[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Updated/corrected Minutes from October 20th 2009 SSTC Call
Folks,
One of the AIs for the Chairs was to correct the minutes from the SSTC Call on Oct 20th.
Thus, for simplicity I have inserted text from Tom's email seeking clarification for
one of the motions (relating to "Designated Cross-Reference Changes").
There is no change to the motion itself, nor to the actions coming out of the motion.
I've inserted the whole text as it provides some useful background information.
Hope this is ok.
cheers,
/thomas/
-----Original Message-----
From: Anil Saldhana [mailto:Anil.Saldhana@redhat.com]
Sent: Thursday, October 29, 2009 1:17 PM
To: OASIS SSTC
Subject: Re: [security-services] Proposed Agenda SSTC Conference Call
(October 20, 2009)
-----New Message Follows-----
SSTC Conference Call Minutes
October 20th, 2009, 12:00pm ET
1. Roll Call & Agenda Review
Voting Members:
Rob Philpott EMC Corporation
John Bradley Individual
Scott Cantor Internet2
Nathan Klingenstein Internet2
Thomas Hardjono M.I.T.
Frederick Hirsch Nokia Corporation
Paul Madsen NTT Corporation
Ari Kermaier Oracle Corporation
Hal Lockhart Oracle Corporation
Anil Saldhana Red Hat
David Staggs Veterans Health Administration
Members:
Kyle Meadors Drummond Group Inc.
Joshua Howlett Individual
Peter Davis Neustar, Inc.
Christian Guenther Nokia Siemens Networks GmbH & Co. KG
Thinh Nguyenphu Nokia Siemens Networks GmbH & Co. KG
Prateek Mishra Oracle Corporation
Emily Xu Sun Microsystems
George Fletcher AOL
Quorum: Achieved: 11 out of 17 voting members (64%)
Status: Kyle, Emily, Christian, Thinh become voting members.
Status Changes:
Richard Frank (IBM) lost voting status
2. Need a volunteer to take minutes
Staggs appointed.
3. Approval of minutes from last meeting (Sept 22, 2009):
http://www.oasis-open.org/apps/org/workgroup/security/email/archives/200
909/msg00040.html
Minutes approved.
4. AIs & progress update on current work-items:
(a) Current electronic ballots: none
(b) Status/notes regarding past ballots:
(i) XSPA:
- Spec has been submitted to OASIS for approval as Full
Standard.
Voting open, all encouraged to vote. This is the last opportunity to
vote before the next meeting.
(ii) SAML V2.0 Attribute Extensions Version 1.0
Keeping at CS, until attestations gathered.
SAML V2.0 Metadata Extension for Entity Attributes Version
1.0
Keeping at CS, until attestations gathered.
SAML V2.0 Metadata Interoperability Profile Version 1.0
Keeping at CS, until attestations gathered.
Scott suggested looking at activity in Kantara for implementation
examples.
- Wiki's have been updated
- Formal attestations regarding implementations being sought
by Scott.
(iii) SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0
as a CS
SAML V2.0 Holder-of-Key Assertion Profile Version 1.0
- Due to errata when transitioning from CD to CS status,
these two docs need to move back to CD status.
Nate states changes submitted reverted work to working draft
MOTION
Nate moves to move WD to CD. second (Tomas)
MOTION PASSED
Discussion: Changes determined non-substantive
MOTION
Motion to request a ballot for special vote to make SAML V2.0
Holder-of-Key Web Browser SSO Profile Version 1.0 into committee
specification (CS) AND
that changes are non-substantive AND that schema and XML examples are
valid.
Moved by Nate Second by Tomas
MOTION PASSED
ACTION ITEM: Nate will produced CD in three forms.
ACTION ITEM: Nate will also we cross refence HoK assertion profile and
Browser profile.
ACTION ITEM: chair to submit the request.
Scott- need cross referencing (see section 2.19)
______Added on 11/13/2009: _________________
I wasn't on the last call so I'm simply looking for a clarification with
respect to the above motions. I don't see mention of "Designated
Cross-Reference Changes" in the motion to take the CD to CS although I
do see that Scott referenced the appropriate section in the TC process
doc:
http://www.oasis-open.org/committees/process-2008-06-19.php#crossRefs
For the record, the two references that are to be taken as "Designated
Cross-References" are references [HoKSSO-XSD] and [SAML2HoKAP] in
specification "SAML V2.0 Holder-of-Key Web Browser SSO Profile Version
1.0" as noted in this diff that takes draft-13 to cd-03:
http://www.oasis-open.org/committees/download.php/34964/sstc-saml-holder
-of-key-browser-sso-cd-03-diff.pdf
When the CD is taken to CS (by tc-admin) we want to be sure these two
references are updated, so we want to follow section 2.19 in the TC
process carefully. As far as I know, this is the first time the SSTC has
encountered this issue, so I'm documenting it here and asking that it be
included in the minutes.
