[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] Minutes of OASIS SSTC focus group meeting for Sep3, 2002
Started at 12:01 EDT. This was a Focus Group meeting Agenda 1. WSSTC & profile of SAML thereof 2. mike just: credentials collection discussion 3. Jeff H: 1.x SAML release: to-do items, signups? 4. re-do charter to reflect post-1.0 5. eve maler: upcoming sstc schedule (eg: biweekly concalls?) -------------------------------------------------------------- Actions items: ------------------------------------> Mike Just to submit a proposal on Credentials Collection Eve Maler to propose changes for fixing the Fragment Identifier issue Scott Cantor to take the XML DSIG discussions from the thread and turn it to a "best practices" document Carlisle Adams to take the "Standardize Issuer Format" back to the XACML for more clear requirements and/or proposal. Eve to ask other TCs about how they did their charter modifications. Agenda items for Sep 17: ------------------------------------> Review of action items. Discussion on fragment identifiers. Discussion on credentials collection 1. WSSTC and SAML Profile ----------------------> Jeff: My understanding is that profiling SAML in the context of WSSTC is officially on the table. There are now two approaches, one submitted by Prateek on behalf of OASIS SSTC. The second is an effort between IBM, Microsoft and Verisign (Phil Hallam-Baker). Prateek: We have submitted the draft (10 days ago). Subsequently there were a couple of questions regarding the submission. We clarified that this is in fact a submission from the OASIS SSTC. We have also clarified that the IP status is similar to other OASIS standards/submissions. Carlisle: Why was the addendum submitted? Maryann: The addendum was posted as a result of interoperability. Also, there were two sumbissions one on SAML profile and the other on XrML profiles. The SAML profiles sumbitted is very similar to the profile submitted by the SSTC. Jeff H: In Summary, the SSTC is fairly assured that the WSSTC is going to address the SAML profile. 2. Credential Collection ----------------------> Mike Just: propose to move forward with this item. Mike will draft a proposal by next Friday so that we can discuss it on our next call on Sep 17. Carlisle: there are a few people interested in this item. Bob Morgan: yes, there was quite a lot of interest. It narrowly missed being part of SAML 1.0 3. Discussion of TODO list -----------------------> Fragment Identifier Jeff H: Fragment Identifier requires change to normative spec. Eve: Yes, the change is minor. Eve will take this item and will propose changes. Asserion Cache -------------- Eve: We should keep the "assertion cache" issue open until we have more people on the call to decide if we want to drop this or take it on. XML DSIG --------- Jeff: XML DSIG issue needs to be looked into. We could profile XML DSIG more narrowly. Also, there is the issue of canonicalization which is now finalized in XML DSIG. This is an important item and we should more precisely specify it. Can we do some tightening up in 1.x or would making any changes beyond a separate "best practices" makes sense? Scott Cantor: We can make some minor revisions in the spec, which can also be in the best practices document. Jeff: We certainly do not want to break backward compatibility. Scott Cantor will take the XML DSIG discussions from the thread and turn it to a "best practices" document Standardize issuer name formats (request came from XACML) ---------------------------------------------------------- Jeff H: This is issue DS-8-6 Eve: This was talked about and dropped, but again came up from the XACML folks Jeff H: It appears that this issue was closed. We can turn it back to deferred. Eve: It sure seems simple to solve this problem. Bob Morgan: The counter observation is that nobody seems to know what the "issuer" really is since the security of the assertion is based on the signer's identity. Therefore any write-up on this should consider the security issues and not just address the format of the issuer attribute. Jeff: Carlisle, please take this back to the XACML for more clear requirements and/or proposal. Figure out versioning of modularly published profile and binding specs ----------------------------------------------------------------------- Jeff H: This could be a very simple change. Prateek: We do have a requirement that there needs to be a unique identifier associated with each profile. Jeff H: The larger question is if our profile registration template sufficient. This could be a non-issue. We will leave this item for now and see if any other profiles come out. Sharpen conformance language around the notions of profiles vs. extensions ----------------------------------------------------------------------- Jeff H: I will have to look at the conformance language to see what is written. We had discussed this last time. Profiles do not extends the schema bit extensions do. It would be good to distinguish between the two. We need to first determine if this is an issue. We will table this issue. Formalizing operational agreements between sites ------------------------------------------------- Jeff H: this grew out of the Liberty specs as well as SAML interoperability effort. Bob Morgan: A lot of Shibboleth work has been precisely this. Don: this could be a very big architectural discussion. Bob Morgan: there are many layers at which we can discuss this. Jeff H: Someone who is active in SAML DEV can shepherd this and then report back to the STCC. Maryann: Is there a liaison relationship with WSI and would that be an appropriate forum? Jeff H: Are there any STCC people who are active in WSI? An approach could be to gather the various usages (Shibboleth, Liberty, SAML interop) and reference it as a starting point. 4. Redo Charter ----------------> Eve: We'd like to modify the charter to accurately reflect our current thinking. We'd like to finalize this by the end of year. You are allowed to clarify your charter, so there is some room for modifications. Eve will ask other TCs about how they did their charter modifications. 5. SSTC Schedule -----------------> Eve: we have the con call number until Dec. 10. Do we want to change anything. Group: we will keep our biweekly conference calls. 6. Adjourned at 13:23 EDT Attendees Voting members -------------- Ronald Jacobson Computer Associates Mingde Xu CrossLogix Hal Lockhart Entegrity Carlisle Adams Entrust Don Flinn Hitachi Jason Rouault HP Maryann Hondo IBM Prateek Mishra Netegrity Jahan Moreh Sigaba Bhavna Bhatnagar Sun Jeff Hodges Sun Eve Maler Sun Emily Xu Sun Bob Morgan UWashington Prospective members -------------------- Mike Just Entrust --------------------------- Jahan Moreh Chief Security Architect tel: 310.286.3070 fax: 310.286.3076
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC