Re: [security-services] Minutes SSTC Telecon (22 March 2011)

[Anil Saldhana <Anil.Saldhana@redhat.com>]

On 03/22/2011 12:23 PM, Anil Saldhana wrote:
> On 03/22/2011 11:59 AM, Frederick.Hirsch@nokia.com wrote:
>> Minutes  SSTC Conference Call
>> Tuesday 22 March, 2011, 12:00pm ET
>> Minutes taken by Frederick Hirsch
>>
>> AGENDA:
>>
>> 1. Roll Call&  Agenda Review.
> Voting Members:
> Nathan Klingenstein     Internet2
> Chad La Joie     Internet2
> Thomas Hardjono     M.I.T.
> Frederick Hirsch     Nokia Corporation
> Thinh Nguyenphu     Nokia Siemens Networks GmbH & Co. KG
> Ari Kermaier     Oracle Corporation
> Hal Lockhart     Oracle Corporation
> Emily Xu     Oracle Corporation
> Anil Saldhana     Red Hat
> David Staggs     Veterans Health Administration
>
> Members:
> Bob Morgan     Internet2
> Anthony Nadalin     Microsoft Corporation
> Duane DeCouteau     Veterans Health Administration
>
> Observers:
> Franz-Stefan Preiss IBM
>> Quorum achieved. (10 off 14 voting members. 71%)
Status Changes:  Gained Voting Status: Bob Morgan
                             Lost Voting Status:  Phil Hunt and Rob Philpott
>>
>> Additional agenda item, k, for Attribute Predicate profile added to 
>> agenda.
>>
>> 2. Need a volunteer to take minutes.
>>
>> Frederick Hirsch volunteered to take minutes.
>>
>> 3. Approval of minutes from last meetings:
>>
>> - Minutes from SSTC Call on 8 March 2011:
>>
>> http://lists.oasis-open.org/archives/security-services/201103/msg00020.html 
>>
>>
>> MOTION: Anil moves to approve minutes from 8 March, Bob seconds
>> Minutes from 8 March 2011 approved unanimously .
>>
>> 4. AIs&  progress update on current work-items:
>>
>>   (a) Current electronic ballots: None.
>>
>>   (b) Status/notes regarding past ballots: (none).
>>
>>   (c) Kerberos Attribute Profile: [Josh/Thomas]
>>       - Status: Request submitted for 15-day Public Review.
>>       - Status: Currently in 15-day review (closing 27 March 2011).
>>
>>   (d) Session Token Profile (Hal)
>>       - Status: CSD Published.
>>       - NB: Robin had some notes about XML schema and Ack section.
>>
>> http://lists.oasis-open.org/archives/security-services/201103/msg00012.html 
>>
>> http://www.oasis-open.org/apps/org/workgroup/security/email/archives/201103/msg00012.html 
>>
>>
>> Contributors list needed to be added, schema needed slash added.
>> Request submitted by Hal to Jira for public review, pending, no 
>> response given to indicate that public review won't start this week.
>>
>>
>>   (e) Change Notify Protocol Version 1.0 (Thinh/Phil)
>>       - Status: CSD Published.
>>       - Status: Thinh/Phil submitted for 30-Day PR request.
>>       - Status: Thomas has emailed Robin asking about 30-Day PR.
>>
>> http://tools.oasis-open.org/issues/browse/TCADMIN-338
>>
>> Submitted but no status visible, email sent to Robin. Not visible in 
>> Jira.
>>
>> Thinh/Phil not on call.
>>
>>   (f) Channel binding proposal (Scott)
>>       - Status: awaiting other items in other groups.
>>       - Any updates?
>>
>> No status update.
>>
>>   (g) Metadata extension for Login/Discovery (Scott)
>>       - Status:  CSD published.
>>       - Any updates?
>>
>> No status update.
>>
>>    (h) Enhanced Client or Proxy Profile (Scott)
>>       - Status: WD02 uploaded last week.
>>       - Status: work waiting for items in IETF Kitten WG.
>>       - Any updates?
>>
>> No status update.
>>
>>   (i) Metadata Extensions for Documentation/Registration (Chad)
>>       - Status: WD04 uploaded 18 March 2011.
>>       - AI: Chad to request CSD Publication.
>>
>> Request submitted, fix to schema to add minOccurs 0 , uploaded WD 5 
>> to fix schema problem.
>>
>> http://www.oasis-open.org/apps/org/workgroup/security/download.php/41541/saml-metadata-rpi-v1.0-wd05.pdf 
>>
>>
>> MOTION: Nate moves to approve CD WSD05 for CSD, Anil seconds.
>> Motion approved unanimously.
>>
>> ODT version is document number 41539.
>> http://www.oasis-open.org/apps/org/workgroup/security/download.php/41539/saml-metadata-rpi-v1.0-wd05.odt 
>>
>>
>>   (j) Errata document (Scott):
>>
>>       - SECURITY-7: wish to address usage of term "psudeorandom"
>>         o http://tools.oasis-open.org/issues/browse/SECURITY-7
>>         o Any updates?
>>
>> MOTION: Hal moves to accept this change as an approved errata for 
>> further processing, Chad seconds.
>> Motion approved unanimously.
>>
>> (k) Attribute Predicate Profile (added to agenda)
>>
>> Franz-Stefan Preiss introduced Attribute Predicate Profile.
>>
>> IBM working in privacy, wish to have support for predicate over 
>> attributes as opposed to simply concrete values. Draft profile 
>> produced for SAML assertions, also query format.
>> Canonical example of restricting age for access to chat room. This 
>> enables new privacy-protecting functionality.
>>
>> see 
>> http://www.oasis-open.org/apps/org/workgroup/security/email/archives/201103/msg00022.html
>>
>> Profile builds on XACML to express predicates, the XACML apply 
>> element to apply function to arguments. This enables arbitrary 
>> complex predicates over any number of arguments.
>>
>> Added new statement type, AttributePredicateStatementType.
>>
>> No changes to SAML standards, normal extension points used, hence a 
>> profile. Question as to whether this should be standardized in SSTC - 
>> TC members note that a profile like this can be standardized in SSTC. 
>> It might make sense to split SSTC and XACML portions for separate 
>> approval in the respective TCs - whether this should be done needs 
>> review.  The TC discussed whether or not to reduce the number of 
>> predicates allowed.
>>
>> This submission should be uploaded into the SSTC document archive.
>>
>> Request for review and discussion on next call.
>>
>> 5. Assorted mail items:
>>
>> reminders, NIST IDtrust 2011,  IETF next week.
>>
>> 6. Other items:
>>
>> None
>>
>> 7. Next SSTC Call:
>>    - Tue 5 April 2011.
>>
>> Adjourn