RE: [security-services] Draft Minutes for SSTC Call (26 June 2012)

["David Staggs" <david.staggs@jerichosystems.com>]

All

Updated report on the XSPA profile at the bottom of the minutes.

Cheers,
David

-----Original Message-----
From: security-services@lists.oasis-open.org
[mailto:security-services@lists.oasis-open.org] On Behalf Of Chad La Joie
Sent: Tuesday, June 26, 2012 11:32 AM
To: security-services@lists.oasis-open.org
Subject: [security-services] Draft Minutes for SSTC Call (26 June 2012)



On 6/25/12 10:24 AM, Thomas Hardjono wrote:
> 1. Roll Call & Agenda Review.

John Bradley, Ping Identity
Scott Cantor, Internet2
Duane DeCouteau, Veterans Health Administration Frederick Hirsch, Nokia
Thomas Hardjono, MIT Chad La Joie, Internet2 Nate Klingenstein, Internet2
Hal Lockhart, Oracle Anil Saldhana, Red Hat David Staggs, Jericho Systems

> 2. Need a volunteer to take minutes.
> 
> 3. Approval of minutes from previous meeting(s):
> 
>    - Minutes from SSTC Call on 12 June 2012: 
> 
> https://lists.oasis-open.org/archives/security-services/201206/msg0001
> 2.html

Nate moves to approve.  David Seconds.  No Objections.  Motion passes.

> 4. AIs & progress update on current work-items:
> 
>   (a) Current electronic ballots: (none)
> 
>   (b) Status/notes regarding past ballots: (none)
> 
>   (c) SAML 2.X and Security Considerations doc
>       - Status: SSTC agrees to proceed on this in 2012.
>       - AIs
>         o Move "Close to Consensus" material to "Agreement" section 
> (done)

Completed

>         o Scott will send proposals to the list for schema cleanup.

Not yet complete, will be worked on once everyone agrees to what needs to be
done.

Scott expects most of the metadata items to be moved up to "agreement"
after discussion.

Scott: Seems to be a sense that requiring trust profile conformance at the
base level is going to far.  Is there agreement to require basic metadata
support in base level?

Hal: Oracle supports a constrained set for a base line.

Scott: We need to discuss which metadata extensions go in to the baseline.

Scott: IOP document likely to be a separate conformance level

Someone : Need to discuss whether there is a difference between use of
metadata for upfront config vs ongoing config

Scott: If it's not used for ongoing config it's not of much value.  Need to
call out specific exchange models to facilitate this.

Scott: Does anyone object to removing the DDDS/NAPTR material?

No objections raised.  Should check with NuStar as it came from them
originally. Scott will contact them and ask.

Scott: First bit of work for 2.1 is to apply the existing errata.  Ian Young
working on this and will hopefully have this completed in the next couple
weeks.

>   (d)  SSTC Webinar:
>       - Proposed topic: scope of work for the 2.0.1 spec.
>       - Status: group is close having enough to present. 
>       - Status: Hal offers to work on first-cut slides for this.

Not draft yet, should be available in the next couple of days and will send
to list.  We can discuss during the next meeting.

> 5. Assorted mail items:
> 
> 6. Other items:

XSPA (Cross enterprise Security and Privacy Authorizations for Healthcare):
David: European organization (epSOS) is using the XSPA profile for exchange
of patient data.  The (US) Office of National Coordinator is hosting a pilot
for developing standard ways to enforce patient consent directives.
Suggested changes to the SSTC XSPA profile will be brought forward as
developed by the XSPA TC and the experiences from the ONC pilot.

Duane: The Veterans Affairs and SAMSHA is working on data segmentation for
the pilot and will add suggested changes for SSTC discussion.

Goal is to get the XSPA profile/changes to the committee by the next
meeting.

> 
> 7. Next SSTC Call: 
>    - Tuesday 10 July 2012. 


--
Chad La Joie
www.itumi.biz
trusted identities, delivered



---------------------------------------------------------------------
To unsubscribe, e-mail: security-services-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: security-services-help@lists.oasis-open.org