IMI TC Minutes, Jan 8 2009

[Marc Goodner <mgoodner@microsoft.com>]

1. Call to order/roll call

Attendance:

Mario Ivkovic	A-SIT, Zentrum fur sichere Informationstec...
Jeffrey Broberg	CA*
Drummond Reed	Cordance*
Michael McIntosh	IBM
Anthony Nadalin	IBM
Bruce Rich	IBM
John Bradley	Individual
Scott Cantor	Internet2
Marc Goodner	Microsoft Corporation
Michael Jones	Microsoft Corporation
Dale Olds	Novell*
Upendra Mardikar	PayPal Inc.
Darran Rolls	SailPoint Technologies

2. Reading/Approving minutes from last meeting

http://lists.oasis-open.org/archives/imi/200812/msg00000.html

Minutes approved

3. TC Logistics (10 minutes or less)

None

4. Issues list

- Actions

AI: Chairs to request new issue list from TC admin

Requested, waiting on list to be setup

None

- Issues

http://wiki.oasis-open.org/imi/IssueList

 

New issues:

10 Version skew between spec and schema

http://lists.oasis-open.org/archives/imi/200901/msg00011.html

Agreement, assigned to editors to correct

11 Namespace correction

In working with OASIS staff to publish our CD discovered that we need to add our declared ns to the document. In addition the ns string needs to be revised to reflect OASIS guidelines:

http://docs.oasis-open.org/imi/ns/identity-200810/

Agreement, assigned to editors to correct

 

Issues 12, 13 and 14

http://lists.oasis-open.org/archives/imi/200901/msg00005.html

12 (2 in msg) Clarifying when an ic:IssuerId value is required

Discussion on list, agreed on language, to update in new editor draft

Agreement, assigned to editors to correct

13 (3 in msg) Clarifying that self-issued cards support the PPID claim even though not listed as an ic:SupportedClaimType element

Selectors implicitly support this claim even when not written to the transfer format

Add compatibility note on older selector behavior, deprecated behavior

Agreement, assigned to editors to correct

14 ( 1 in msg) Clarifying that the ClientPseudonym/PPID value is always sent when a PPID is requested

Assigned to editors to propose text in revised editor’s draft based on discussion to date

Note: Editors to make sure it clear that it is RP specific information, but is cryptographically secure to not be RP identifiable

 

Issue 1 Affirmative statements

http://lists.oasis-open.org/archives/imi/200901/msg00003.html

Discussed doc signing reqs, related to legal reqs

Req for signing alg, XAdES only know qualified sig mechanism

Possibility to capture claim in SAML token to contain value of enveloping sig over textual statements

Need ability for RP to say for specific claim types to say what they want value of claim to be and that they need to be signed

May need special handling of selector, e.g. user consent captured and reflected as sig from personal card / cert over data

Need for crypto-alg flexibility (Issue 2) may go away if sig value data within token rather than over

May require extension to protocol to signal this requirement, needs further discussion

 

Issue 3 Signature formats: XAdES

Investigation has shown that XAdES cannot sign over the envelope

 

5. Other business

Editors to produce revised draft before next call

6. Adjournment