[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes from SSTC Focus group call, Feb 10, 2004
Eve Maler Rob Philpott Scott Cantor Jeff Hodges Mike McIntosh John Lien Bhavna Bhatnagar Tim Alsop Paula Austel John Hughes Irving Reid John Kemp Bob Morgan 1. SOAP client use-case Mike McIntosh: discusses the document that has been published by Tony Nadalin. Mike suggests that the group look at a summary he has published Tuesday AM at 11.30. http://lists.oasis-open.org/archives/security-services/200402/msg00084.html SOme of the concerns here are: use of WSS to secure AuthNRequest and AuthResponse response pairs and identification of different roles using token references and other WSS components. Scott Cantor: separate between the general case and specific implementation. Need to scope which of the complex models we want to work through in SAML 2.0. Mike: concern that the specification as it stands does not capture the semantics published use-case. Scott: (1) Proposed change to AuthNRequest and AuthResponse protocol (2) additional layer that is based on WSS (this is sort of a binding but not quite?). Need to figure out what the roles are. Holder-of-key case message from Ron is relevant: http://lists.oasis-open.org/archives/security-services/200402/msg00049.html 5. Revising the AuthNRequest and AuthNResponse protocol http://lists.oasis-open.org/archives/security-services/200402/msg00065.html Scott points us to http://lists.oasis-open.org/archives/security-services/200402/msg00077.html Works through each of the four roles he has identified in his message. Need to represent one entity requesting an assertion and another entity which stands for the subject. Further, follow-up on this topic can be found in messgage: http://lists.oasis-open.org/archives/security-services/200402/msg00065.html Ron: need more information than confirmation method but less than subject confirmation for (2) Prateek: What is the action here for the SSTC? Scott: Review and comment on the four roles and the schema given in: http://lists.oasis-open.org/archives/security-services/200402/msg00065.html Scott and Prateek: originators of SOAP client use-case and Kerberos use-case should review this schema and and roles and determine if it meets their needs. What are the gaps? Eve: concerns about prioritization and timing of this work item. Bob Morgan: it is hard to write the specific details for each of the individual cases such as delegation, SOAP client and Kerberos for providing real solutions. 6. Kerberos Use-Case The document draft-sstc-solution-profile-kerberos-03.pdf has been submitted by Tim Alsop Tim Alsop: new draft integrates new information that has been placed. Encourages the group to look at the draft and focus on Figure 1. Prateek: Can we reduce the number of arrows we need to consider in SAML 2.0? Scott: Maybe consider only AuthNRequest and AuthNResponse pair? Tim Alsop: concerns about SOAP binding, people may want to use other bindings for their problem domain. Scott: calls for continuing discussion of notion of impersonation as initiated by Ron. 7. John Hughes MS-Windows, DCE models for groups and roles cannot be represented yet in SAML. Certain use-cases concerning names cannot be described within SAML 1.1. http://lists.oasis-open.org/archives/security-services/200402/msg00066.html
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]