[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Updated/corrected Minutes from October 20th 2009 SSTC Call
Folks, One of the AIs for the Chairs was to correct the minutes from the SSTC Call on Oct 20th. Thus, for simplicity I have inserted text from Tom's email seeking clarification for one of the motions (relating to "Designated Cross-Reference Changes"). There is no change to the motion itself, nor to the actions coming out of the motion. I've inserted the whole text as it provides some useful background information. Hope this is ok. cheers, /thomas/ -----Original Message----- From: Anil Saldhana [mailto:Anil.Saldhana@redhat.com] Sent: Thursday, October 29, 2009 1:17 PM To: OASIS SSTC Subject: Re: [security-services] Proposed Agenda SSTC Conference Call (October 20, 2009) -----New Message Follows----- SSTC Conference Call Minutes October 20th, 2009, 12:00pm ET 1. Roll Call & Agenda Review Voting Members: Rob Philpott EMC Corporation John Bradley Individual Scott Cantor Internet2 Nathan Klingenstein Internet2 Thomas Hardjono M.I.T. Frederick Hirsch Nokia Corporation Paul Madsen NTT Corporation Ari Kermaier Oracle Corporation Hal Lockhart Oracle Corporation Anil Saldhana Red Hat David Staggs Veterans Health Administration Members: Kyle Meadors Drummond Group Inc. Joshua Howlett Individual Peter Davis Neustar, Inc. Christian Guenther Nokia Siemens Networks GmbH & Co. KG Thinh Nguyenphu Nokia Siemens Networks GmbH & Co. KG Prateek Mishra Oracle Corporation Emily Xu Sun Microsystems George Fletcher AOL Quorum: Achieved: 11 out of 17 voting members (64%) Status: Kyle, Emily, Christian, Thinh become voting members. Status Changes: Richard Frank (IBM) lost voting status 2. Need a volunteer to take minutes Staggs appointed. 3. Approval of minutes from last meeting (Sept 22, 2009): http://www.oasis-open.org/apps/org/workgroup/security/email/archives/200 909/msg00040.html Minutes approved. 4. AIs & progress update on current work-items: (a) Current electronic ballots: none (b) Status/notes regarding past ballots: (i) XSPA: - Spec has been submitted to OASIS for approval as Full Standard. Voting open, all encouraged to vote. This is the last opportunity to vote before the next meeting. (ii) SAML V2.0 Attribute Extensions Version 1.0 Keeping at CS, until attestations gathered. SAML V2.0 Metadata Extension for Entity Attributes Version 1.0 Keeping at CS, until attestations gathered. SAML V2.0 Metadata Interoperability Profile Version 1.0 Keeping at CS, until attestations gathered. Scott suggested looking at activity in Kantara for implementation examples. - Wiki's have been updated - Formal attestations regarding implementations being sought by Scott. (iii) SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0 as a CS SAML V2.0 Holder-of-Key Assertion Profile Version 1.0 - Due to errata when transitioning from CD to CS status, these two docs need to move back to CD status. Nate states changes submitted reverted work to working draft MOTION Nate moves to move WD to CD. second (Tomas) MOTION PASSED Discussion: Changes determined non-substantive MOTION Motion to request a ballot for special vote to make SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0 into committee specification (CS) AND that changes are non-substantive AND that schema and XML examples are valid. Moved by Nate Second by Tomas MOTION PASSED ACTION ITEM: Nate will produced CD in three forms. ACTION ITEM: Nate will also we cross refence HoK assertion profile and Browser profile. ACTION ITEM: chair to submit the request. Scott- need cross referencing (see section 2.19) ______Added on 11/13/2009: _________________ I wasn't on the last call so I'm simply looking for a clarification with respect to the above motions. I don't see mention of "Designated Cross-Reference Changes" in the motion to take the CD to CS although I do see that Scott referenced the appropriate section in the TC process doc: http://www.oasis-open.org/committees/process-2008-06-19.php#crossRefs For the record, the two references that are to be taken as "Designated Cross-References" are references [HoKSSO-XSD] and [SAML2HoKAP] in specification "SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0" as noted in this diff that takes draft-13 to cd-03: http://www.oasis-open.org/committees/download.php/34964/sstc-saml-holder -of-key-browser-sso-cd-03-diff.pdf When the CD is taken to CS (by tc-admin) we want to be sure these two references are updated, so we want to follow section 2.19 in the TC process carefully. As far as I know, this is the first time the SSTC has encountered this issue, so I'm documenting it here and asking that it be included in the minutes. Thanks, Tom _________________________________________ - AI: Create new Working Drafts of the HoK Profiles [Tom] (c) 15-Day review of sstc-saml-approved-errata-2.0-draft-49 [Hal] Discussion: Scott adds a new item concerning errata. Scott states our process of voting on each errata separately the to append to (an unapproved) errata draft was not required and that a quicker way would be to produce a WD of errata and approved errata items, then voting approved errata draft as a CD (and constitute approval of all errata therein. However, there are three errata that deserve discussion in approved errata draft 51 E81: RSA SHA 1 signing not a specification requirement, just any algorithm designed for use to sign XML is OK (no objections) E82: co-constraints in metadata (empty elements) prose correction to include at least one (no objections) E83: Wording change from experience in Liberty interop - serializing assertions related to exclusive canonicalization, reworded to specify that is not a requirement . (no objections) MOTION To adopt sstc-saml-approved-errata-2.0-draft-51 as CD Rob moves, Scott seconded MOTION PASSED Motion To request chairs create 15 day public review of CD of above errata draft (includes E81, 82, 83) for 15day public review AND that changes were not substantive AND any XML therein are well-formed. Scott moved Tom seconded MOTION PASSED ACTION ITEM: Scott will make CD. ACTION ITEM: Hal to request 15 day review. Scott had another errata item (procedural issue) from PE 80 concerning the mime type registrations RE affiliation description and relationship to our specification. Need someone with IETF experience requested. ARI suggests moving to a reference. ACTION ITEM: Hal to check with Mary on the removal of the (non-normative) appendix that includes the mime types. ACTION ITEM: Scott will consult with Bob Morgan. (d) Progress on getting Jira instance for SSTC [Scott] Scott: Nothing to report (NTR). (e) Kerberos related items (Josh): - Kerberos Web browser SSO profile Josh: Kerberos web single signon profile (analogous to HoK profile) First draft is on the TC discussion list, request for opinions on using HoK web single sign-on as the starting point and tweak text to use Kerberos as evidence. Question from Josh: On HoK single sign-on profile there is a reference to federal e-auth guideline SP 800-63 http://www.oasis-open.org/committees/download.php/29904/NIST-800-63-LOA- 4-Letter-v2.pdf Suggested to come back to this issue later. Request that Pdf be made on documents by two members. MOTION: To move Kerberos subject confirmation method AND Kerberos attribute profile to CD. Moved by Thomas, second Nate.) Rob requests pdf but does not object. MOTION PASSED ACTION ITEM: (Josh and Thomas) prepare CD versions in the three formats (f) Expressing Identity Assurance profile for SAML2.0 (LOA) [Bob Morgan] - AI: Produce CD version of Identity Assurance profile and update the wiki. NTR (g) Delegation Condition Extension Profile (Scott) - AI: Produce CD version of Condition for Delegation Restriction. Report on motion to create an electronic ballot, Hal made the request on Friday for CD to go to CS vote. ACTION ITEM: Hal will check on progress. (h) Port the SSTC Work Summary to the wiki [Hal] Hal will supplement the wiki. (i) Investigate and report on CARML. [Hal] Hal investigated bringing Liberty specifications (CARML and WSF-DST) can be donated by a Liberty board approval. Attribute management profile will be pursued independently ITEM CLOSED (j) Produce CS version of Text-based Challenge/Response profile [Anil] NTR (k) Increasing the frequency of SSTC meetings (eg. to 2-weekly). Beginning in two weeks, return to two week schedule. ACTION ITEM: Anil to set up meeting schedule 5. New work items: 6. Assorted threads on saml-dev/comment list - SAML Attribute Management protocol discussion. - Metadata/IOP/Kerberos/Front channel binding discussion. New discussion item-NSN Attribute Management protocol and Name Identity proposal. Discussion on proposal Ben: The e-mail discussion leans to re-use; comparison CARML (more features) v NSN (simple schemes). Considering adding passing policy as done by CARML; considering addition to NSN. The need for SP to validate is a good use case. Prateek: Supports work on attribute profile. Communicating updates back to an authority makes this CARML functionality a natural extension to SAML. There is a gap and this fills it. Scott: concern implementations would fragment because of open speciation. Feels like overlap here and ID-WSF (DST) from Liberty - not clear why we can't use that. Hal: ID-WSF (DST) is heavy-weight; Scott thinks lack of detailed description will cause fragmentation, especially with delegation. SAML Name Identifier Proposal Christian: Discussion on list resulted in unresolved issues in moving forward. Scott: Does not believe this can be done with our exchanging the roles in the process. From protocol point of view needs to be an assertion to be secure. Ben: Danger in policy used to handle name ID request may cause problems RE authN request. New item- Kerberos front channel bindings Discussion No comments, suggest review next week. Next meeting in two weeks. ------------------------------------------
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]