[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Submission of SAML & XACML updates to ITU: questions
Hal The material was presented to the ITU The ITU sent an LS asking for material to be submitted back to them in an effort to synch as much as possible between the 2 versions. Regards Abbie -----Original Message----- From: Harold Lockhart [mailto:hal.lockhart@oracle.com] Sent: December-17-09 11:43 AM To: James Bryce Clark; security-services; xacml@lists.oasis-open.org Cc: hardjono; laurent.liscia; mary.mcrae; abbie barbir; bill@parducci.net Subject: RE: [security-services] Submission of SAML & XACML updates to ITU: questions Jamie, As the result of Abbie's (persistent) urging last summer, I developed reports of both SAML and XACML addressing this issue. The reports were posted to the archives of the respective TCs in September. http://www.oasis-open.org/committees/download.php/34319/XACML%20Status%20for %20ITU-T.ppt http://www.oasis-open.org/committees/download.php/34320/SAML%20Status%20for% 20ITU-T.ppt A copy was also provided to Abbie for presentation to ITU-T. The last slide of each presentation predicts what material will be appropriate for submission to ITU-T by an unspecified date in the Spring of 2010. As far as I can see the predictions I made are still correct. In summary: ----- XACML Only the XSPA profile has reached OS status and in my opinion is likely to due so by this Spring. We are working on a batch of 8 documents which I hope will reach CS status by around the end of January, but there are no immediate prospects of getting 3 attestations of use for any of them, much less the whole set. I would like very much to process approved Errata for XACML and submit it to ITU-T, however for historical reasons a substantial amount of editing work is required to create a document in the form required by the OASIS process and I have neither found the time to do it myself or a volunteer to take it on. ----- SAML: Metadata Profile for SAML 1.x, Metadata Extension for SAML V2.0 and V1.x Query Requesters, and XSPA Profile have all reached OS and should be submitted to ITU-T. We have some other documents which are at CS, but are awaiting attestations of use. I have no reason to believe we will get any in the next month or two. The SS TC has processed Errata several times. The latest cumulative Errata was just approved recently and should be submitted to ITU-T. It will not be the last one issued by the SS TC, but it represents the currently approved corrections. ----- I have never received a firm cutoff date for the materials or any other information back from the ITU-T. I don't know if my reports were presented to ITU-T or whether there are any questions or other feedback to the TCs. Let me know if I can further assist in this effort. Hal -----Original Message----- From: James Bryce Clark [mailto:jamie.clark@oasis-open.org] Sent: Wednesday, December 16, 2009 1:20 PM To: security-services Cc: hardjono; Harold Lockhart; laurent.liscia; mary.mcrae Subject: [security-services] Submission of SAML updates to ITU: questions Summary: We must pass on some estimates to ITU about likely availability of updated SAML related/profile material. See questions (a) & (b) below. As you know, SAML v2 was submitted to and approved by ITU-T in 2006 as ITU Recommendation X.1141. (See http://lists.oasis-open.org/archives/security-services/200605/msg00000.html) This included all elements then part of the 2005 OASIS Standard. ITU-T's Study Group 17 on Security, the host panel for the 2006 submission who now has reorganized for its next multi-year study period, formally has asked us to submit relevant updates of SAML, for similar transposition. OASIS' Liaison Policy (http://www.oasis-open.org/committees/liaison_policy.php#submitwork) suggests that we consult with the TC about this. As you probably know, generally we send only artifacts approved under the TC Process at the "OASIS Standard" and "Approved Errata" levels up to the global de-jure SSOs. Currently, I am aware of a number of SAML items which may be the basis for a submission to ITU, but have not yet reached those approval levels: 1. Errata to SAML core v2, Oct 2009. See http://docs.oasis-open.org/security/saml/v2.0/sstc-saml-approved-errata-2.0. pdf (Was this given OASIS "Approved Errata" status under the TC Process?) 2. Subject Based Profiles for SAML v1.1 assertions from June 2008, see http://lists.oasis-open.org/archives/tc-announce/200806/msg00009.html 3. SAMLv2.0 HTTP POST "SimpleSign" Binding from Dec 2008, see http://lists.oasis-open.org/archives/tc-announce/200812/msg00003.html 4. The Mar 2009 set of SAML v2 profiles, see http://lists.oasis-open.org/archives/tc-announce/200903/msg00006.html (Includes Holder-of-Key Web Browser SSO Profile, Attribute Extensions, Condition for Delegation Restriction, Holder-of-Key Assertion Profile, Metadata Extension for Entity Attributes & Metadata Interoperability Profile.) (Other related work is not mentioned here becauea it is hosted by other TCs: the SAML Profile of XACML by the XACML TC, and the XSPA profiles by the XSPA TC.) In responding to ITU, we would like to: (a) explain whether the recent v2 errata are at a level that ought to be Approved Errata (and thus automatically sent to ITU), or why not, and if so, propose a schedule; and (b) offer a comment on the likelihood of the post-2005 SAML profiles and ancillary material, and any other contemplated maintenance activity, being rolled up into a submission. Giving the ITU panel a reasonable view into our plans and timing, based on the TC's expected progress, is a necessary part of our interorganizational collaboration. When and if we make formal submissions, they can be done at the request of the TC, under Section 1(d) of our Liaison Policy, by a Special Majority Vote of the TC. Alternatively, if we have committed to ITU to send future major versions (as often is requested, and I believe we did in the 2006 submission), Section 5(b) of the Liaison Policy also permits the OASIS executive to direct the submission, subject to appeal. Errata also are subject to a special expedited rule, once finalized. For now, though, our need is to compose an answer to the two questions (a) and (b) above, with the help of this TC's experts. Feedback welcome on this list or individually. Thanks for your attention and happy holidays. ~ James Bryce Clark ~ General Counsel, OASIS ~ http://www.oasis-open.org/who/staff.php#clark --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php No virus found in this incoming message. Checked by AVG - www.avg.com Version: 9.0.716 / Virus Database: 270.14.111/2569 - Release Date: 12/17/09 03:30:00
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]