OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [security-services] Proposed Agenda for SSTC Call on 5 October2010


  On 10/05/2010 12:19 PM, Scott Cantor wrote:
>> AGENDA:
>>
>> 1. Roll Call&  Agenda Review.
> George Fletcher	 AOL*	 Group Member	
> John Bradley	 Individual	 Group Member	
> Scott Cantor	 Internet2	 Group Member	
> Nathan Klingenstein	 Internet2	 Group Member	
> Bob Morgan	 Internet2	 Group Member	
> Thomas Hardjono	 M.I.T.	 Group Member	
> Thinh Nguyenphu	 Nokia Siemens Networks GmbH&  Co. KG	 Group Member	
> Phil Hunt	 Oracle Corporation	 Group Member	
> Ari Kermaier	 Oracle Corporation	 Group Member	
> Hal Lockhart	 Oracle Corporation	 Group Member	
> Emily Xu	 Oracle Corporation	 Group Member	
> Federico Rossini	 Telecom Italia S.p.a.	 Group Member	
Quorum: 10 out of 16 voting members (62%) Achieved.
Status: Phil Hunt regains voting rights.
>> 2. Need a volunteer to take minutes.
> Scott volunteers.
>
>> 3. Approval of minutes from last meetings:
>>
>> Minutes from SSTC Call on 21 Sept 2010:
>>
>> http://www.oasis-
>> open.org/apps/org/workgroup/security/email/archives/201009/msg00051.html
> Deferred, no attendance available.
>
>> 4. AIs&  progress update on current work-items:
>>
>>    (a) Current electronic ballots: None.
> Request for CS of LOA spec is in, no ballot yet.
>
>>    (c) SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0 as a CS
>>        - Status: CS created and published.
>>
>>    (d) SAML V2.0 Holder-of-Key Assertion Profile Version 1.0
>>        - Status: CS created and published.
> Nate updated the wiki to reflect the latest versions. Will remove from
> agenda.
>
>>    (e) Kerberos related items. [Josh/Thomas]
>>        - Kerberos Attribute Profile:
>>        - AI: Josh/Thomas will suggest additions to Attribute Profile.
> No updates, hopefully next week. Still working on the IETF side.
>
>>    (f) SAML V2.0 Identity Assurance Profiles, Version 1.0
>>        - Status: 15-day review closed on 10 Sept.
>>        - Update: CS-Ballot was requested to Mary (Fri 1 Oct)
> Ballot requested.
>
>>    (g) SAML V2.0 Metadata Profile for Algorithm Support Version 1.0:
>>        - Status: now in 60-day public review. (Closes 13 October)
>>        - Any updates?
>>
>>    (h) Service Provider Request Initiation Protocol and Profile Version 1.0
>>        - Status: now in 60-day public review. (Closes 13 October)
>>        - Any updates?
> No comments as of yet. Should be covered by old TC process, so may be able
> to skip review for (g) despite needing some fixes to examples.
>
>>    (i) NSN Attribute Management proposal (Thinh/Phil) - any updates?
> New draft 03 posted.
> Thinh: focused on cleaning up SSO profile material in both SP and IdP
> initiated cases (sec 4.1). Clarified use of the request/response messages
> and required/optional content.
>
> Also clarified assumptions in section 2.3. Some schema changes
> or protocol material in this draft.
>
> Still need work done on the back-channel flows.
>
> Scott asked about the underlying use case for the SSO integration. An error
> in the text on page 17 was noted, where it mentions an AuthnRequest and
> should talk about an unsolicited response. Phil attempted to outline some
> uses for signaling ahead of SSO. One that seemed mutually understandable was
> to signal whether a full set of "initial" data would be needed by indicating
> in the response from the IdP whether the user was already "known".
>
> Phil notes that the ModifySubject flows cover the reverse flow where an SP
> pushes data back into an IdP, not just the IdP->SP direction.
>
> Phil also explained the need for a stronger notion of RetireSubject over and
> above the defederation idea.
>
> More discussion on possible use cases for combining NewSubject with SSO also
> took place. There was definitely interest in use case discussion to help
> people understand the business scenarios.
>
>>    (j) SOA-TEL Token Correlation Profile  (Federico/TI) - any updates?
> Federico still looking for a way to manipulate assertion content without
> breaking the signature. He proposed a way to do this using XPath filtering
> transforms, but Scott noted this is not allowed by SAML. Federico believes
> this limitation is a problem for various use cases, but at the moment thinks
> he can't solve his problem as a result.
>
>>    (k) Channel binding proposal -- Scott.
> No updates.
>
>>    (l) Metadata extension for Login/Discovery -- Scott.
> Shibboleth project is working on code for this, the Kantara ULX group has
> been reviewing the work but has a broader mandate. Still some open issues
> around relationship of new extensions to older metadata elements.
>
>>    (m) Profile for Mandatory Credentials -- Federico.
> Will be discussed on future call.
>
>> 5. Assorted mail items:
>>    - Enhancements to SAML for attribute assurance.
> No discussion other than on list.
>
>> 6. Other items:
>>    - Any news from Oasis conference and IIW
> No discussion.
>
>> 7. Next Call: Tuesday 19 October 2010.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]