OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Draft minutes, SSTC teleconference on 19 October 2010


Minutes - SSTC Conference Call, Tuesday 19 October 2010, 12:00pm ET
Minutes taken by Frederick Hirsch

AGENDA:

1. Roll Call & Agenda Review.

2. Need a volunteer to take minutes.

Frederick Hirsch volunteered to take minutes.

3. Approval of minutes from last meetings:

- Minutes from SSTC Call on 21 Sept 2010:

http://www.oasis-open.org/apps/org/workgroup/security/email/archives/201010/msg00011.html

- Minutes from SSTC Call on 5 October 2010:

http://www.oasis-open.org/apps/org/workgroup/security/email/archives/201010/msg00012.html

RESOLUTION: Minutes from both 21 Sept 2010 and 5 Oct 2010 approved 

Approved unanimously (Scott moved, Anil seconded)

4. AIs & progress update on current work-items:

 (a) Current electronic ballots: None.

 (b) Status/notes regarding past ballots: None.

 (c) Kerberos related items. [Josh/Thomas]
     - Kerberos Attribute Profile: 
     - AI: Josh/Thomas will suggest additions to Attribute Profile.

No discussion

 (d) SAML V2.0 Identity Assurance Profiles, Version 1.0
     - Status: 15-day review closed on 10 Sept.
     - Update: CS-Ballot was requested to Mary (Fri 1 Oct).
     - Status:  waiting for ballot to be created.

ACTION:  Thomas to ping Mary regarding creation of ballots.

  (e) SAML V2.0 Metadata Profile for Algorithm Support Version 1.0:
     - Status: now in 60-day public review. (Closed 13 October)
     - Any updates?

Review completed, no comments other than mail from Scott Cantor. Minor mistake in example and missing lax element within wildcard. Scott Cantor will provide updated document that will need to have CD vote and subsequent review.

Question regarding need for updated template, given changes in OASIS TC Process.

 (f) Service Provider Request Initiation Protocol and Profile Version 1.0
     - Status: now in 60-day public review. (Closed 13 October)
     - Any updates?

Scott Cantor reports that no comments received, no changes made.

Scott Cantor notes that there were no normative changes made.

RESOLUTION:  Service Provider Request Initiation Protocol and Profile Version 1.0 approved by TC for Committee Specification ballot vote, vote be initiated

No objections, motion passed unanimously. (Moved by Scott Cantor,  seconded by Hal Lockhart).

 (g) NSN Attribute Management proposal (Thinh/Phil) - any updates?

Phil gave update, revising document, with some significant updates. Revision 4 should be complete draft.  Removing options to minimize need for negotiation. Incorporating feedback from TC to clarify value of profile for single sign on profile, value of additional context.  Profiles may work out as a single profile with some options. Asks about issues with NameID request. No issues reported. Expect to have draft in two weeks, and probably present at IIW to get further input (2-4 Nov).

 (h) Channel binding proposal -- Scott.

Pre-committee specification draft. Will update using new OASIS form to register and get template. Not sure form will support all editing formats used by TCs. Apparently expectation is every process stage transition will involve OASIS Staff  and form submission. Hope OASIS Staff is able to respond in timely manner.  WIll also do this for (i) and (j).

The document itself is unchanged and in use in ECP document.

 (i) Metadata extension for Login/Discovery -- Scott.

No changes to report, working on new template.

 (j) Enhanced Client or Proxy Profile - Scott.

New draft for all apart from holder of key which needs to be added, channel bindings addition included.  Some changes to presentation and explanations from earlier version. WIll explain tweaks once document more complete, incorporation of errata and information on extensions. Scott plans to solicit feedback on channel bindings from IETF members. Expect to have an update in a few weeks.

5. Mandatory Credentials Profile (Frederico)

Additional credentials might be required in certain use cases. Authenticate to application that subsequently uses web service that also requires authentication and authorization. Frederico provided proposal on list regarding details of change to SOA-TEL Token Correlation Profile. Scott Cantor suggested using SAML Attributes to convey additional credentials rather than defining a new element while noting that conveying credentials in general is not optimal since there is no control over impersonation. The Kerberos profile is a good example of using SAML Attributes for this purpose. Defining a new statement type is not a good alternative. 

Frederico will review the advice and Scott will send pointers to profiles that convey credentials using attributes.

6. Assorted mail items:
 - Enhancements to SAML for attribute assurance.

Scott notes new process for registering name of document and requesting template. Scott will forward link to TC handbook and summary of revised lifecycle to the TC list. There will be a webinar Wed morning on the topic.

6. Other items:

David Staggs provided update on HL7 meeting.  CCal extension has been approved to allow use of SAML. David thanked the TC for its help.


7. Next SSTC Call: Tuesday 2 November 2010. New numbers for dial in will be distributed, access codes may have changed.

Meeting Adjourned.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]