[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: OASIS SSTC con call minutes 2009-08-25
Let me know if any corrections are needed.
- RL "Bob"
---
SSTC Conference Call
August 25, 2009, 12:00pm ET
** Summary
* XSPA spec to be submitted to OASIS for approval as Full Standard.
* Several docs (metadata, holder-of-key) were approved by ballot as
Committee Specifications; Scott and Hal will work with Mary on
getting proper new versions in the right place.
* SAML 2 token profile for IMI has been moved to IMI TC.
** Detailed notes
1. Roll Call & Agenda Review
2. Need a volunteer to take minutes
RL "Bob", your humble scribe
3. Approval of minutes from last meeting (28 July 2009)
http://www.oasis-open.org/apps/org/workgroup/security/email/archives/200907/msg00041.html
Approved without objection.
4. AIs & progress on current work-items:
(a) Current electronic ballots:
XSPA Profile of SAML for Healthcare V1.0
http://www.oasis-open.org/apps/org/workgroup/security/ballots.php
DavidS: there was a question about XSPA schema. Schema work is being done
in XSPA TC, so presence of schema is not an issue for advancement of the
XSPA spec in the SSTC.
DavidS: motion in 3 parts:
(1) confirm that schema fragments in document are valid
(2) assert that there have been no substantive changes to spec since
adoption as a committee spec
(3) propose submission of XSPA spec to OASIS membership for approval as
full OASIS standard
Duane: second
Discussion:
TomS: any evidence that schema fragments are valid?
Duane: yes, these schema were successfully used in HIMSS interop by
several implementations
TomS: linked in wiki?
Duane: yes
Hal: submission requires attestations, 4 have been submitted
** Approved without objection.
Hal: <explains OASIS approval process>
need material on relationship of this spec to others
DavidS: Duane and I will help prepare this
(b) Status of past (closed) ballots:
SAML V2.0 Attribute Extensions Version 1.0
SAML V2.0 Metadata Extension for Entity Attributes Version 1.0
SAML V2.0 Metadata Interoperability Profile Version 1.0
SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0
SAML V2.0 Holder-of-Key Assertion Profile Version 1.0
Scott: ballots passed, but ... process seems to have problems. Prepared
CS versions, but Mary did this also, without some needed tweaks, so need
to rationalize. HoK documents are in similar state. Would be best if
Mary can apply fixes to Scott/Tom versions.
Hal: process is indeed in flux. Will work with Mary to clarify.
Scott: will work with Mary to get clean versions in place. Need
attestations to move forward in any case.
(c) 15-Day review of sstc-saml-approved-errata-2.0-draft-49 (action for
Hal)
Hal still needs to check on this.
(d) Progress on getting Jira instance for SSTC (Scott).
No progress to report.
(e) Duane to add a page for the XSPA page in the SAML wiki.
http://www.oasis-open.org/apps/org/workgroup/security/ballots.php
Duane: still needs to be finished, probably today.
(f) Kerberos Attribute Profile (Josh/Thomas).
http://www.oasis-open.org/apps/org/workgroup/security/download.php/33861/sstc-saml-attribute-kerberos-01.odt
Josh: new doc posted incorporating various comments. Any review?
Scott: there are several questions in the text?
Josh: yes, mostly administrative
Josh: discussion on list about Kerberos Token Profile, strawman proposal
sent
Scott: seems elegant, and to match semantics of core elements used.
Josh: additional question about using Kerberos to establish trust between
SAML entities. Might imply using KeyInfo ...
Scott: KeyInfo extension seems clearer, though less usable by existing
implementations
Thomas: planning a document submission?
Josh: will continue to work on two approaches in parallel, see where they
go
(g) Expressing Identity Assurance profile for SAML2.0 (LOA) (Bob Morgan)
http://www.oasis-open.org/apps/org/workgroup/security/download.php/33546/sstc-saml-assurance-profile-draft-00.pdf
RLBob: will submit new version shortly, adding conformance section for
attribute profile
(h) Delegation Condition Extension Profile (part of item (g)) (Scott)
Scott: not part of assurance, will rev doc based on public review
comments.
5. New work items
Scott: SAML 2 token profile for IMI has been moved to IMI TC, so no
longer a SSTC item.
JeffH: now with PayPal, problems renewing OASIS membership as individual,
PayPal not currently an OASIS member, so discussions happening about
what to do. This affects Eve Maler's participation too.
Anil: suggest that OASIS do something like "invited experts" as other
groups do.
Hal: noted, but seems unlikely to happen.
6. Assorted threads on saml-dev/comment list
- SHA-256 discussion
Scott: this is one among several errata, didn't get chance to submit PEs
yet. Can provide erratum to core, more significant question is whether
to update SAML conformance doc. XML DSig will be recommending SHA-256.
Could mean new conformance class with new algorithm list.
Bob: raises issue about needing metadata support for algorithm
transition, so entities can state what algorithms they support or
require
Scott: deeper question is whole issue of authentication of entities to
one another, eg Basic Auth or Kerberos could be used, not just PKI
algorithms.
- LOA related discussion
No further discussion.
Next call Sep 22.
** Attendance
Voting Members:
John Bradley Individual
Scott Cantor Internet2
Nathan Klingenstein Internet2
Bob Morgan Internet2
Thomas Hardjono M.I.T.
Tom Scavo National Center for Supercomputing Applica...
Ari Kermaier Oracle Corporation
Hal Lockhart Oracle Corporation
Anil Saldhana Red Hat
Kent Spaulding Skyworth TTG Holdings Limited
Duane DeCouteau Veterans Health Administration
David Staggs Veterans Health Administration
Members:
Joshua Howlett Individual
Observers:
Ganesh Ananthakrishnan Avaya, Inc.
Quorum: 12 out of 18 voting members (63%)
Status: Emily Xu (Sun) and Kyle Meadors (Drummond Group) lose voting
status
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]