[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Draft minutes for SSTC Telecon (20 January 2015)
> AGENDA: > > 1. Roll Call & Agenda Review. Hal Lockhart Mohammad Jafari Martjn Kaag Scott Cantor Frederick Hirsch Rainer Hoerbe > 2. Need a volunteer to take minutes. Scott volunteers. > 3. Approval of minutes from previous meeting(s): > > - Minutes from 25 November 2014: > > https://lists.oasis-open.org/archives/security ><https://lists.oasis-open.org/archives/security->-services/201411/msg00008 >.html Scott moved to accept the minutes. Frederick seconded, motion passed. > 4. AIs & progress update on current work-items: > > (a) Current electronic ballots: None. > > (b) Status/notes regarding past ballots: None. > > (c) Follow up questions from Dutch eID presentation (Martijn Kaag) > > - Extension for requesting additional attributes in authnrequest. > - Next version of SAML (2.1). Why (not)? Who? Martijn reiterates the requirement for extending the AuthnRequest message with requested attributes. Scott notes this has been discussed for a long time, but nobody has ever shown up with resources to work on the spec. He noted there's an existing extension from back in the post 2.0 days defining a protocol extension to the AuthnRequest: https://wiki.oasis-open.org/security/ProtocolExtThirdParty Using that as a basic outline would be the simplest approach. Hal will request the template from tc-admin and help with any questions. > (d) SAML 2.1 work: > - SAML2.1 wiki: > https://wiki.oasis-open.org/security/SAML2Revision Martijn expressed a concern that the perception is that SAML is not being maintained because it dates to 2005 with no update, and asked whether 2.1 is a legitimate need. Hal responded that in terms of 2.1, the main issue is that there are no resources to work on it. It also was not intended to add any incompatible changes, just incorporate extensions and improve the presentation. From a marketing or perception PoV, the issues with JSON vs. XML and so forth are issues regardless of whether a 2.1 were to happen. Scott noted that during past discussion, the TC had generally concluded that a JSON binding for SAML would be counterproductive in light of the substantial functional duplication between SAML and the JOSE/OAuth/OIC stack. Scott agreed that there's value in a 2.1 for getting vendor uptake of numerous extensions, but it's still a resource issue primarily. > (e) Conceptual/overview of Metadata (Rainer Hoerbe) > - SSTC review is requested. > - Moving the WD for the Metadata Guidance document to CD. Hal: was this intended as a Note or Normative document? Rainer: it's a Note. Hal asked if we should do the optional public review? It doesn't seem like it matters for Notes since we can always redraft and reapprove the Note every time a change is made. Rainer moved to approve SAML Metadata Guidance Version 1.0 WD-03 to Committee Note. Link: https://www.oasis-open.org/committees/download.php/54940 Doc ID: saml-metadata-guide-v1.0-wd03.doc Scott seconded. Motion approved unanimously. > (f) XSPA updates (Mohammad Jafari) > - Any updates. No updates. > 6. Other items: Frederick noted he's left Nokia and is now an individual member. > 7. Next SSTC Call: > - Tuesday 17 February 2015. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]