OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

imi message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: IMI TC Minutes, Nov 24 2008

1. Call to order/roll call

Attendance:

Mario Ivkovic A-SIT, Zentrum fur sichere Informationstec...
Jeffrey Broberg CA*
Drummond Reed Cordance*
Michael McIntosh IBM
Scott Cantor Internet2
Marc Goodner Microsoft Corporation
Michael Jones Microsoft Corporation
Norman Brickman Mitre Corporation*
Dale Olds Novell*
Darran Rolls SailPoint Technologies

 

2. Reading/Approving minutes from last meeting

http://lists.oasis-open.org/archives/imi/200811/msg00005.html 

--Minutes approved


3. TC Logistics (10 minutes or less)

Call schedule.


4. Issues list

- Actions

None

 

- Issues

http://wiki.oasis-open.org/imi/IssueList

 

Issues 1-3

http://lists.oasis-open.org/archives/imi/200811/msg00009.html

Issue 1 Affirmative statements

RP needs an affirmative statement

Can IdP vouch that it recieved affirmative statement via claim?

Self signing via self issued selector, but claim types are predefined

Similar to consent element in saml 2, not widely used

As currently profiled for web case it is a bearer token, cannot be signed

Other cases where RP needs to send data to IdP, e.g. payments, this case also introduces signature reqs

Could be done via active profile as well using HoK, not clear that meets reqs here

Currently certs distributed on cards, cannot be used directly for authN, used to sign document as representation of legal signature for affirmative statement

 

New issue: Sending data from RP to IdP

 

Issue 2: Crypto-Algorithm flexibility

Interop usually defined by what must be supported vs. adding extensibility for other features

General consensus that allowing this extensibility doesn't compromise the existing profile

Note elliptical curve is still under development

Suggestion to doc the alg reqs to the conformance section

 

Issue 3: Signature formats: XAdES

Is this a profile or replacement? Profile, tightens reqs

Not clear which part of profile this is intended for

Agreed may already be allowed in some places

Should be allowed that token from subject can contain XADES properties

SAML token cannot use XADES properties

Scott to discuss with SSTC

 

5. Other business

New AI: Chairs to request new issue list from TC admin

 

IIW discussions

Most of it covered standardization effort at OASIS, how the profile may evolve over time

No real comments on current draft, lots of questions about OASIS participation in general

 

6. Adjournment
 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]