[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Re: Proposed Agenda SSTC Conference Call(Tue 6 April 2010)
On 04/06/2010 11:43 AM, Nate Klingenstein wrote: >> 1. Roll Call & Agenda Review. > Voting Members: John Bradley Individual Scott Cantor Internet2 Thomas Hardjono M.I.T. Anthony Nadalin Microsoft Corporation Frederick Hirsch Nokia Corporation* Hal Lockhart Oracle Corporation Anil Saldhana Red Hat Members: Joshua Howlett Individual Paul Madsen NTT Corporation* Nathan Klingenstein Internet2 Quorum: 7 out of 15 voting members (46%) Status: Nate obtained voting rights. (sorry, Nate did not gain voting rights after March 23rd call). > Quorum was not achieved, and the agenda was held to be fine. Item 7 > was omitted, as a new co-chair was already selected. > >> 2. Need a volunteer to take minutes. > > Nate volunteered to take the minutes. > >> 3. Approval of minutes from last meetings: >> >> Minutes from SSTC Call on 9 March 2010: >> http://www.oasis-open.org/apps/org/workgroup/security/email/archives/201003/msg00037.html >> >> >> Minutes from SSTC Call on 23 March 2010: >> http://www.oasis-open.org/apps/org/workgroup/security/email/archives/201004/msg00005.html >> > > As these minutes were sent to the list late, Anil had to compile a > list of attendees. However, this call failed to reach quorum anyway, > so this was deferred. Intensive minute approval will occur on the 20 > April call. > >> 4. AIs & progress update on current work-items: > > Thomas has heard no responses from Mary in response to any of the > profiles awaiting her actions, including no responses to the > voice-mail that he left. Other working groups have had public review > periods initiated on documents recently and received recent private > emails from Mary, so the reasons for this delay on the below items > from the SSTC are unclear. Thomas will call her again. > > Thomas also suggested it might be appropriate to communicate concerns > about the pipeline problems to OASIS administration in hopes that > additional resources could be allocated if necessary. Outside groups, > such as the US Government's ICAM work, and the Kantara Initiative, > intend to rely on the documents currently in the pipeline, increasing > the urgency of this appeal. Frederick offered to make mention of this > later. > >> (a) Current electronic ballots: None open. >> >> (b) Status/notes regarding past ballots: (none) >> >> (c) SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0 as a CS >> - Status: Thomas has formally asked Mary for new Ballot. (3/11th) >> - Status: Still awaiting Mary. >> >> (d) SAML V2.0 Holder-of-Key Assertion Profile Version 1.0 >> - Status: Thomas has formally asked Mary for an >> Announcement-email for success of ballot. (3/11th) >> - Status: Still awaiting Mary. >> >> (e) Kerberos related items. [Josh/Thomas] >> - Kerberos Web Browser SSO Profile: >> - Want to move to CD, but waiting for reformatting of doc >> - AI: Thomas to prepare CD doc and send to Mary to start >> 60-day review. > > The profile has been voted to public review, but Thomas has not yet > prepared the document in formal OASIS livery and submitted it to Mary. > >> (f) Expressing Identity Assurance profile for SAML2.0 (LOA) >> - Status: Thomas has formally asked Mary for new Ballot. (3/11th) >> - Status: Left voicemail for Mary last week. No response yet. >> >> (g) Older docs: Thomas has formally asked Mary to post these 4 docs >> (3/11th) >> (I) Protocol Extension for Third-Party Requests (CS-01) >> (II) Protocol Extension for Requested Authentication Context >> (CS-01) >> (III) Shared Credentials Authentication Context Extension and >> Related Classes (CS-01) >> (IV) Text-based Challenge/Response (CS-01) >> >> >> (h) Errata doc: >> - Scott working on publishing updated "Approved Standard with >> Approved Errata". >> - AI: Scott to go ahead and prepare the doc. Files uploaded >> 4/4/2010. > > Scott looked at the TC process to see if there were any procedural > requirements for approved errata finalization, but he couldn't find > any requirements, so he put together his best effort. The name > contains an -02, as it's the second iteration of the approved errata > document for the spec. Some documents that refer to the errata may > utilize the link in Kavi, which is also persistent, rather than > pointing at the Doctree. > > SECURITY-6 in the JIRA instance is an issue that came up in the > Kantara profiling work. There have been many requests regarding > making IdP's respond better to SP's with SAML status errors, rather > than holding up the user at the IdP. There is questionable language > in the specs that is somewhat mutually contradictory, and Scott wants > to clean up the language with a little more guidance for implementers > to encourage developers to get the user back to the SP. This would > better reflect the intent of the original specification. > > Bob Sunday had some wording that Scott softened in order to make sure > it didn't introduce new normative requirements. Unless there are any > objections to that text, Scott will consider the errata accepted, and > it will make its way into the next errata working draft. > > http://tools.oasis-open.org/issues/browse/SECURITY-6?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel > > >> (i) NSN Attribute Update proposal (Thinh) - update > > Thinh was not present on the call, nor was any other representative > from Nokia-Siemens. > >> (j) Metadata Interop profile (Scott) - update > > Scott is fairly satisfied with the material right now, but he's > waiting response from the U.S. Government's ICAM to see if they have > any other questions or concerns about the profile as worded. > >> (k) SSO initiation draft (Scott) - files uploaded 4/4/2010. > > Scott wanted to take this draft to Committee Draft, but as quorum was > not reached on this call, he was content to leave it as a working > draft for now. There is no hurry on the finalization of this profile, > as there are many more pressing issues before the TC at present. > >> 5. New work items: none. > > Oracle may have some new work items to submit before the next SAML call. > >> 6. Assorted threads on saml-dev/comment list: >> - OAUTH related. > > OAuth 2.0, currently wending its way through the IETF, will likely > have a standardized binding for SAML tokens, on request by Google, > Microsoft, Salesforce.com, and IBM. As the SAML token format is > finalized, there is probably little need for the input of the SSTC on > this. However, the SSTC stands ready to communicate and participate > if the need arises. > > http://www.ietf.org/mail-archive/web/oauth/current/msg01439.html > http://www.ietf.org/mail-archive/web/oauth/current/msg01546.html > >> 8. Next Call: Tuesday 20 April, 2010. Note SOA-TEL presentation. >> Plan: 12noon to 12:45pm SOA-TEL presentation >> 12:45pm to 1:30pm SSTC business. > > Any SSTC members who are not interested in the presentation are > welcome to join the call at 12:45 PM to enjoy only standard SSTC fare.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]