saml-dev message

Subject: Minutes of SSTC Telecon for Tuesday Sep 16
From: "Jahan Moreh" <jmoreh@sigaba.com>
To: "Saml-Dev@Lists. Oasis-Open. Org" <saml-dev@lists.oasis-open.org>
Date: Wed, 17 Sep 2003 09:54:03 -0700

Minutes for SSTC Telecon, Tuesday 16 September 2003
Dial in info: +1 865 673 3239  #238-3466
Minutes taken by Jahan Moreh

Meeting started at 9:00 AM PDT. Quorum achieved (see bottom of this message
for list of attendees).

Next meetings:
- editorial team con call at 8 AM PDT (11 AM EDT) on Tuesday Sep 23. Dial in
info: +1 865 673 3239  #238-3466. Meeting will last between 30-45 minutes

- SSTC regularly scheduled call: Sep 30 at 9:00 AM PDT (12:00 EDT)


===========================================================
                              Summary
===========================================================
Votes:

- Minutes from Sep 8-10 F2F meeting accepted by unanimous consent.
See
http://lists.oasis-open.org/archives/security-services/200309/msg00057.html


- Accepted SAML 2.0 revised goal statement by unanimous consent.
See
http://lists.oasis-open.org/archives/security-services/200309/msg00054.html

Critical dates:
- Prateek stated that work items with no owners are at risk of not being
included in SAML 2.0. The SSTC would want to close the work item list by Sep
30. Those items that have not made progress by October 14 will be eliminated
from SAML 2.0 deliverables.


Closed action items:
#0055
#0070: SASL Support (new action item opened, see below)


New Action Items:
- Eve: Update FAQ to reflect new SAML 2.0 goal statement
- Rob: Update SSTC web page to reflect new SAML 2.0 goal statement
- Prateek:  Update SAML 2.0 goal document to reflect new statement
- Jeff/Bob: Develop solution proposal for SAML as a SASL Security Mechanism
- Prateek: Create new action items from Work Items added during F2F Wed AM
session


Previous Action Items Still Open:
#0074: Create SAML 2.0 issues list
Status: Eve will try to finish by Sep 19.


#0073: Extract enhancement requests from current issues list
Comments: Remains open

#0072: Authentication Context
Jeff is still working on this. May take a few weeks. Tentative due date Oct
14.

#0071: Enhanced Client Profiles
Fredrick should have a brief solution available by Sep. 19 and more detailed
solution later.

#0069: Baseline Attribute Namespaces
Scott thinks that Bob will clean up Shibboleth docs related to same topic
and  publish

#0068: Delegation and Intermediaries
Remains open. Still awaiting Use-Case proposal.

#0067: Identity Federation
Scott will take John Linn’s document and work through it. Scott hopes to
turn it around to the list before the next call (Sep 30)

#0066: SSO Profile Enhancements
Prateek will publish by Sep 27.

#0065: Credentials Collector
Remains open. Jeff thinks he will publish by Sep 30.

#0064: Metadata and Exchange Protocol
Jahan will provide solution proposal by Oct 7.

#0063: Profile Enhancements for Metadata
Jahan will provide solution proposal against SAML 1.1 profiles by Oct. 14.

#0062: SSO with Attribute Exchange
High level use-case was presented at the F2F. Next steps are to specify the
use-case in detail. Prateek will publish use case document by Oct 14.

#0061: Kerberos Use Cases for SAML 2.0
John Hughes will complete document by Sep 30th.

#0060: Publish pointer to SAML 1.0 Session Materials
In progress. No due date.

#0059: Session Support
John Kemp got some materials from Jason and he looked at them. John Kemp
will publish a new version, incorporating feedback by Sep 27.

Work Items from Wednesday morning F2F  (See sstc-saml-scope-2.0-draft-06).
Prateek will create new action items for these.


28A: Attribute reconciliation
Assigned to Rebekah
Status: Will have solution proposal ready by Sep 26.

28B: XACML proposal for Policy Transport
Assigned to Hal
Status: SAML TC should formally decide if this should be done in SAML TC or
in the XACML TC. Will publish a solution proposal to the list by Sep 27.

28C: Authorization Decision Reconciliation
Assigned to Hal
Status: What Ann/Hal presented during F2F constitutes a solution proposal.
Hal will post to the list schema for this item.

