[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Proposed Agenda for SSTC Call on 5 October2010
On 10/05/2010 12:19 PM, Scott Cantor wrote: >> AGENDA: >> >> 1. Roll Call& Agenda Review. > George Fletcher AOL* Group Member > John Bradley Individual Group Member > Scott Cantor Internet2 Group Member > Nathan Klingenstein Internet2 Group Member > Bob Morgan Internet2 Group Member > Thomas Hardjono M.I.T. Group Member > Thinh Nguyenphu Nokia Siemens Networks GmbH& Co. KG Group Member > Phil Hunt Oracle Corporation Group Member > Ari Kermaier Oracle Corporation Group Member > Hal Lockhart Oracle Corporation Group Member > Emily Xu Oracle Corporation Group Member > Federico Rossini Telecom Italia S.p.a. Group Member Quorum: 10 out of 16 voting members (62%) Achieved. Status: Phil Hunt regains voting rights. >> 2. Need a volunteer to take minutes. > Scott volunteers. > >> 3. Approval of minutes from last meetings: >> >> Minutes from SSTC Call on 21 Sept 2010: >> >> http://www.oasis- >> open.org/apps/org/workgroup/security/email/archives/201009/msg00051.html > Deferred, no attendance available. > >> 4. AIs& progress update on current work-items: >> >> (a) Current electronic ballots: None. > Request for CS of LOA spec is in, no ballot yet. > >> (c) SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0 as a CS >> - Status: CS created and published. >> >> (d) SAML V2.0 Holder-of-Key Assertion Profile Version 1.0 >> - Status: CS created and published. > Nate updated the wiki to reflect the latest versions. Will remove from > agenda. > >> (e) Kerberos related items. [Josh/Thomas] >> - Kerberos Attribute Profile: >> - AI: Josh/Thomas will suggest additions to Attribute Profile. > No updates, hopefully next week. Still working on the IETF side. > >> (f) SAML V2.0 Identity Assurance Profiles, Version 1.0 >> - Status: 15-day review closed on 10 Sept. >> - Update: CS-Ballot was requested to Mary (Fri 1 Oct) > Ballot requested. > >> (g) SAML V2.0 Metadata Profile for Algorithm Support Version 1.0: >> - Status: now in 60-day public review. (Closes 13 October) >> - Any updates? >> >> (h) Service Provider Request Initiation Protocol and Profile Version 1.0 >> - Status: now in 60-day public review. (Closes 13 October) >> - Any updates? > No comments as of yet. Should be covered by old TC process, so may be able > to skip review for (g) despite needing some fixes to examples. > >> (i) NSN Attribute Management proposal (Thinh/Phil) - any updates? > New draft 03 posted. > Thinh: focused on cleaning up SSO profile material in both SP and IdP > initiated cases (sec 4.1). Clarified use of the request/response messages > and required/optional content. > > Also clarified assumptions in section 2.3. Some schema changes > or protocol material in this draft. > > Still need work done on the back-channel flows. > > Scott asked about the underlying use case for the SSO integration. An error > in the text on page 17 was noted, where it mentions an AuthnRequest and > should talk about an unsolicited response. Phil attempted to outline some > uses for signaling ahead of SSO. One that seemed mutually understandable was > to signal whether a full set of "initial" data would be needed by indicating > in the response from the IdP whether the user was already "known". > > Phil notes that the ModifySubject flows cover the reverse flow where an SP > pushes data back into an IdP, not just the IdP->SP direction. > > Phil also explained the need for a stronger notion of RetireSubject over and > above the defederation idea. > > More discussion on possible use cases for combining NewSubject with SSO also > took place. There was definitely interest in use case discussion to help > people understand the business scenarios. > >> (j) SOA-TEL Token Correlation Profile (Federico/TI) - any updates? > Federico still looking for a way to manipulate assertion content without > breaking the signature. He proposed a way to do this using XPath filtering > transforms, but Scott noted this is not allowed by SAML. Federico believes > this limitation is a problem for various use cases, but at the moment thinks > he can't solve his problem as a result. > >> (k) Channel binding proposal -- Scott. > No updates. > >> (l) Metadata extension for Login/Discovery -- Scott. > Shibboleth project is working on code for this, the Kantara ULX group has > been reviewing the work but has a broader mandate. Still some open issues > around relationship of new extensions to older metadata elements. > >> (m) Profile for Mandatory Credentials -- Federico. > Will be discussed on future call. > >> 5. Assorted mail items: >> - Enhancements to SAML for attribute assurance. > No discussion other than on list. > >> 6. Other items: >> - Any news from Oasis conference and IIW > No discussion. > >> 7. Next Call: Tuesday 19 October 2010.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]