Thanks,
Tom
_________________________________________
- AI: Create new Working Drafts of the HoK Profiles [Tom]
(c) 15-Day review of sstc-saml-approved-errata-2.0-draft-49 [Hal]
Discussion: Scott adds a new item concerning errata. Scott states our
process of voting on each errata separately the to append to (an
unapproved) errata draft was not required and that a quicker way would
be to produce a WD of errata and approved errata items, then voting
approved errata draft as a CD (and constitute approval of all errata
therein. However, there are three errata that deserve discussion in
approved errata draft 51
E81: RSA SHA 1 signing not a specification requirement, just any
algorithm designed for use to sign XML is OK (no objections)
E82: co-constraints in metadata (empty elements) prose correction to
include at least one (no objections)
E83: Wording change from experience in Liberty interop - serializing
assertions related to exclusive canonicalization, reworded to specify
that is not a requirement . (no objections)
MOTION
To adopt sstc-saml-approved-errata-2.0-draft-51 as CD
Rob moves, Scott seconded
MOTION PASSED
Motion
To request chairs create 15 day public review of CD of above errata
draft (includes E81, 82, 83) for 15day public review AND that changes
were not substantive AND any XML therein are well-formed.
Scott moved Tom seconded
MOTION PASSED
ACTION ITEM: Scott will make CD.
ACTION ITEM: Hal to request 15 day review.
Scott had another errata item (procedural issue) from PE 80 concerning
the mime type registrations RE affiliation description and relationship
to our specification. Need someone with IETF experience requested. ARI
suggests moving to a reference.
ACTION ITEM: Hal to check with Mary on the removal of the
(non-normative) appendix that includes the mime types.
ACTION ITEM: Scott will consult with Bob Morgan.
(d) Progress on getting Jira instance for SSTC [Scott]
Scott: Nothing to report (NTR).
(e) Kerberos related items (Josh):
- Kerberos Web browser SSO profile
Josh: Kerberos web single signon profile (analogous to HoK profile)
First draft is on the TC discussion list, request for opinions on using
HoK web single sign-on as the starting point and tweak text to use
Kerberos as evidence.
Question from Josh: On HoK single sign-on profile there is a reference
to federal e-auth guideline SP 800-63
http://www.oasis-open.org/committees/download.php/29904/NIST-800-63-LOA-
4-Letter-v2.pdf
Suggested to come back to this issue later.
Request that Pdf be made on documents by two members.
MOTION:
To move Kerberos subject confirmation method AND Kerberos attribute
profile to CD.
Moved by Thomas, second Nate.)
Rob requests pdf but does not object.
MOTION PASSED
ACTION ITEM: (Josh and Thomas) prepare CD versions in the three formats
(f) Expressing Identity Assurance profile for SAML2.0 (LOA) [Bob
Morgan]
- AI: Produce CD version of Identity Assurance profile and update
the wiki.
NTR
(g) Delegation Condition Extension Profile (Scott)
- AI: Produce CD version of Condition for Delegation Restriction.
Report on motion to create an electronic ballot, Hal made the request on
Friday for CD to go to CS vote.
ACTION ITEM: Hal will check on progress.
(h) Port the SSTC Work Summary to the wiki [Hal]
Hal will supplement the wiki.
(i) Investigate and report on CARML. [Hal]
Hal investigated bringing Liberty specifications (CARML and WSF-DST) can
be donated by a Liberty board approval. Attribute management profile
will be pursued independently
ITEM CLOSED
(j) Produce CS version of Text-based Challenge/Response profile [Anil]
NTR
(k) Increasing the frequency of SSTC meetings (eg. to 2-weekly).
Beginning in two weeks, return to two week schedule.
ACTION ITEM: Anil to set up meeting schedule
5. New work items:
6. Assorted threads on saml-dev/comment list
- SAML Attribute Management protocol discussion.
- Metadata/IOP/Kerberos/Front channel binding discussion.
New discussion item-NSN Attribute Management protocol and Name Identity
proposal.
Discussion on proposal
Ben: The e-mail discussion leans to re-use; comparison CARML (more
features) v NSN (simple schemes). Considering adding passing policy as
done by CARML; considering addition to NSN. The need for SP to validate
is a good use case.
Prateek: Supports work on attribute profile. Communicating updates back
to an authority makes this CARML functionality a natural extension to
SAML. There is a gap and this fills it.
Scott: concern implementations would fragment because of open
speciation. Feels like overlap here and ID-WSF (DST) from Liberty - not
clear why we can't use that.
Hal: ID-WSF (DST) is heavy-weight; Scott thinks lack of detailed
description will cause fragmentation, especially with delegation.
SAML Name Identifier Proposal
Christian: Discussion on list resulted in unresolved issues in moving
forward.
Scott: Does not believe this can be done with our exchanging the roles
in the process. From protocol point of view needs to be an assertion to
be secure.
Ben: Danger in policy used to handle name ID request may cause problems
RE authN request.
New item- Kerberos front channel bindings
Discussion
No comments, suggest review next week.
Next meeting in two weeks.
------------------------------------------
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]