[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Proposed Minutes from SSTC Telecon 13 Dec 2011 -- RE: Proposed Agenda for SSTC Telecon (13 December 2011)
Proposed Minutes: SSTC Telecon 13 December 2011
------------------------------------------------
> AGENDA:
>
> 1. Roll Call & Agenda Review.
Roll call:
Frederick (non voting)
Hal
Chad
Thomas
Quorum NOT achieved.
(Regrets from Scott and Nate).
> 2. Need a volunteer to take minutes.
Thomas taking minutes.
> 3. Approval of minutes from last meetings:
>
> Minutes from SSTC Call on 29 Nov 2011:
>
> http://lists.oasis-open.org/archives/security-
> services/201111/msg00044.html
Deferred to January telecon call.
> 4. AIs & progress update on current work-items:
>
> (a) Current electronic ballots: (none)
>
> (b) Status/notes regarding past ballots: (none)
>
> (c) Session Token Profile (Hal)
> - Status: CS Ballot passed
>
> http://lists.oasis-open.org/archives/security-
> services/201111/msg00022.html
Session Token Profile in TC-Admin Queue (#766).
> (d) Attribute Predicate Profile (Gregory/Franz-Stefan)
> - Status: CS ballot request received on 19 Nov 2011.
> - Status: In TC-admin queue.
>
> http://lists.oasis-open.org/archives/security-
> services/201111/msg00032.html
Attribute Predicate Profile in TC-Admin Queue (#771).
> (e) Kerberos Web browser SSO Profile (Josh/Thomas)
> - Status: WD02 uploaded.
> - Status: CSD now in 15-day PR until 12/20/2011
>
> http://lists.oasis-open.org/archives/security-
> services/201112/msg00000.html
Kerberos Web browser SSO Profile now in 15-day PR until Dec 20th.
> (f) Metadata Extensions for Documentation/Registration (Chad)
> - Status: 15-day PR from 3 Oct to 2 Nov 2011.
> - Status: one comment was received during PR period.
> - AI: will revise document.
>
> http://wiki.oasis-open.org/security/PublicComments20111003-20111102.
Chad uploaded new WD08, which addresses all the comments
previously received.
Chad will ask SSTC for CSD status and 15-day PR at the SSTC Telecon in January.
AI: Thomas to put this on January 10 agenda.
> (g) Metadata Extensions for Login and Discovery User (MDUI) (Scott)
> - Status: 30-day PR from 14 Oct to 13 Nov 2011.
> - Status: One comment has already been received.
> - AI: will update to new WD.
>
>
> (h) SAML2.0 Approved Errata
> - Status: wd-54 uploaded (Scott).
Scott unavailable today.
Scott emailed Thomas and Nate suggesting the SSTC
begin discussion about preparing a written response
to the SAML vulnerability paper that's being published next year.
The paper apparently still does not indicate that many of the
issues have been fixed.
Chad: agrees that most of the attacks have been fixed.
Hal: that this is an academic paper, so the author may be
seeking to get "mileage" out of it.
Hal suggests the SSTC needs to point out:
(a) Issues do not pertain to the spec, but to implementations.
(b) We should ask authors to enumerate items that have been fixed.
(c) The SSTC needs to come out with our own list of fixed items
and perform as many tests as possible 9to implementations).
However, many people will still continue to use old/back implementations.
Thomas suggest start drafting statement starting in January.
Hal: there is disconnect between XML-signature and XML spec.
Chad: parts of the DOM v3 spec may still open to misinterpretation, since
it does not address clearly the case of when ID values were non-unique.
AI: Chad will email pointer to text in the DOM specs.
> (i) SAML 2.0.1 and Security Considerations doc
> - Plans for 2012?
>
Yes, we need to address this in 2012.
> 5. Assorted mail items:
>
> 6. Other items:
>
> 7. Next SSTC Call:
> - Tue 10 January 2012. Happy New Year folks!
> - Propose to cancel SSTC call on 27 December.
> - Propose Tue 10 January 2012 as first telecon in 2012.
Meeting adjourned at 12:30PM-EST.
______________________________________
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]