Minutes for SSTC 30-Aug con-call

["Hal Lockhart" <hlockhar@bea.com>]

Minutes for SSTC 30-Aug con-call 

[Connor to do minutes next time.]
 

> Attendance/call to order. 

Done. Quorum Achieved.

> Approve minutes from 16-Aug con-call 


Done

> Document update: xpath attribute profile: 
> Latest draft: draft-saml-xpath-attribute-profile-06.pdf 
> Email: Constraining the xpath in the xpath attribute profile 
> Email: thread re: schema in the document 
> Ready for a CD vote? 

Approved Unanimously

> Document update: Technical Overview: 
> Review meeting: Re: [security-services] Technical Overview 
> review meeting Aug 24 noonPT 
> Next steps? 

Document has been restructured, little content changed.
Targeting for CD vote on Sept 13.

> Document update: Errata 
> Groups - sstc-saml-errata-2.0-draft-14.pdf uploaded

PE25 is newly added.

Discussion as to whether PE25 is appropriate for errata. Optional feature, but mandatory to implement is feature is implemented.

Discussion about whether well-known port mechanism should be "required to implement."

Discussion of whether to plan for SAML 2.1. (or 2.01)

Concern that putting out new version will impact adoption.

Proposed that both options be allowed. More comfortable to accept that as errata.

Action Item - Nick to draft proposal to allow either option.

 
> Several votes are pending on PE items 
> Scott follow-up message on PE26: Draft #4 text for SSO profile 

Currently under discussion.

Draft 4 makes signing a response explicitly legal.
And makes it explicit that all assertions must have same issuer.

Draft #4 changes unanimously approved.

PE #7 (Jahan) and PE #10 (Rob) still open. 

> Other discussion threads 
> Announcing the November Liberty Alliance 
> InteroperabilityConformance Event 

Noted.

> SOAP client cert authn and how it relates to SAML messages 

Discussion if clarification is needed in spec, Perhaps in Security Considerations.

Action Item - Scott to propose text.

> FW: [members] TC Process change to attendance rules 

Noted.

> RE: [security-services] Fwd: SAML Conformance SSL/TLS requirements 

Eric is concerned because implementation will be able to run over TLS, but spec actually says you must implement TLS.

Action Item - Eric to draft text.

> Open AI's (see list below) 
>  
> Open AI's:
> #0180: Need to update SAML server trust document Owner: Jeff Hodges

Is it still useful to do this? Perhaps put an extract in Tech overview? Jeff will not be able to complete. Considered useful information.

Leave open, but unassigned.

> #0216: Formulate some suggested redline text for E7 for 
> review. Owner: Jahan Moreh 

Should be changed to PE10. Still pending.

> #0223: Proposal for subcommittee to address enhancing SAML Adoption.

Merritt Maxim is owner. 

TC process requires proposal to list for discussion and vote. To be done prior to next meeting.
 
> #0224: Re-work X.509 Authn attribute protocol profile to 
> address SSTC comments. Owner: Rick Randall

Satisfied to leave it as CD. 

Rob to confirm.

> #0225: Third-party AuthnRequest use case Owner: Scott Cantor

No change.

> #0229: Suggest support for passing SAML URI Reference to WSS 
> Owner: ronald Monzillo

Prateek has status.

> Any other business 
> Adjourn 


Hal Lockhart