[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Proposed Agenda for SSTC Call (Tue 10 July 2012)
Adding the list of attendees: Chad La Joie Ian Young Rainer Hoerbe Nate Klingenstein Scott Cantor Anil Saldhana Duane Decouteau Thomas Hardjono > -----Original Message----- > From: Nate Klingenstein [mailto:ndk@internet2.edu] > Sent: Tuesday, July 10, 2012 12:44 PM > To: Thomas Hardjono > Cc: OASIS SSTC > Subject: Re: [security-services] Proposed Agenda for SSTC Call (Tue 10 > July 2012) > > > 1. Roll Call & Agenda Review. > > Quorum was achieved. > > > 2. Need a volunteer to take minutes. > > Nate volunteered to take minutes. > > > 3. Approval of minutes from previous meeting(s): > > > > - Minutes from SSTC Call on 26 June 2012: > > > > https://lists.oasis-open.org/archives/security- > services/201206/msg0001 > > 7.html > > Anil moved to approve the minutes, and Scott seconded. Nobody objected > to the minutes' approval, and the motion passed with the adoption of > the minutes. > > > 4. AIs & progress update on current work-items: > > > > (a) Current electronic ballots: (none) > > > > (b) Status/notes regarding past ballots: (none) > > > > (c) SAML 2.X and Security Considerations doc > > - Status: SSTC agrees to proceed on this in 2012. > > - AIs: > > o Check NAPTR metadata (Scott -- done). > > o Scott will send proposals to the list for schema cleanup. > > > > https://wiki.oasis-open.org/security/SAML2Revision > > Neustar is indeed using the NAPTR support in metadata and would like to > keep it in as normative material and part of the specification suite as > a result. The question as to whether to migrate it to an independent > document or an appendix is open. The main goal is to improve the > readability and usability of the specifications for new adopters and > readers. The downside to separate documents is the boilerplate and > maintenance burden. > > Scott's going to specifically try to draft some statements with > metadata verbiage for the next edition of the specification, but hasn't > found the time to do so yet. > > > (d) SSTC Webinar: > > - Proposed topic: scope of work for the 2.0.1 spec. > > - Status: group is close having enough to present. > > - Status: Hal offers to work on first-cut slides for this. > > Hal was not able to attend the call today. There is no fixed date for > the webinar yet, so Nate suggested that the review of the slides be > postponed until the next call so that Hal would be able to participate > and respond to any feedback. > > > (e) Asynchronous Single Logout Protocol Extension (Chad) > > > > https://lists.oasis-open.org/archives/security- > services/201207/msg0000 > > 1.html > > > > https://lists.oasis-open.org/archives/security- > services/201206/msg0001 > > 9.html > > Scott and Chad have, for a number of years, noted the challenges of > accomplishing federated single-logout within the R&E community, but the > need to implement "something" has been increasing. This extension just > relaxes one of the rules in the existing SLO protocol and should allow > for the implementation of something that we believe will work at scale > but still nearly comply with the existing standard. > > The extension also addresses a lingering interop issue around logout in > that, in front channel logout, there's no way to signal which party > maintains control of the user interface during the logout sequence. > If the protocol offered the SP to indicate their expectations in terms > of the interface, it would be more explicit what should happen and > better interoperability would result. The protocol will allow the SP > to signal that it doesn't want to be a part of the logout sequence > after sending the logout request. > > Committee members are asked to review this document and bring questions > to the next call. > > > (f) XSPA - any updates? (David S. & Duane) > > David was traveling today, so Duane offered an update. He had a > conversation with the voting members of the XSPA TC about advancing the > current document that's been progressing within the XSPA TC to a > working draft that can proceed through the OASIS SSTC. This will be > version 2 of the XSPA profile for SAML. He's still working on > assembling a high-level overview of what is changing within the > profile. > > He's migrating some of the vocabulary from some older references to > more authoritative references, e.g. HL-7. They'll also be adding > attributes to the standard that will allow for the enforcement and > signaling of policies such as non-redisclosure, and so forth. There > will also be stronger typing of the attribute values. > > The goal is to try to accommodate some of the requirements for data > segmentation of patient clinical records in support of US privacy laws, > Title 38, CFR42Part2, that require more controls over sensitive health > care data. These requirements are being reviewed, tested, demonstrated > as part of pilot project by ONC S&I Framework Data Segmentation for > Privacy (DS4P) workgroup members. Eventually, Duane anticipates this > will be migrated towards a committee specification. > > Duane will try to track all the significant changes that have been made > in a spreadsheet. Right now, revision tracking in the document itself > is being used and that's resulted in document that's difficult to read. > The wiki will also need to be updated at some point. > > > 6. Other items: > > - IETF in July. > > Kitten won't be meeting at this IETF, so Scott won't be attending. > > There will be a revision of the new ECP profile soon, and there may be > revisions to the Channel Binding document. He has a reference to XML > Encryption 1.1, which isn't done yet, and that may force the delay of > these documents. Worse yet, the IETF drafts depend on the SSTC drafts > having proceeded beyond draft. There are many hold-ups and > interdependencies and the TC salutes Scott's willingness to brave > several standards processes in parallel. > > > 7. Next SSTC Call: > > - Tuesday 24 July 2012. > > We look forward to speaking with you then.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]