[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for SSTC Call (10 June 2014)
>1. Roll Call & Agenda Review. Scott, Thomas, Hal, Nate, Mohammad. Reiner >2. Need a volunteer to take minutes. Scott volunteers. >3. Approval of minutes from previous meeting(s): > > - Minutes from SSTC Call on 27 May 2014: > >https://lists.oasis-open.org/archives/security-services/201405/msg00007.ht >ml Hal moved to accept the minutes, Nate seconds, motion passes. >4. AIs & progress update on current work-items: > > (a) Current electronic ballots: None. > > (b) Status/notes regarding past ballots: None. > > (c) SAML 2.1 work (Chad) > > - Chet created starter docs: >https://lists.oasis-open.org/archives/security-services/201403/msg00010.ht >ml Scott: overall looks good, do wonder about the larger number of documents, but if we make profiles as self-contained as possible, that's probably progress. > (d) Conceptual/overview of Metadata (Rainer Hoerbe) > - Thomas AI: point Rainer to the template request page. No update. > (e) XSPA updates (Mohammad Jafari) > - Public Review XSPA SAML profile CSD. > - Seeking review and inputs from SSTC. > >https://lists.oasis-open.org/archives/security-services/201404/msg00003.ht >ml Mohammad asked about any specs that have discussed uses of SAML tokens as a substitute for X.509 certificates. Nate mentioned WS-Trust, and Scott noted that signing a token with a confirmation method containing a KeyInfo is a typical way of expressing that kind of thing. Scott noted in reviewing the draft that one of the attribute value types defined is an HL7 structure that is a complex XML value. A lot of implementations struggle with that. Common approaches are to unroll that into separate SAML attributes, or to base64-encode the data and pass it in SAML as a base64 string. Reiner suggested that often this works better in SOAP-based applications than Web SSO use cases, but since SSO often becomes a requirement, it's still worth looking at. Mohammad will review the requirements and see if adjusting this makes sense. Call adjourned.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]