Re: [security-services] Proposed Minutes for SSTC Telecon (June 11th, 2013)

[Anil Saldhana <Anil.Saldhana@redhat.com>]

On 06/11/2013 05:02 PM, Mohammad Jafari wrote:

SAML TC Call Meeting Minutes

Tuesday June 11, 2013

 

> 1. Roll Call & Agenda Review.

Company     Name ascending     Role
Internet2     Scott Cantor     Secretary
Nokia Corporation     Frederick Hirsch     Member
Veterans Health Administration     Mohammad Jafari     Member
Internet2     Nathan Klingenstein     Chair
Covisint, a Compuware Company     Chad La Joie     Member
Oracle     Hal Lockhart     Secretary
Red Hat     Anil Saldhana     Secretary
Internet2     Ian Young     Observer
Voting Members: 4 of 7 (57%) (used for quorum calculation)
Quorum Achieved

No changes suggested.

> 2. Need a volunteer to take minutes.

Mohammad takes minutes.

> 3. Approval of minutes from previous meeting(s):

>    - Minutes from SSTC Call on 28 May 2013:

> https://lists.oasis-open.org/archives/security-services/201305/msg0002

> 1.html

Mohammad moved. Hal Seconded. Approved.

> 4. AIs & progress update on current work-items:

>

>   (a) Current electronic ballots: (none)

>

>   (b) Status/notes regarding past ballots: (none)

>

>   (c) SAML 2.1 work (Chad)

>       - SAML2.1 wiki:

>         https://wiki.oasis-open.org/security/SAML2Revision

>       - Chad's list:

>         https://wiki.oasis-open.org/security/SAML21

>

>       - Sample ToC for an SSO Profile:

>         https://wiki.oasis-open.org/security/SAML21ExampleProtocol

>

>       - AIs:

>         o Chad to email the SSTC list with proposed set of documents.

>         o Chad to request TC-Admin for document templates for 2.1.

Chad: Sent out an email to everyone to list the documents we need to ask the TC Admin to create. No more updates at this moment.

 

 

>   (d) Conceptual/overview of Metadata (Rainer Hoerbe)

>       - Any updates?

>         http://files.hoerbe.at/daunlod/eadocx-quickdoc.pdf

Rainer: No updates.

 

>   (e) SAML ECP (Scott)

>       - In 30-Day Public Review

> https://lists.oasis-open.org/archives/security-services/201305/msg00017.html

>   (f) Channel Binding Ext (Scott)

>       - In 30-Day Public Review

>       - AIs:  Thomas has sent both 30-day PR announcements

>               to the IETF Kitten WG list.

>

> https://lists.oasis-open.org/archives/security-services/201305/msg0001

> 6.html

> 

Scott: No updates.

>   (g) XPA updates (Mohammad Jafari)

Mohammad: No update.

 

>

>   (h) SAML Token Profile for ebMS (Ian Otto / Australia)

>       - Australian government profiling ebMS /AS4 specs.

>       - Proposal for Security SAML Token Profile for securing the ebMS

> messages.

>

 

Ian: The Australian government is planning to using ebMS as a common messaging service. None of the existing vendors support SAML for ebMS 3.0. Looking for a profile of SAML over ebMS. On behalf of the ebMS TC, a paper is proposed.

 

The paper has been emailed to the list.

https://www.oasis-open.org/apps/org/workgroup/security/email/archives/201306/msg00001.html

 

Ian presented a walk-through of the paper and answered questions:

 

Nate: Seems like SAML 2.0 metadata addresses some of these issues.

Let's give the TC 2 weeks to review. It's good if Ian takes a look at existing work especially SAML 2. SAML 1.1 is a decade old and we at least encourage interoperability with SAML 2.0.

Ian: ebMS TC will probably prescribe SAML 2.0.

Scott: Trying to deal with both will cause trouble in the long run.

Nate: We will bring this up on the agenda in the next meeting.

Ian: We tried contacting WS Security TC but it seems they are non-responsive.

Hal: WS Security TC meetings are rare. They have no charter to make any significant changes.