28D: Issuer name enhancement
Assigned to Rebekah
Status: Rebekah will provide an update by Sep 26.
Hal thinks that XACML provided a proposal last spring but decided to table
it. Hal thinks it is valuable to re-publish this submission. Eve will track
down the email thread and will re-post it to the list.

9: XML Encryption
Assigned to: Scott
Status: Scot will publish use cases.

19: HTTP-based assertion referencing
Assigned to: Scott
Status: Prateek thinks this was not completely clear. It is awaiting use
case. Scott will gather use case in time for next call (Sep 30).

10: Back office profiles
Assigned to: Krishna
Status: awaiting use case.


======================== raw notes (marked by
**)============================

1. Accept minutes from SAML 2.0 F2F
------------------------------------------------
http://lists.oasis-open.org/archives/security-services/200309/msg00057.html
**Accepted by unanimous consent.


2. Review Time-Line for SAML 2.0
----------------------------------------------

September, 30, 2003 -- Work item list for SAML 2.0 closes
October 14, 2003         -- Complete use-case or candidate solutions for all
                                       accepted work items

October 22-24, 2003    -- Proposed F2F on West Coast

April 2, 2004                -- Enter last call on SSTC (final step before
                                      committee draft)
**Prateek reviewed the timeline. No discussions

3. Fix SAML 2.0 goal statement typo (need vote)
---------------------------------------------
http://lists.oasis-open.org/archives/security-services/200309/msg00054.html

**
Eve: suggested to take out the word ID-FF from bullet 3 in  the goal
statement. The proposed wording is:

Converging on a unified technology approach for identity federation by
integrating the specifications contributed to the TC by the Liberty
Alliance.

Eve moves to accept. Phil seconds. Accepted the revised goal statement by
unanimous consent.



4. Proposed demo at XML 2003
-----------------------------------------

- Proposal from SUN posted to the list. See
http://lists.oasis-open.org/archives/security-services/200309/msg00065.html




- WSS SAML Token Profile InterOp
(need someone to take ownership and drive forward)

**
Hal: No action. Next step is for people to propose scenarios.
Prateek: will this happen at SSTC.
Hal: No. People who are interested should get on the WS-TC and move this
forward.
Emily: Liberty interop in November will test WS-SAML token profile
Hal: I think the Liberty profile is a year old
Scott: I think this is not a year old. This is relevant because it uses
WS-SAML profile.
Hal: The interop is a virtual interop occurring over the internet. It is not
linked to XML 2003.

5. Post photos from F2F on web site?
------------------------------------------------
**No objections. The chairs plan to put the pictures on the web site.

6. Open Action Items
---------------------------
**Prateek has updated the scope doc (current version is 6) and posted it to
the list. Prateek has also extracted all the Action Items from F2F (sans
items assigned on Wed., which he will add later). See
http://www.oasis-open.org/apps/org/workgroup/security/members/action_items.p
hp

Attendees discussed each action item. See notes at the beginning of this
minute regarding status of open items.

There was some discussion regarding IP issues related to action item 0064
(Metadata and Exchange Protocol) . Maryann expressed concerns around IP
issues related to Liberty Metadata specifications. Jeff mentioned that the
Metadata exchange protocol are based on published IETF RFCs. Scott and Jahan
mentioned that the Liberty 1.1 specs have been formally submitted to OASIS
for consideration.

**
Scott moved  to adjourn. Meeting adjourned at 10:07 PDT.

**
Attendance of Voting Members:
Irving Reid Baltimore
Hal Lockhart BEA
Krishna Sankar Cisco
John Hughes Entegrity Solutions
Jason Rouault HP
Scott Cantor Individual
Bob Morgan Individual
Darren Platt Individual
Rebekah Lepro NASA
Prateek Mishra Netegrity
Frederick Hirsch Nokia
Charles Knouse Oblix
Steve Anderson OpenNetwork
John Linn RSA Security
Rob Philpott RSA Security
Jahan Moreh Sigaba
Bhavna Bhatnagar Sun
Jeff Hodges Sun
Eve Maler Sun
Emily Xu Sun
Phillip Hallam-Baker Verisign

Attendance of Observers or Prospective Members:
Eric Gravengaard Reactivity
Maryann Hondo IBM
John Kemp Individual

Membership Status Changes:
Edward Coyne SAIC - Withdrew 9/11/2003
Louisa Saunier HP - Withdrew 9/12/2003
Eric Gravengaard Reactivity - Granted voting status after 9/16/2003 call
Maryann Hondo IBM - Granted voting status after 9/16/2003 call