OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes from SSTC Focus group call, Feb 10, 2004

Eve Maler
Rob Philpott
Scott Cantor
Jeff Hodges
Mike McIntosh
John Lien
Bhavna Bhatnagar
Tim Alsop
Paula Austel
John Hughes
Irving Reid
John Kemp
Bob Morgan

1. SOAP client use-case

Mike McIntosh: discusses the document that has been published by Tony Nadalin.
Mike suggests that the group look at a summary he has published Tuesday AM
at 11.30. 


SOme of the concerns here are: use of WSS to secure AuthNRequest and AuthResponse
response pairs and identification of different roles using token references
and other WSS components.

Scott Cantor: separate between the general case and specific implementation.
Need to scope which of the complex models we want to work through in SAML 2.0.

Mike: concern that the specification as it stands does not capture the semantics
published use-case.

Scott: (1) Proposed change to AuthNRequest and AuthResponse protocol (2) additional
layer that is based on WSS (this is sort of a binding but not quite?). Need to figure
out what the roles are. Holder-of-key case message from Ron is relevant:


5. Revising the AuthNRequest and AuthNResponse protocol


Scott points us to http://lists.oasis-open.org/archives/security-services/200402/msg00077.html

Works through each of the four roles he has identified in his message. Need to represent one 
entity requesting an assertion and another entity which stands for the subject. Further, follow-up
on this topic can be found in messgage:


Ron: need more information than confirmation method but less than subject confirmation for (2)

Prateek: What is the action here for the SSTC? 

Scott: Review and comment on the four roles and the schema given in:


Scott and Prateek: originators of SOAP client use-case and Kerberos use-case should review
this schema and and roles and determine if it meets their needs. What are the gaps?

Eve: concerns about prioritization and timing of this work item. 

Bob Morgan: it is hard to write the specific details for each of the individual cases such as 
delegation, SOAP client and Kerberos for providing real solutions.

6. Kerberos Use-Case

The document draft-sstc-solution-profile-kerberos-03.pdf has been submitted by Tim Alsop 

Tim Alsop: new draft integrates new information that has been placed. Encourages the group
to look at the draft and focus on Figure 1.

Prateek: Can we reduce the number of arrows we need to consider in SAML 2.0?

Scott: Maybe consider only AuthNRequest and AuthNResponse pair? 

Tim Alsop: concerns about SOAP binding, people may want to use other bindings for their problem

Scott: calls for continuing discussion of notion of impersonation as initiated by Ron.

7. John Hughes

MS-Windows, DCE models for groups and roles cannot be represented yet in SAML. Certain use-cases
concerning names cannot be described within SAML 1.1.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]