OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Draft Minutes from SSTC Telecon (Tuesday 1 August 2017)

Minutes from SSTC Conference Call

Date: Tuesday 1 August 2017, 12:00pm ET.



1. Roll Call & Agenda Review.

Attendance

Voting Members

Scott Cantor 	Internet2.
Hal Lockhart 	Oracle.
Madalina Sultan 	Connectis.
Thomas Hardjono (MIT).

 -- Quorum was achieved.


2. Need a volunteer to take minutes.

 -- Minutes by Thomas


3. Approval of minutes from previous meeting(s):

- Tuesday 9 May 2017 meeting:

https://lists.oasis-open.org/archives/security-services/201705/msg00003.html

 -- Motion by Scott. Second by Hal.
 -- No objections. Motion passes, minutes approved and adopted.


4. AIs & progress update on current work-items:

(a) No items.

(b) Status/notes regarding "Protocol Extension for Requesting Attributes per Request":

  o  Ballot for Committee Draft closed on 6/27 (passed).
  o  Next step is to request for an electronic ballot to be created to move the doc into Committee Specifications.

  o  Motion by Madalina: "Motion for SSTC to request the creation of an electronic ballot to move the Protocol Extension CD doc into Committee Specifications."
      +  Second by Scott.
      +  No objections -- motion passes.
      +  Action item for Thomas to formally request to TC-Admin.


 (c) New pair of SAML identifier attributes (Scott)

  o  Scott explains that the current definition and usage of nameID is limited and causes confusion to deployers of SAML2.0.
  o  In some cases of Logout, the nameID becomes a persistent identifier that is retained by the Server and may cause privacy concerns (e.g. PII).
  o  There is also the issue of the case-sensitivity of nameID, which when used in certain contexts (e.g. hashed into another string) may cause clashes.

  o  The goal of the new spec is to clarify these issues and to make it somewhat compatible for emulating the subclass in OpenID-Connect.
  o  Scott will start a discussion thread on the mail-list.
  o  Plan is to have some draft of the doc by the next SSTC telecon.



5.  Other Items: none.


6. Next meetings:

- Tuesday, 24 Oct 2017

- Tuesday, 16 January 2018

(Note that we are meeting roughly every 3 months or 12 weeks).


---------------------------------------------------------------------

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]