[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Minutes of SSTC Conference Call (October 20, 2009) with roll
Anil, The text in your e-mail was missing some details. So I took the liberty of inserting the roll call into the original minutes and include as both a word document (attached) and in-line (below). Cheers, David David Staggs, JD, CISSP (SAIC) Veterans Health Administration Chief Health Informatics Office Emerging Health Technologies -----Original Message----- From: Anil Saldhana [mailto:Anil.Saldhana@redhat.com] Sent: Thursday, October 29, 2009 1:17 PM To: OASIS SSTC Subject: Re: [security-services] Proposed Agenda SSTC Conference Call (October 20, 2009) -----New Message Follows----- SSTC Conference Call Minutes October 20th, 2009, 12:00pm ET 1. Roll Call & Agenda Review Voting Members: Rob Philpott EMC Corporation John Bradley Individual Scott Cantor Internet2 Nathan Klingenstein Internet2 Thomas Hardjono M.I.T. Frederick Hirsch Nokia Corporation Paul Madsen NTT Corporation Ari Kermaier Oracle Corporation Hal Lockhart Oracle Corporation Anil Saldhana Red Hat David Staggs Veterans Health Administration Members: Kyle Meadors Drummond Group Inc. Joshua Howlett Individual Peter Davis Neustar, Inc. Christian Guenther Nokia Siemens Networks GmbH & Co. KG Thinh Nguyenphu Nokia Siemens Networks GmbH & Co. KG Prateek Mishra Oracle Corporation Emily Xu Sun Microsystems George Fletcher AOL Quorum: Achieved: 11 out of 17 voting members (64%) Status: Kyle, Emily, Christian, Thinh become voting members. Status Changes: Richard Frank (IBM) lost voting status 2. Need a volunteer to take minutes Staggs appointed. 3. Approval of minutes from last meeting (Sept 22, 2009): http://www.oasis-open.org/apps/org/workgroup/security/email/archives/200 909/msg00040.html Minutes approved. 4. AIs & progress update on current work-items: (a) Current electronic ballots: none (b) Status/notes regarding past ballots: (i) XSPA: - Spec has been submitted to OASIS for approval as Full Standard. Voting open, all encouraged to vote. This is the last opportunity to vote before the next meeting. (ii) SAML V2.0 Attribute Extensions Version 1.0 Keeping at CS, until attestations gathered. SAML V2.0 Metadata Extension for Entity Attributes Version 1.0 Keeping at CS, until attestations gathered. SAML V2.0 Metadata Interoperability Profile Version 1.0 Keeping at CS, until attestations gathered. Scott suggested looking at activity in Kantara for implementation examples. - Wiki's have been updated - Formal attestations regarding implementations being sought by Scott. (iii) SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0 as a CS SAML V2.0 Holder-of-Key Assertion Profile Version 1.0 - Due to errata when transitioning from CD to CS status, these two docs need to move back to CD status. Nate states changes submitted reverted work to working draft MOTION Nate moves to move WD to CD. second (Tomas) MOTION PASSED Discussion: Changes determined non-substantive MOTION Motion to request a ballot for special vote to make SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0 into committee specification (CS) AND that changes are non-substantive AND that schema and XML examples are valid. Moved by Nate Second by Tomas MOTION PASSED ACTION ITEM: Nate will produced CD in three forms. ACTION ITEM: Nate will also we cross refence HoK assertion profile and Browser profile. ACTION ITEM: chair to submit the request. Scott- need cross referencing (see section 2.19) - AI: Create new Working Drafts of the HoK Profiles [Tom] (c) 15-Day review of sstc-saml-approved-errata-2.0-draft-49 [Hal] Discussion: Scott adds a new item concerning errata. Scott states our process of voting on each errata separately the to append to (an unapproved) errata draft was not required and that a quicker way would be to produce a WD of errata and approved errata items, then voting approved errata draft as a CD (and constitute approval of all errata therein. However, there are three errata that deserve discussion in approved errata draft 51 E81: RSA SHA 1 signing not a specification requirement, just any algorithm designed for use to sign XML is OK (no objections) E82: co-constraints in metadata (empty elements) prose correction to include at least one (no objections) E83: Wording change from experience in Liberty interop - serializing assertions related to exclusive