Re: [security-services] Minutes SSTC Conference Call (9 March 2010)

[Anil Saldhana <Anil.Saldhana@redhat.com>]

On 03/23/2010 11:32 AM, Anil Saldhana wrote:
>
> On 03/23/2010 11:03 AM, ARI KERMAIER wrote:
>> Minutes from the last meeting, roll-call missing.
>> Regards,
>> Ari
>>
>>> -----Original Message-----
>>> From: Thomas Hardjono [mailto:hardjono@MIT.EDU]
>>> Sent: Monday, March 08, 2010 1:22 PM
>>> To: OASIS SSTC
>>> Cc: Harold Lockhart
>>> Subject: [security-services] Proposed Agenda SSTC Conference Call (9
>>> March 2010)
>>>
>>>
>>>
>>>
>>> Folks,
>>>
>>> Let us know if there are any corrections or changes
>>> needed for the Agenda.
>>>
>>> Note: Thomas will not be on the call due to a meeting clash, but Hal
>>> will be present.
>>>
>>>
>>> Hal+Thomas
>>> -----------------
>>>
>>> _______________________________________________________
>>>
>>> Proposed Agenda SSTC Conference Call
>>> Tuesday 9 March 2010, 12:00pm ET
>>>
>>> Dial in info: +1 408-774-4073
>>> Conference code: 4480739
>>> Password: 72657265 (SAMLSAML)
>>>
>>>
>>> 1. Roll Call&  Agenda Review
>> No quorum.
>>
> Voting Members:
> Scott Cantor  Internet2
> Bob Morgan Internet2
> Tom Scavo NCSA
> Frederick Hirsch Nokia Corporation
> Thinh Nguyenphu NSN
> Ari Kermaier Oracle Corporation
> Hal Lockhart Oracle Corporation
> Emily Xu Sun Microsystems
>
> Members:
> Anthony Nadalin Microsoft Corporation
> Phil Hunt Oracle Corporation
> Anil Saldhana Red Hat
>
> Quorum:  Not Achieved:  9 out of 19 (47%)
> Status: Paul Madsen and Nate Klingenstein lose voting rights
>
>>> 2. Need a volunteer to take minutes
>> Ari (was) volunteered.
>>
>>> 3. Approval of minutes from last meeting (23 Feb, 2010):
>> Skipped due to lack of quorum.
>>
>>> http://www.oasis-
>>> open.org/apps/org/workgroup/security/email/archives/201003/msg00006.htm
>>> l
>>>
>>> NB. Minor typo ("ICAM" vs "ICANN").
>>>
>>>
>>> 4. AIs&  progress update on current work-items:
>>>
>>>    (a) Current electronic ballots: None open
>> No update.
>>
>> .
>>>    (b) Status/notes regarding past ballots: (none)
>> No update.
>>
>>>    (c) SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0 as a
>>> CS
>>>             SAML V2.0 Holder-of-Key Assertion Profile Version 1.0
>>>          - Status: Mary asked chairs to send 1 email per request to TC-
>>> Admin
>>>          - AI: Thomas will resend to Mary, 1 email per request for all
>>> documents. (TBD Thomas)
>> Ballot passed. Issue Tracker: TC-Admin 52
>> No official notification from TC-Admin, though.
>> Who should create the CS version -- TP-Admin?
>>
>>>    (d) Kerberos related items. [Josh/Thomas]
>>>          - Attribute Profile and the Subject Confirm Method docs are in
>>> 60-day review.
>>>          - Kerberos Web Browser SSO Profile:
>>>                - Want to move to CD, but waiting for reformatting of 
>>> doc
>>>          - AI: Thomas/Josh to reformat to CD format before resubmitting
>>> request.
>> No update.
>>
>>>    (e) Expressing Identity Assurance profile for SAML2.0 (LOA)
>>>          - Bob has done all corrections Mary asked for.
>>>          - Status: Mary asked chairs to send 1 email per request to TC-
>>> Admin
>>>          - AI: Thomas will resend to Mary, 1 email per request for all
>>> documents. (TBD Thomas)
>> Issue Tracker: TC-Admin 75
>> Scott reports having sent requested info to Mary, but status not 
>> updated.
>>
>>>    (f) CS version of Text-based Challenge/Response profile.
>>>          - Status: Mary asked chairs to send 1 email per request to TC-
>>> Admin
>>>          - AI: Thomas will resend to Mary, 1 email per request for all
>>> documents. (TBD Thomas)
>> No update, but no open AI in SSTC.
>>
>>>    (g) Errata doc:
>>>         - Scott working on publishing updated "Approved Standard with
>>> Approved Errata".
>> Getting document published at URL is still outstanding. Scott still 
>> doesn't have closure on whether he or RC-Admin will do the edits for 
>> the CS version.
>>
>>>    (h) NSN Attribute Update proposal (Thinh)
>> Phil Hunt (Oracle) posted an alternate proposal that covers similar 
>> use cases. Basically the same as last Fall's proposal, with the 
>> addition of full subject lifecycle management (Add, Modify), and 
>> Replace in the Modify operation.
>> Scott asks: Is this a back-channel or front-channel protocol?
>> Answer: Intended as back-channel, but could be profiled as 
>> front-channel.
>> Scott: Don't you need to have subject authentication to add a 
>> subject? Sounds like something to be careful about.
>> Phil: Maybe need additional spec for authn/delegation.
>> Scott: Does Modify Subject include NameID modification? Isn't that 
>> already covered by Manage NameID protocol?
>> Discussion/observations about proposals for authentication, SP 
>> credentialing, policy, IDP semantics, etc.
>> Hal calls for TC to review the new proposal.
>>
>>>    (i) Metadata Interop profile (Scott) - update
>> Scott suggested incorporating Josh's Kerberos-related profiles into a 
>> revision of the current profile. Scott rev'ed the document to v2.0, 
>> merged in the material, reworked the conformance section. Also made 
>> some modifications to respond to objections from other communities 
>> (ICAM, et al). Posted March 1. Still has some cleanup and schema work 
>> to do. Also wants to pull in XML-DSIG 1.1 KeyInfo, but timelines may 
>> not work out if we want to progress the document to CS sooner.
>>
>>      (j) Scott has a new profile draft, just uploaded, that he'll 
>> describe briefly on the
>> call to solicit comment. 
>> http://wiki.oasis-open.org/security/RequestInitProtProf
>> Scott: Proposal to standardize a Shibboleth mechanism for how to ask 
>> a provider to initiate SSO (SP or IDP initiated). Particularly useful 
>> for SPs supporting multiple protocols. Not SAML(2)-specific, designed 
>> to work across multiple protocols, including InfoCard. Composable 
>> with the Discovery Protocol.
>>
>>>
>>> 5. New work items: none.
>>>
>>>
>>> 6. Assorted threads on saml-dev/comment list:
>>>      - SAML assertion profile in OAuth 2.0 (Paul M.)
>> Sunil mentions that SAML is not strongly referenced in the OAuth 
>> spec. Bob mentions that they might be removing that reference.
>>>      -  Project Moonshot (Josh)
>>>            - IETF draft and planned BOF at IETF77
>> Scott: There are various conversations and proposals going on about 
>> where SAML fits into this. Try to attend the Bar BOF at IETF77.
>>
>>>
>>> 7. Next Call: Tuesday 23 March, 2010.
>>>      New dial-in number (MIT webex number): Thomas to post on separate
>>> email.