OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Draft minutes for 14-Feb-2006 SSTC con-call

> 1. Roll Call

Attendance information to follow.

> 2.
> Approve minutes from 31-Jan con-call
> http://www.oasis-open.org/archives/security-services/200601/msg00061.html

APPROVED by unanimous consent.

> 3.
> FYI: Announcing the March Liberty AllianceInteroperability Conformance 
> Event
> http://www.oasis-open.org/archives/security-services/200602/msg00011.html

This is just an FYI.

New administrative agenda item: consideration of the XACML TC's 
"SAML profile of XACML":


Eve moved and Hal seconded that we include a (non-endorsing) link to 
this material on our website.  APPROVED by unanimous consent.

AI: Eve to add a link for the SAML V2.0 profile of XACML V2.0 to the 
SSTC website's courtesy-links section.

> 4.
> Rob Philpot steps down as Chair after 3+ years
> http://www.oasis-open.org/archives/security-services/200602/msg00030.html
> (a) Rob cannot attend today but will join us for the meeting on the 28th
> (b) Motion: Thank Rob for his leadership of the TC and work on 
> specifications;
> includes SAML 1.1 thru SAML 2.0 and several recent drafts.

Eve moved and both Hal and Jeff seconded :-).  APPROVED by unanimous 
consent.  Thanks, Rob, for all your contributions and hard work!

> (c)  Schedule election for new Co-Chair on the 28th. Please nominate 
> yourself if
> interested.
> TC process link: http://www.oasis-open.org/committees/process.php#2.7

Voting members: take note and be sure to attend the meeting on 
February 28 for this.

Nominations may be made by email (preferred) or on the next call.

> 5.
> Vote on initiating public review of CDs (Full Majority Vote)

Some editorial work has been requested on one of these drafts.  If 
they don't change the semantics materially, it could be appropriate 
to go ahead and conduct our public-review vote.

Ashish: Notes that Paul Madsen recently asked a question about 
bundling of current vs. future extensions.  Scott: However, this 
particular draft, the protocol extensions document, is not up for a 
public-review vote.

Paul's message:

Scott: Moves to put all four of the (below-listed: 5a-d) CDs into 
public review.  Greg seconds.  (But see below for a change to the 

Hal: Are the drafts in question scheduled for revision in the near 
future?  Scott: Other than Rob's commentary, which could be 
construed as public-review-type comments, no.  The docs have not 
changed since officially published as CDs.  There is a question 
surrounding namespaces (single or per-extension), which relates to 
Ashish's point and could affect the metadata extension document (5c 
below) in minor fashion -- involving namespace changes.

Eve: Do we want to delay two weeks while we decide this?  Scott: 
Let's discuss today, but not hold up the public-review vote. 
Deciding this issue will help us know how to go forward with 
extensions in general.  Jeff: Would like to document the methodology 
and have that be unchanging.  Scott: But each schema would want to 
change along with the namespace.  Having a general policy is good, 
though.  Jeff: Cares mostly about the protocol extensions document 
(6 below; not up for public-review voting).

Greg: If the protocol extension were in the original core spec, the 
namespace would be fairly general.

Scott: Notices that the metadata extensions document is badly off 
when it comes to managing this issue, so he'd like to pull it out of 
consideration for public review (modifying the motion) so it can be 

Modified motion: Put *three* of the documents into public review 
(5a, 5b, 5d).  APPROVED by unanimous consent.

> a.
> Committee Draft of SAML Attribute Sharing Profile for X.509 
> Authentication-Based Systems
> http://www.oasis-open.org/committees/download.php/14006/sstc-saml-x509-authn-attrib-profile-cd-01.pdf 

To be put into public review (see above).

> b.
> Committee Draft of SAML XPath Attribute Profile (HTML version also 
> available; accompanying schema)
> http://www.oasis-open.org/committees/download.php/16112/sstc-saml-xpath-attribute-profile-cd-01.pdf 
> Schema: 
> http://www.oasis-open.org/committees/download.php/14194/draft-saml-schema-xpath-attribute-profile-1.xsd 

To be put into public review (see above).

