently an OASIS member, so discussions happening about what to do. This affects Eve Maler's participation too. Anil: suggest that OASIS do something like "invited experts" as other groups do. Hal: noted, but seems unlikely to happen. 6. Assorted threads on saml-dev/comment list - SHA-256 discussion Scott: this is one among several errata, didn't get chance to submit PEs yet. Can provide erratum to core, more significant question is whether to update SAML conformance doc. XML DSig will be recommending SHA-256. Could mean new conformance class with new algorithm list. Bob: raises issue about needing metadata support for algorithm transition, so entities can state what algorithms they support or require Scott: deeper question is whole issue of authentication of entities to one another, eg Basic Auth or Kerberos could be used, not just PKI algorithms. - LOA related discussion No further discussion. Next call Sep 22. ** Attendance Voting Members: John Bradley Individual Scott Cantor Internet2 Nathan Klingenstein Internet2 Bob Morgan Internet2 Thomas Hardjono M.I.T. Tom Scavo National Center for Supercomputing Applica... Ari Kermaier Oracle Corporation Hal Lockhart Oracle Corporation Anil Saldhana Red Hat Kent Spaulding Skyworth TTG Holdings Limited Duane DeCouteau Veterans Health Administration David Staggs Veterans Health Administration Members: Joshua Howlett Individual Observers: Ganesh Ananthakrishnan Avaya, Inc. Quorum: 12 out of 18 voting members (63%) Status: Emily Xu (Sun) and Kyle Meadors (Drummond Group) lose voting status
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]