OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Minutes for SSTC Call (10 June 2014)


>1. Roll Call & Agenda Review.

Scott, Thomas, Hal, Nate, Mohammad. Reiner

>2. Need a volunteer to take minutes.

Scott volunteers.

>3. Approval of minutes from previous meeting(s):
>
>   - Minutes from SSTC Call on 27 May 2014:
>
>https://lists.oasis-open.org/archives/security-services/201405/msg00007.ht
>ml

Hal moved to accept the minutes, Nate seconds, motion passes.

>4. AIs & progress update on current work-items:
>
>  (a) Current electronic ballots: None.
>
>  (b) Status/notes regarding past ballots: None.
>
>  (c) SAML 2.1 work (Chad)
>
>      - Chet created starter docs:
>https://lists.oasis-open.org/archives/security-services/201403/msg00010.ht
>ml

Scott: overall looks good, do wonder about the larger number of documents,
but if we make profiles as self-contained as possible, that's probably
progress.

>  (d) Conceptual/overview of Metadata (Rainer Hoerbe)
>      - Thomas AI: point Rainer to the template request page.

No update.

>  (e) XSPA updates (Mohammad Jafari)
>     - Public Review XSPA SAML profile CSD.
>     - Seeking review and inputs from SSTC.
> 
>https://lists.oasis-open.org/archives/security-services/201404/msg00003.ht
>ml


Mohammad asked about any specs that have discussed uses of SAML tokens as
a substitute for X.509 certificates. Nate mentioned WS-Trust, and Scott
noted that signing a token with a confirmation method containing a KeyInfo
is a typical way of expressing that kind of thing.

Scott noted in reviewing the draft that one of the attribute value types
defined is an HL7 structure that is a complex XML value. A lot of
implementations struggle with that. Common approaches are to unroll that
into separate SAML attributes, or to base64-encode the data and pass it in
SAML as a base64 string.

Reiner suggested that often this works better in SOAP-based applications
than Web SSO use cases, but since SSO often becomes a requirement, it's
still worth looking at.

Mohammad will review the requirements and see if adjusting this makes
sense.

Call adjourned.




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]