[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Re: Proposed Agenda SSTC Conference Call(Tue 6 April 2010)
On 04/06/2010 12:12 PM, Anil Saldhana wrote: > On 04/06/2010 11:43 AM, Nate Klingenstein wrote: >>> 1. Roll Call & Agenda Review. >> > Voting Members: > John Bradley Individual > Scott Cantor Internet2 > Thomas Hardjono M.I.T. > Anthony Nadalin Microsoft Corporation > Frederick Hirsch Nokia Corporation* > Hal Lockhart Oracle Corporation > Anil Saldhana Red Hat > > Members: > Joshua Howlett Individual > Paul Madsen NTT Corporation* > Nathan Klingenstein Internet2 > > Quorum: 7 out of 15 voting members (46%) > Status: Nate obtained voting rights. (sorry, Nate did not gain voting > rights after March 23rd call). Paul Madsen also became a voting member. > >> Quorum was not achieved, and the agenda was held to be fine. Item 7 >> was omitted, as a new co-chair was already selected. >> >>> 2. Need a volunteer to take minutes. >> >> Nate volunteered to take the minutes. >> >>> 3. Approval of minutes from last meetings: >>> >>> Minutes from SSTC Call on 9 March 2010: >>> http://www.oasis-open.org/apps/org/workgroup/security/email/archives/201003/msg00037.html >>> >>> >>> Minutes from SSTC Call on 23 March 2010: >>> http://www.oasis-open.org/apps/org/workgroup/security/email/archives/201004/msg00005.html >>> >> >> As these minutes were sent to the list late, Anil had to compile a >> list of attendees. However, this call failed to reach quorum anyway, >> so this was deferred. Intensive minute approval will occur on the 20 >> April call. >> >>> 4. AIs & progress update on current work-items: >> >> Thomas has heard no responses from Mary in response to any of the >> profiles awaiting her actions, including no responses to the >> voice-mail that he left. Other working groups have had public review >> periods initiated on documents recently and received recent private >> emails from Mary, so the reasons for this delay on the below items >> from the SSTC are unclear. Thomas will call her again. >> >> Thomas also suggested it might be appropriate to communicate concerns >> about the pipeline problems to OASIS administration in hopes that >> additional resources could be allocated if necessary. Outside >> groups, such as the US Government's ICAM work, and the Kantara >> Initiative, intend to rely on the documents currently in the >> pipeline, increasing the urgency of this appeal. Frederick offered >> to make mention of this later. >> >>> (a) Current electronic ballots: None open. >>> >>> (b) Status/notes regarding past ballots: (none) >>> >>> (c) SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0 as >>> a CS >>> - Status: Thomas has formally asked Mary for new Ballot. (3/11th) >>> - Status: Still awaiting Mary. >>> >>> (d) SAML V2.0 Holder-of-Key Assertion Profile Version 1.0 >>> - Status: Thomas has formally asked Mary for an >>> Announcement-email for success of ballot. (3/11th) >>> - Status: Still awaiting Mary. >>> >>> (e) Kerberos related items. [Josh/Thomas] >>> - Kerberos Web Browser SSO Profile: >>> - Want to move to CD, but waiting for reformatting of doc >>> - AI: Thomas to prepare CD doc and send to Mary to start >>> 60-day review. >> >> The profile has been voted to public review, but Thomas has not yet >> prepared the document in formal OASIS livery and submitted it to Mary. >> >>> (f) Expressing Identity Assurance profile for SAML2.0 (LOA) >>> - Status: Thomas has formally asked Mary for new Ballot. (3/11th) >>> - Status: Left voicemail for Mary last week. No response yet. >>> >>> (g) Older docs: Thomas has formally asked Mary to post these 4 docs >>> (3/11th) >>> (I) Protocol Extension for Third-Party Requests (CS-01) >>> (II) Protocol Extension for Requested Authentication Context >>> (CS-01) >>> (III) Shared Credentials Authentication Context Extension and >>> Related Classes (CS-01) >>> (IV) Text-based Challenge/Response (CS-01) >>> >>> >>> (h) Errata doc: >>> - Scott working on publishing updated "Approved Standard with >>> Approved Errata". >>> - AI: Scott to go ahead and prepare the doc. Files uploaded >>> 4/4/2010. >> >> Scott looked at the TC process to see if there were any procedural >> requirements for approved errata finalization, but he couldn't find >> any requirements, so he put together his best effort. The name >> contains an -02, as it's the second iteration of the approved errata >> document for the spec. Some documents that refer to the errata may >> utilize the link in Kavi, which is also persistent, rather than >> pointing at the Doctree. >> >> SECURITY-6 in the JIRA instance is an issue that came up in the >> Kantara profiling work. There have been many requests regarding >> making IdP's respond better to SP's with SAML status errors, rather >> than holding up the user at the IdP. There is questionable language >> in the specs that is somewhat mutually contradictory, and Scott wants >> to clean up the language with a little more guidance for implementers >> to encourage developers to get the user back to the SP. This would >> better reflect the intent of the original specification. >> >> Bob Sunday had some wording that Scott softened in order to make sure >> it didn't introduce new normative requirements. Unless there are any >> objections to that text, Scott will consider the errata accepted, and >> it will make its way into the next errata working draft. >> >> http://tools.oasis-open.org/issues/browse/SECURITY-6?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel >> >> >>> (i) NSN Attribute Update proposal (Thinh) - update >> >> Thinh was not present on the call, nor was any other representative >> from Nokia-Siemens. >> >>> (j) Metadata Interop profile (Scott) - update >> >> Scott is fairly satisfied with the material right now, but he's >> waiting response from the U.S. Government's ICAM to see if they have >> any other questions or concerns about the profile as worded. >> >>> (k) SSO initiation draft (Scott) - files uploaded 4/4/2010. >> >> Scott wanted to take this draft to Committee Draft, but as quorum was >> not reached on this call, he was content to leave it as a working >> draft for now. There is no hurry on the finalization of this >> profile, as there are many more pressing issues before the TC at >> present. >> >>> 5. New work items: none. >> >> Oracle may have some new work items to submit before the next SAML call. >> >>> 6. Assorted threads on saml-dev/comment list: >>> - OAUTH related. >> >> OAuth 2.0, currently wending its way through the IETF, will likely >> have a standardized binding for SAML tokens, on request by Google, >> Microsoft, Salesforce.com, and IBM. As the SAML token format is >> finalized, there is probably little need for the input of the SSTC on >> this. However, the SSTC stands ready to communicate and participate >> if the need arises. >> >> http://www.ietf.org/mail-archive/web/oauth/current/msg01439.html >> http://www.ietf.org/mail-archive/web/oauth/current/msg01546.html >> >>> 8. Next Call: Tuesday 20 April, 2010. Note SOA-TEL presentation. >>> Plan: 12noon to 12:45pm SOA-TEL presentation >>> 12:45pm to 1:30pm SSTC business. >> >> Any SSTC members who are not interested in the presentation are >> welcome to join the call at 12:45 PM to enjoy only standard SSTC fare.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]