Quorum was achieved with all voting members in attendance.
2. Need a volunteer to take minutes.
Nate volunteered to take the minutes.
Scott moved to approve the minutes and Nate seconded. No
objections were raised.
As quorum was not achieved on these calls, there are no
minutes to approve. These notes were, however, adopted by the
SSTC.
The public review closed on the day of the call. Only one
comment was received, but he feels he cannot ignore it. It's
technically not in scope, but there is a new RFC for HTTP
cookies. It looks like a big improvement to him, but a change
is that the HttpOnly attribute has been standardized. There
will probably be another revision that changes all normative
references from the old RFC to the new RFC and the comment
about HttpOnly being non-standard will be removed.
After that, another CSD will be created and another 15 day
review period will be triggered.
(d) Attribute Predicate Profile (Gregory/Franz-Stefan)
- Status: WD01 uploaded May 16.
- AI: Uploaded WD03.
- Any updates?
No major updates have been made to the attribute predicate
profile. WD03 was uploaded a month ago and no comments have
been received from the SSTC on the calls or on the list.
Franz-Stefan moved to proceed WD03 of the attribute
predicate profile to CSD01, and he also wants to request a 30
day public review. Nate seconded, and there were no
objections.
(e) Kerberos profiles: [Josh/Thomas]
- Status: CS Ballots created for the 3 Kerberos docs
- Status: Will resubmit ballot in August (after
vacation season).
Josh and Thomas would like to resubmit these profiles for
approval after the prior ballots failed to gain enough votes
to get approval. New ballots need to be created for each of
the documents.
Hal moved to ask TC-Admin to do a new CS ballot for all
three following Kerberos documents. Scott seconded.
Neither Thinh nor Phil was available for the call.
However, this request is still sitting in the TC-Admin Queue,
for reasons that are not clear. Hal investigated the status
of -534 and the corresponding CSD request -528 and found no
progress in two weeks, so Thomas will investigate the current
status with TC-Admin.
(g) Channel binding proposal (Scott)
- Status: awaiting other items in other groups.
- Any updates?
No updates.
(h) Enhanced Client or Proxy Profile (Scott)
- Status: WD02 uploaded last week.
- Status: work waiting for items in IETF Kitten WG.
- Any updates?
No updates.
(i) Metadata Extensions for Documentation/Registration
(Chad)
- Status: WD07 uploaded June 23rd.
- AI: Chad asks SSTC for
(a) vote for WD07 to become CSD02, and
(b) public review (15-day PR).
- Status: will request TC when TC achieves quorum.
Chad officially moved to vote for WD07 to become CSD02 and
to request a public review. Scott seconded the request, and
there were no objections.
Chad will verify that a zip file containing all the
relevant files has been uploaded and he will submit the
request.
Scott is ready to get PE-12 adopted, following a final
revision on June 29. This was in response to feedback from
the paper authors, and the consensus is that PE-12 is
basically done. He wants to move for PE-12 to be added to the
draft errata document when it is next prepared. Hal seconded,
with no objections, and the motion passed.
It's been awhile since an errata has been filed, but Scott
wants to file another errata soon as regards XML signature
wrapping attacks on SAML implementations. He doesn't have a
great idea about what to put in the documents because the
flaws are generally implementation flaws rather than
specification flaws, but there's at least one concrete errata
that he wants to move on: blocking use of the Object element
should be recommended.
Scott hopes to prepare this errata within the next call or
two. January or February is when these researchers want to go
fully public, but some implementations were vulnerable and
already have patches already released.
(k) Metadata Extensions for Login and Discovery User
(MDUI) (Scott)
- Status: WD07 uploaded 27 June 2011.
- Status: WD ready for CSD. Asking for full Public
Review.
Two more working drafts correcting small errors have been
uploaded, with the diff going against WD06. There is a
security considerations section now. The only substantive
change is responding to a request to allow the space character
in keywords by escaping it using the + character as a
substitution. WD08 fixed a namespace, and WD09 explains that
the + character is not permissible in keywords because it will
be treated as an escaped space.
Scott moved to adopt WD09, which he uploaded July 25, as
CSD01 for Login and Discovery UI, and he also requests a 30
day public review. Chad seconded. Nobody objected and the
motion passed.
7. Next SSTC Call:
- Tue 09 August 2011
We look forward to talking to you then.