> c.
> Committee Draft of SAML Metadata Extension for a Standalone Attribute 
> Requester
> http://www.oasis-open.org/committees/download.php/13845/sstc-saml-metadata-ext-cd-01.pdf 
> Schema: 
> http://www.oasis-open.org/committees/download.php/13846/sstc-saml-metadata-ext.xsd 

Scott would like to revise this before proposing it for public 
review (see above).

> d.
> Committee Draft of SAML V1.x Metadata Profile
> http://www.oasis-open.org/committees/download.php/13254/sstc-saml1x-metadata-cd-01.pdf 
> Schema: 
> http://www.oasis-open.org/committees/download.php/13255/sstc-saml1x-metadata.xsd 

To be put into public review (see above).

> 6.
> New/Updated drafts published to SSTC
> http://www.oasis-open.org/apps/org/workgroup/security/download.php/16632/draft-saml-protocol-ext-02.pdf 

(See above for additional discussion about namespace selection for 
this document.)

Prateek: Is the idea to have a core namespace for all extensions? 
Jeff: Yes, if the extensions come from this TC.  The idea is for it 
to be less work to do more extensions.  Greg: Is ambivalent.  Might 
it be easier to have separate documents?  Jeff: We don't have a 
clear procedure for superseding prior documents.  Eve: Concerned 
about creating a namespacing framework that's too heavyweight.

Scott: Has decided there's likely more pain in doing a single 
document.  The only cost to implementing the "multiple namespaces" 
approach is that the metadata extension document we already produced 
will probably need a namespace change, so he'll have to produce a 
new draft and we'll have to do a new CD vote for it.

AI: Scott to submit new drafts of the metadata extension document 
and the protocol extension document (may require breaking up the 
latter into multiple documents) for consideration as CDs.

AI: Prateek to get OASIS processes in the works to start public 
review of the X.509 Attribute CD, the XPath Attribute CD, and the 
SAML V1.1 Metadata Profile CD.

> 7.
> Recent Threads
> a.* ECP profile question*
> http://www.oasis-open.org/archives/security-services/200602/msg00002.html

Brian: His original proposal for a fix was improved upon by Thomas:


Jahan: He reopened PE 35 and captured the discussion and the latest 
proposal from Thomas.

Scott: The "relative URL" bit comes from the PAOS spec, and he's not 
crazy about it since it requires the client to be responsible for 
expanding the URL.  Brian (?): We shouldn't be promoting non-ideal 
examples, since people use those as implementation guides.  Scott: 
Let's not list a relative URL.

Prateek: Can we do a hard restriction against relative URIs?  Scott: 
If we make this a SHOULD NOT, it doesn't help implementors much, but 
at least we avoid a new version of the profile.  At least the 
example shouldn't show the non-desired behavior.  Eve: Let's at 
least do the soft restriction and fix the example for now, since 
this can be an erratum.

AI: Brian to write up a new PE35 proposal, adding a soft restriction 
on relative URLs and changing the example to match.

> b. *Revised encryption guidelines text*
> http://www.oasis-open.org/archives/security-services/200602/msg00020.html

This is PE43.

Scott: He has prepared what is mostly a wholesale replacement of the 
encryption section.  The use cases have been made consistent, so as 
not to confuse people.  Both forwards and backwards references (data 
to key, key to data) are SHOULDs.  Heather: This is looking good; an 
improvement on her original text.

Scott: People should review the new text!  And it needs to be run 
against a validator.

Eve: How easy would it be to produce a red-line version?  Scott: A 
wholesale change indicating lines xxx-yyy would be most appropriate.

Prateek: We will vote on this change next time.

AI: Heather will attempt to validate the schema changes before next 
week.  (This is a continuation of AI #0250; see below.)

> c. Question about shared credential use-case
> http://www.oasis-open.org/archives/security-services/200602/msg00001.html

This remains open.

> d. *AuthnContext comparison clarifications*
> http://www.oasis-open.org/archives/security-services/200602/msg00024.html

There is no current PE for this.  Scott: He took an AI a long time 
ago to look into potential improvements.  He has come up with a 
candidate paragraph that explains what we meant regarding individual 
authentication contexts (vs. some kind of precedence order of the 

AI: Jahan to create a new PE with Scott's suggestion.

