[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] draft minutes for SSTC conf call 7 Sep 2010
On 09/20/2010 12:28 PM, RL 'Bob' Morgan wrote: > > I never got attendance info from anyone, but here are meeting minutes. > > - RL "Bob" > > --- > > SSTC Conference Call > Tuesday 7 Sept 2010, 12:00pm ET > > > AGENDA: > > 1. Roll Call & Agenda Review. Voting Members: Rob Philpott EMC Corporation John Bradley Individual Scott Cantor Internet2 Nathan Klingenstein Internet2 Thomas Hardjono M.I.T. Anthony Nadalin Microsoft Corporation Frederick Hirsch Nokia Corporation Thinh Nguyenphu Nokia Siemens Networks GmbH & Co. KG Ari Kermaier Oracle Corporation Hal Lockhart Oracle Corporation Emily Xu Oracle Corporation Anil Saldhana Red Hat David Staggs Veterans Health Administration Members: Bob Morgan Internet2 Federico Rossini Telecom Italia S.p.a. Quorum: 13 out of 17 Voting Members (76%). Achieved. Status: Phil Hunt (Oracle) lost voting rights. Bob Morgan regains voting rights. > > 2. Need a volunteer to take minutes. > > ** Your humble scribe: RL "Bob" Morgan > > 3. Approval of minutes from last meetings: > > Minutes from SSTC Call on 24 August 2010: > > http://www.oasis-open.org/apps/org/workgroup/security/email/archives/201008/msg00061.html > > > ** motion to approve from Nate, second JohnB, no objections. > > > 4. AIs & progress update on current work-items: > > (a) Current electronic ballots: None. > > (b) Status/notes regarding past ballots: None. > > (c) SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0 as a CS > - Status: Thomas has asked Mary for CS edition to be > created and published. (2 Sept) > > (d) SAML V2.0 Holder-of-Key Assertion Profile Version 1.0 > - Status: Thomas has asked Mary for CS edition to be > created and published. (2 Sept) > > ** AI: Nate will update wiki to reflect current state of these > documents. > > (e) Kerberos related items. [Josh/Thomas] > - Kerberos Attribute Profile: > - AI: Josh/Thomas will suggest additions to Attribute Profile. > > Item still outstanding to deal with reference to Internet Draft document, > this is still TBD. > > (f) SAML V2.0 Identity Assurance Profiles, Version 1.0 > - Status: Now in 15-day review. (Closes 10 Sept) > > (g) SAML V2.0 Metadata Profile for Algorithm Support Version 1.0: > - Status: now in 60-day public review. (Closes 13 October) > - Any updates? > > (h) Service Provider Request Initiation Protocol and Profile Version > 1.0 > - Status: now in 60-day public review. (Closes 13 October) > - Any updates? > > No comments observed so far. Scott says there are errors in examples in > one of the docs, he will fix. > > (i) NSN Attribute Management proposal (Thinh/Phil) - any updates? > > Discussion: > Thinh: [explains telephony use case] > Scott: still don't understand use case from security point of view, > seems to compromise security of SSO > Thinh: what if IdP doesn't want to give federated ID to SP? > Scott: then it's an error, or use some other ID as an attr or nameID > doesn't seem like there's a unique requirement here > raised before as "SP lite" scenario, ie no state maintained at SP > GeorgeF: SP doesn't want federated ID, but why? > Thinh: could be just a limitation of SP, an old architecture > [more discussion of use case ...] > GeorgeF: seems like NameIdentifier Management Protocol covers this case > Scott: though this still doesn't remove mapping burden from SP > Ari: if the SP is really proxying IdP, this case could apply ... > Ari: could SP send persistent opaque nameID in request? > Scott: sure, not typically done, but OK > this is more about changing what IdP implementations do than creating > new protocol > GeorgeF: as an IdP implementor, this would be a change ... > Scott: could be possible use for AllowCreate flag in request ... > [more discussion ...] > Thinh: will look at these suggestions, will modify draft with Phil > > (j) SOA-TEL Token Correlation Profile (Federico/TI) - any updates? > > Federico: new version uploaded today, with several modifications > and a use case in appendix to better motivate profile > also contains some embedded questions ... > Thomas: let's discuss new version on next call > Scott: seems like this is just delegation, handled by existing protocol > so no new feature needed > this is the delegation-condition specification, which includes > motivating cases > Federico: some constraints in the stated case ... > Scott: end result is the same, if it's going to be secure > Federico: can we discuss on list? > Scott: sure > > 5. New work items: > - Project Moonshot (potential new work item) > > Josh not on call to discuss > > 6. Next Call: Tuesday 14 September, 2010. > > ** Actually 21 September, not 14.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]