OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes for SSTC 30-Aug con-call {Corrected}

Minutes for SSTC 30-Aug con-call 

[Connor to do minutes next time.]

> Attendance/call to order. 

Attendance of Voting Members

  Abbie Barbir Nortel

  Conor P. Cahill AOL, Inc.

  Brian Campbell Ping Identity

  Scott Cantor Internet2

  Guy Denton IBM

  Heather Hinton IBM

  Frederick Hirsch Nokia

  John Hughes Individual

  Ari Kermaier Oracle

  Hal Lockhart BEA Systems, Inc

  Paul Madsen NTT USA

  Eve Maler Sun Microsystems

  Jahan Moreh Sigaba

  Bob Morgan Internet2

  Cameron Morris Novell

  Vamsi Motukuru Oracle

  Rob Philpott RSA Security

  Darren Platt Ping Identity

  Nick Ragouzis Individual

  David Staggs Veteran's Health Admin

  Thomas Wisniewski Entrust

Attendance of Non-Voting Members

  Steve Anderson BMC Software

  Sharon Boeyen Entrust

  Carolina Canales-Valenzuela Ericsson

  Jeff Hodges NeuStar

  Dana Kaufman Forum Systems

  Jim Lien RSA Security

  Merritt Maxim CA

  Ron Monzillo Sun Microsystems

  Ashish Patel France Telecom

  Gilbert Pilz BEA Systems, Inc.

  Rick Randall Booz Allen Hamilton

  Eric Tiffany IEEE Industry Standards

Membership Status Changes

  Rob Philpott RSA Security - Returned from LOA before 8/30 concall

  Senthil Sengodan Nokia - Lost Voting Status after 8/30/2005 call

  Steve Anderson BMC Software - Granted Voting Status after 8/30/2005

  Sharon Boeyen Entrust - Granted Voting Status after 8/30/2005

  Carolina Canales-Valenzuela Ericsson - Granted Voting Status after 8/30/2005

  Jeff Hodges NeuStar - Granted Voting Status after 8/30/2005

  Dana Kaufman Forum Systems - Granted Voting Status after 8/30/2005

  Ashish Patel France Telecom - Granted Voting Status after 8/30/2005

  Gilbert Pilz BEA Systems, Inc. - Granted Voting Status after 8/30/2005

  Eric Tiffany IEEE Industry Standards - Granted Voting Status after 8/30/2005

Quorum Achieved.

> Approve minutes from 16-Aug con-call 


> Document update: xpath attribute profile: 
> Latest draft: draft-saml-xpath-attribute-profile-06.pdf 
> Email: Constraining the xpath in the xpath attribute profile 
> Email: thread re: schema in the document 
> Ready for a CD vote? 

Approved Unanimously

> Document update: Technical Overview: 
> Review meeting: Re: [security-services] Technical Overview 
> review meeting Aug 24 noonPT 
> Next steps? 

Document has been restructured, little content changed.
Targeting for CD vote on Sept 13.

> Document update: Errata 
> Groups - sstc-saml-errata-2.0-draft-14.pdf uploaded

PE25 is newly added.

Discussion as to whether PE25 is appropriate for errata. Optional feature, but mandatory to implement is feature is implemented.

Discussion about whether well-known port mechanism should be "required to implement."

Discussion of whether to plan for SAML 2.1. (or 2.01)

Concern that putting out new version will impact adoption.

Proposed that both options be allowed. More comfortable to accept that as errata.

Action Item - Nick to draft proposal to allow either option.

> Several votes are pending on PE items 
> Scott follow-up message on PE26: Draft #4 text for SSO profile 

Currently under discussion.

Draft 4 makes signing a response explicitly legal.
And makes it explicit that all assertions must have same issuer.

Draft #4 changes unanimously approved.

PE #10 (Jahan) and PE #7 (Rob) still open. 

> Other discussion threads 
> Announcing the November Liberty Alliance 
> InteroperabilityConformance Event 


> SOAP client cert authn and how it relates to SAML messages 

Discussion if clarification is needed in spec, Perhaps in Security Considerations.

Action Item - Scott to propose text.

> FW: [members] TC Process change to attendance rules 


> RE: [security-services] Fwd: SAML Conformance SSL/TLS requirements 

Eric is concerned because implementation will be able to run over TLS, but spec actually says you must implement TLS.

Action Item - Eric to draft text.

> Open AI's (see list below) 
> Open AI's:
> #0180: Need to update SAML server trust document Owner: Jeff Hodges

Is it still useful to do this? Perhaps put an extract in Tech overview? Jeff will not be able to complete. Considered useful information.

Leave open, but unassigned.

> #0216: Formulate some suggested redline text for E7 for 
> review. Owner: Jahan Moreh 

Should be changed to PE10. Still pending.

> #0223: Proposal for subcommittee to address enhancing SAML Adoption.

Merritt Maxim is owner. 

TC process requires proposal to list for discussion and vote. To be done prior to next meeting.
> #0224: Re-work X.509 Authn attribute protocol profile to 
> address SSTC comments. Owner: Rick Randall

Satisfied to leave it as CD. 

Rob to confirm.

> #0225: Third-party AuthnRequest use case Owner: Scott Cantor

No change.

> #0229: Suggest support for passing SAML URI Reference to WSS 
> Owner: ronald Monzillo

Prateek has status.

> Any other business 
> Adjourn 

Hal Lockhart

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]