> 8.
> Errata Review
> http://www.oasis-open.org/apps/org/workgroup/security/download.php/16655/sstc-saml-errata-2.0-draft-23.pdf 


Jahan: He had an AI to propose text (see line 283 in Errata rev 23).

Jahan: Moves to accept his proposed text.  Eve seconds.  ACCEPTED by 
unanimous consent.

PE10 is now closed and approved.

PE23: Still open.

PE35: Just discussed.

PE43: Just discussed.

New PE44:

This is about "constrained delegation", but we want to rename it. 
Scott will propose something.

> 9.
> Open AIs
> #0251: Comment on Shared credential draft document
> Owner: Hal Lockhart
> Status: Open
> Assigned: 2006-02-13
> Due: ---

Closed.  Hal sent a comment recently:


> #0250: PE 43
> Owner: Heather Hinton
> Status: Open
> Assigned: 2006-02-13
> Due: ---

This one is still open pending the validation activity Heather 
promised above.

> #0249: Open an erratum place holder for Constrained Delegation
> Owner: Jahan Moreh
> Status: Open
> Assigned: 2006-02-13
> Due: ---

Closed; this is PE44.

> #0248: Provide draft of IBM's SAML 2.0 research report
> Owner: Anthony Nadalin
> Status: Open
> Assigned: 2006-02-13
> Due: ---

Still open.

> #0247: As per 17-Jan call: Prateek has received some feedback on the 
> constrained delegation profile and will produce a revision next week.
> Owner: Prateek Mishra
> Status: Open
> Assigned: 2006-01-30
> Due: ---

Closed; Prateek and Scott have agreed on a slightly different approach.

> #0246: Jahan to revise the PE 10 wording proposal "clarifying that 
> anyURI is indeed the right interpretation" for the Reason attribute.
> Owner: Jahan Moreh
> Status: Open
> Assigned: 2006-01-30
> Due: ---

Closed; PE10 closed today.

> #0245: Per 17-Jan con-call: Greg W. to propose some clarifying text for 
> the attribute profile section re: the issues discussed on the call.
> Owner: Greg Whitehead
> Status: Open
> Assigned: 2006-01-30
> Due: ---

Still open.  Greg: He has no recollection of this!  Will figure it out.

> #0243: Clean up text in Section (RequestedAuthNContext)
> Owner: Scott Cantor
> Status: Open
> Assigned: 2006-01-17
> Due: ---

Closed; discussed above.

> #0242: Recommended text for SAML Attr Sharing Profile
> Owner: Rob Philpott
> Status: Open
> Assigned: 2006-01-17
> Due: ---

Still open.

> #0240: Status of SAML 2.0 submission to ITU T
> Owner: Olivier Dubuisson
> Status: Open
> Assigned: 2005-11-07
> Due: ---

Still open.  Hal: Abbie should be our main contact.  The process is 
proceeding -- it's the "mulling" period. :-)

> #0238: Plan for red-line versions of SAML 2.0
> Owner: Eve Maler
> Status: Open
> Assigned: 2005-11-07
> Due: ---

Still open.

> #0234: Nick to prepare some text for PE 23.
> Owner: Nick Ragouzis*
> Status: Open
> Assigned: 2005-10-10
> Due: ---

Still open; discussed above.

> #0230: SAML Conformance SSL/TLS requirements
> Owner: Eric Tiffany
> Status: Open
> Assigned: 2005-09-12
> Due: ---

Still open.

> #0180: Need to update SAML server trust document
> Owner: Status: Open
> Assigned: 2004-07-12
> Due: ---

Closed with no action.  Scott: No one has been clamoring for it, and 
if we did work on it, it would contribute to an implementor's guide 
more than anything.

- AOB:

Hal: Notes that Jahan will be speaking at RSA on SAML, and Hal will 
be following with an XACML talk.  RLBob: He's speaking Thursday on 
UI issues, with a SAML connection.

Late arrivers: Jahan.


Eve Maler                                         +1 425 947 4522
Technology Director                           eve.maler @ sun.com
CTO Business Alliances group                Sun Microsystems, Inc.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]