OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: FW: Proposed Minutes for SSTC Call (Tue 24 July 2012)


Adding list of the attendees for 7/24/2012:

- Nate Klingenstein
- Ian Young
- Anil Saldhana
- Hal Lockhart
- Duane Decouteau
- Scott Cantor
- Frederick Hirsch
- Chad La Joie
- Thomas Hardjono

Quorum was achieved.

__________________________________________


-----Original Message-----
From: Nate Klingenstein [mailto:ndk@internet2.edu] 
Sent: Tuesday, July 24, 2012 12:32 PM
To: OASIS SSTC
Cc: Thomas Hardjono
Subject: Proposed Minutes for SSTC Call (Tue 24 July 2012)

> 1. Roll Call & Agenda Review.
>
> 2. Need a volunteer to take minutes.

Nate volunteered to take the minutes.

> 3. Approval of minutes from previous meeting(s):
>
>   - Minutes from SSTC Call on 10 July 2012:
>
>
https://lists.oasis-open.org/archives/security-services/201207/msg0001
> 9.html

Hal moved for the approval of the minutes and Scott seconded.  No
objections; minutes approved and adopted.

> 4. AIs & progress update on current work-items:
>
>  (a) Current electronic ballots: (none)
>
>  (b) Status/notes regarding past ballots: (none)
>
>  (c) SAML 2.X and Security Considerations doc
>      - Status: SSTC agrees to proceed on this in 2012.
>      - AIs:
>        o Scott to send proposals to the list for schema cleanup.
>
> https://wiki.oasis-open.org/security/SAML2Revision

Scott has documents in hand that have most of the errata applied based
on the original markup copies.  This will yield a clean set of
documents from which to begin the SAML 2.X work.

He also drafted some close-to-consensus points about metadata
requirements and added them to the Wiki.  [AI] Everyone is asked to
review those points so they can become consensus instead.

He's further got a copy of the schema that he's starting to work on
and he's playing with some regex patterns to see what can be done,
such as requiring lengths for strings and so forth.

We're anticipate that we would need to use a newer document
template(or retrofit the current documents), but we're not sure what
other new OASIS requirements might apply to the specifications.  [AI]
Thomas will ask TC-Admin.

>   (d)  SSTC Webinar:
>      - Proposed topic: scope of work for the 2.0.1 spec.
>      - AI: Review Hal's draft slides.
>      - AI: Group needs to decide webinar date.
>
>
https://lists.oasis-open.org/archives/security-services/201207/msg0000
> 4.html

The first question Hal raised is whether we could cobble together a
slide to indicate the full scope of SAML deployment.  Everyone agrees
that we "should", but nobody really could supply a list of deployments
other than higher education federations.  There was also a reference
to the Kantara list of products.  We're aware of large deployments in
Europe and in the U.S. Government.

[AI] Nate will send Hal a few pointers describing deployments.

Scott would separately like to cover the improvements to the SAML
specifications that will be possible based on the widespread
deployment experience to date.

Hal is assuming he'll be delivering the presentation in concert with
Dee from OASIS.  We plan on giving the presentation in September in
order to avoid conflicting with August, also known as European
Vacation Month.

>   (e) Asynchronous Single Logout Protocol Extension (Chad)
>
>
https://lists.oasis-open.org/archives/security-services/201207/msg0000
> 1.html
>
>
https://lists.oasis-open.org/archives/security-services/201206/msg0001
> 9.html

There will be another working draft based on some comments that Scott
supplied in a back channel.  Specifically, we'd like to place an
attribute on an endpoint in metadata in order to indicate that the
endpoint supports the asynchronous extension.

We expect to see working draft 2 in place for next week's call, and
Chad is likely to request a vote at that point because the Shibboleth
project actively needs to develop to the proposed specification.

>   (f) XSPA updates (David S. & Duane)

Duane is still in the throes of cleaning up Draft 1 based on some
comments generated during the XSPA TC's work on the profile.  There's
also been an update of the HL7 vocabulary, so he's ensuring that all
external references fit that new vocabulary set.

> 5. Assorted mail items:
>
> 6. Other items:
>   - IETF in July 30th to 3 August, Vancouver.
>
> 7. Next SSTC Call:
>   - Tuesday 7 August 2012.

We look forward to speaking with you then.

Attachment: smime.p7s
Description: S/MIME cryptographic signature



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]