canonicalization, reworded to specify that is not a requirement . (no objections) MOTION To adopt sstc-saml-approved-errata-2.0-draft-51 as CD Rob moves, Scott seconded MOTION PASSED Motion To request chairs create 15 day public review of CD of above errata draft (includes E81, 82, 83) for 15day public review AND that changes were not substantive AND any XML therein are well-formed. Scott moved Tom seconded MOTION PASSED ACTION ITEM: Scott will make CD. ACTION ITEM: Hal to request 15 day review. Scott had another errata item (procedural issue) from PE 80 concerning the mime type registrations RE affiliation description and relationship to our specification. Need someone with IETF experience requested. ARI suggests moving to a reference. ACTION ITEM: Hal to check with Mary on the removal of the (non-normative) appendix that includes the mime types. ACTION ITEM: Scott will consult with Bob Morgan. (d) Progress on getting Jira instance for SSTC [Scott] Scott: Nothing to report (NTR). (e) Kerberos related items (Josh): - Kerberos Web browser SSO profile Josh: Kerberos web single signon profile (analogous to HoK profile) First draft is on the TC discussion list, request for opinions on using HoK web single sign-on as the starting point and tweak text to use Kerberos as evidence. Question from Josh: On HoK single sign-on profile there is a reference to federal e-auth guideline SP 800-63 http://www.oasis-open.org/committees/download.php/29904/NIST-800-63-LOA- 4-Letter-v2.pdf Suggested to come back to this issue later. Request that Pdf be made on documents by two members. MOTION: To move Kerberos subject confirmation method AND Kerberos attribute profile to CD. Moved by Thomas, second Nate.) Rob requests pdf but does not object. MOTION PASSED ACTION ITEM: (Josh and Thomas) prepare CD versions in the three formats (f) Expressing Identity Assurance profile for SAML2.0 (LOA) [Bob Morgan] - AI: Produce CD version of Identity Assurance profile and update the wiki. NTR (g) Delegation Condition Extension Profile (Scott) - AI: Produce CD version of Condition for Delegation Restriction. Report on motion to create an electronic ballot, Hal made the request on Friday for CD to go to CS vote. ACTION ITEM: Hal will check on progress. (h) Port the SSTC Work Summary to the wiki [Hal] Hal will supplement the wiki. (i) Investigate and report on CARML. [Hal] Hal investigated bringing Liberty specifications (CARML and WSF-DST) can be donated by a Liberty board approval. Attribute management profile will be pursued independently ITEM CLOSED (j) Produce CS version of Text-based Challenge/Response profile [Anil] NTR (k) Increasing the frequency of SSTC meetings (eg. to 2-weekly). Beginning in two weeks, return to two week schedule. ACTION ITEM: Anil to set up meeting schedule 5. New work items: 6. Assorted threads on saml-dev/comment list - SAML Attribute Management protocol discussion. - Metadata/IOP/Kerberos/Front channel binding discussion. New discussion item-NSN Attribute Management protocol and Name Identity proposal. Discussion on proposal Ben: The e-mail discussion leans to re-use; comparison CARML (more features) v NSN (simple schemes). Considering adding passing policy as done by CARML; considering addition to NSN. The need for SP to validate is a good use case. Prateek: Supports work on attribute profile. Communicating updates back to an authority makes this CARML functionality a natural extension to SAML. There is a gap and this fills it. Scott: concern implementations would fragment because of open speciation. Feels like overlap here and ID-WSF (DST) from Liberty - not clear why we can't use that. Hal: ID-WSF (DST) is heavy-weight; Scott thinks lack of detailed description will cause fragmentation, especially with delegation. SAML Name Identifier Proposal Christian: Discussion on list resulted in unresolved issues in moving forward. Scott: Does not believe this can be done with our exchanging the roles in the process. From protocol point of view needs to be an assertion to be secure. Ben: Danger in policy used to handle name ID request may cause problems RE authN request. New item- Kerberos front channel bindings Discussion No comments, suggest review next week. Next meeting in two weeks. ------------------------------------------
SSTC Conference Call Minutes 20 OCT 2009 with roll.doc
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]