[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Submission of SAML updates to ITU: questions
Summary: We must pass on some estimates to ITU about likely availability of updated SAML related/profile material. See questions (a) & (b) below. As you know, SAML v2 was submitted to and approved by ITU-T in 2006 as ITU Recommendation X.1141. (See http://lists.oasis-open.org/archives/security-services/200605/msg00000.html) This included all elements then part of the 2005 OASIS Standard. ITU-T's Study Group 17 on Security, the host panel for the 2006 submission who now has reorganized for its next multi-year study period, formally has asked us to submit relevant updates of SAML, for similar transposition. OASIS' Liaison Policy (http://www.oasis-open.org/committees/liaison_policy.php#submitwork) suggests that we consult with the TC about this. As you probably know, generally we send only artifacts approved under the TC Process at the "OASIS Standard" and "Approved Errata" levels up to the global de-jure SSOs. Currently, I am aware of a number of SAML items which may be the basis for a submission to ITU, but have not yet reached those approval levels: 1. Errata to SAML core v2, Oct 2009. See http://docs.oasis-open.org/security/saml/v2.0/sstc-saml-approved-errata-2.0.pdf (Was this given OASIS "Approved Errata" status under the TC Process?) 2. Subject Based Profiles for SAML v1.1 assertions from June 2008, see http://lists.oasis-open.org/archives/tc-announce/200806/msg00009.html 3. SAMLv2.0 HTTP POST "SimpleSign" Binding from Dec 2008, see http://lists.oasis-open.org/archives/tc-announce/200812/msg00003.html 4. The Mar 2009 set of SAML v2 profiles, see http://lists.oasis-open.org/archives/tc-announce/200903/msg00006.html (Includes Holder-of-Key Web Browser SSO Profile, Attribute Extensions, Condition for Delegation Restriction, Holder-of-Key Assertion Profile, Metadata Extension for Entity Attributes & Metadata Interoperability Profile.) (Other related work is not mentioned here becauea it is hosted by other TCs: the SAML Profile of XACML by the XACML TC, and the XSPA profiles by the XSPA TC.) In responding to ITU, we would like to: (a) explain whether the recent v2 errata are at a level that ought to be Approved Errata (and thus automatically sent to ITU), or why not, and if so, propose a schedule; and (b) offer a comment on the likelihood of the post-2005 SAML profiles and ancillary material, and any other contemplated maintenance activity, being rolled up into a submission. Giving the ITU panel a reasonable view into our plans and timing, based on the TC's expected progress, is a necessary part of our interorganizational collaboration. When and if we make formal submissions, they can be done at the request of the TC, under Section 1(d) of our Liaison Policy, by a Special Majority Vote of the TC. Alternatively, if we have committed to ITU to send future major versions (as often is requested, and I believe we did in the 2006 submission), Section 5(b) of the Liaison Policy also permits the OASIS executive to direct the submission, subject to appeal. Errata also are subject to a special expedited rule, once finalized. For now, though, our need is to compose an answer to the two questions (a) and (b) above, with the help of this TC's experts. Feedback welcome on this list or individually. Thanks for your attention and happy holidays. ~ James Bryce Clark ~ General Counsel, OASIS ~ http://www.oasis-open.org/who/staff.php#clark
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]