[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Draft SSTC Minutes 7 January 2014
Agenda SSTC Conference Call Minutes Tuesday 7 January 2014, 12:00pm ET > 1. Roll Call & Agenda Review. Nate chaired in Thomas's absence Attendance (Hal) Voting Members Internet2 Scott Cantor Nokia Corporation Frederick Hirsch Veterans Health Administration Mohammad Jafari Internet2 Nathan Klingenstein Covisint Corporation Chad La Joie Oracle Hal Lockhart Guests Australia Otto, Ian Agenda agreed without change > > 2. Need a volunteer to take minutes. > Frederick Hirsch took minutes > 3. Approval of minutes from previous meeting(s): > > - Minutes from SSTC Call on 10 December 2013: > > https://lists.oasis-open.org/archives/security-services/201312/msg00002.html Chad moved, Scott seconded. Minutes approved without objection. > > > 4. AIs & progress update on current work-items: > > (a) Current electronic ballots: None. > > (b) Status/notes regarding past ballots: None. > > (c) SAML 2.1 work (Chad) > - SAML2.1 wiki: > https://wiki.oasis-open.org/security/SAML2Revision > > - Chad's list: > https://wiki.oasis-open.org/security/SAML21 > > - Sample ToC for an SSO Profile: > https://wiki.oasis-open.org/security/SAML21ExampleProtocol > > - AI for everybody: please review SSO profile draft & give feedback. > (This will part of a multi-part specification). > > - Thematic profiles from Chad: > https://lists.oasis-open.org/archives/security-services/201312/msg00004.html > > Chad sent out list, response on list from Scott Nate noted concern regarding keeping low total workload to get done in reasonable schedule, concern that authentication topic is broad, duplication of material Chad remarked that reason for doing this is to clean it up and make it more approachable, better to duplicate to make material accessible to users. Scott noted that if cut and paste issues with OpenOffice introducing formatting errors in process, needed revision and possible introduction of errors, requiring more detailed proof-reading. General agreement on duplication rather than referencing. Chad - Attributes form a critical part in systems - do not want them obscured with artifact and assertions. Scott would like to deprecate artifact but can't since OpenID connect based on it. Chad - should we remove deprecated materials? Scott, Artifact in separate bindings document rather than separate piece of work Deprecation might be an issue if material is currently being used Chad, deprecated since 2005 so could go away in this revision Hal - this isn't a major version but perhaps nobody will complain since earlier document still exists. Nate - what happens with schema Hal - won't change core schema Nate - agreement to remove artifact profile from specification but not from schema Hal we can deprecate material if a new better method is known, but no reason to deprecate otherwise, even if not used much. Scott would be willing to own non-browser authentication document, more fully specify delegation in this Chad - ok with me Nate is metadata a theme Chad, no, not a profile Scott, Chad - would like to see security considerations inside the profiles Scott might want to define an updated artifact type related to SHA-1 support and possible deprecation Action item: Scott to look at existing artifact formats and use of SHA-1 Plan also to move to XML Signature 1.1 and XML Encryption 1.1 Chad: Templates from TC Admin that had previous categorization of profiles, will ask TC Admin about new templates > (d) Conceptual/overview of Metadata (Rainer Hoerbe) > - Further Steps thread. Any updates? > > https://www.oasis-open.org/apps/org/workgroup/security/document.php?document_id=50362 > Rainer not present, defer. > > (e) XSPA updates (Mohammad Jafari) > - Any updates? > No update at this time, please keep on agenda. > > (f) SAML Token Profile for ebMS (Ian Otto / Australia) > - Any updates or news from the 30-day PR. > Public review concluded with only minor comments. Spec being updated, no more TC work on this needed. Nate - thanks for joining SSTC calls, glad to hear of progress, will remove from future agendas. > > (g) Folding SAML.XML.ORG material into SAML/SSTC site. > - AI: Scott will create a new front page > > https://wiki.oasis-open.org/security/FrontPage > Scott has created updated front page, adding new sections, let TC Admin about changes. Ready for redirect to be setup. TC agrees that xml.org redirect can be established now. > > 5. Assorted mail items: > > > 6. Other items: > No other business. Nate thanks everyone > > 7. Next SSTC Call: > - Tuesday 21 January 2014 Adjourn
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]