OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Draft Minutes for SSTC Conference Call, Mar 14, 2006


Moved SAML Protocol Extensions for Third-Party Requests and SAML Metadata Extension for Query Requesters to Committee Draft status, and moved to submit same to OASIS for public review.


Editors (Scott / Eve) to make necessary changes to the above specifications for Committee Draft status.

Chairs (Prateek) to submit the documents to OASIS for public review.

Rob Philpott / Rick Randall: Make sure changes to resolve Action Item #0242: "Recommended text for SAML Attr Sharing Profile" are made.

Jahan Moreh: open a Potential Erratum based on http://www.oasis-open.org/archives/saml-dev/200603/msg00017.html

 1. Roll Call
2. Approve minutes from 28-Feb con-call
http://www.oasis-open.org/archives/security-services/200602/msg00067.html  <http://www.oasis-open.org/archives/security-services/200602/msg00067.html>


3. Election of Co-Chair
Hal Lockhart, BEA elected Co-Chair, SSTC
http://www.oasis-open.org/archives/security-services/200603/msg00010.html <http://www.oasis-open.org/archives/security-services/200603/msg00010.html>

Thanks to Abbie Barbir and Hal Lockhart for their interest in the SSTC.

Election is complete, Hal is the new co-chair. Congratulations.

4. Remarks from Colin Wallis on  Emerging Crypto Algs SAML Conf Spec

Colin Wallis: Government security folks in New Zealand (GCSB) have published new specifications on crypto algorithm selection, in parallel with work coming out of NIST and similar bodies. In particular, government agencies are leaning toward Elliptic Curve cryptography. Currently the crypto algorithms recommended by SAML are those supported by W3C, so changes may need to be made there.

Rob Philpott: Also some concern with availability of implementations for emerging algorithms.

Hal Lockhart: There is not currently any effort at W3C to investigate new cryptographic algorithms or other security issues. Doesn't feel that SAML should go out on a limb and profile new crypto.

Rob: Should we include some explanatory text about why we list the algorithms we do?

Colin: That would be helpful

5. Remarks from Abbie Barbir, Olivier Dubuisson, on ITU-T
standardization status

Prateek Mishra: Some question about the role of errata in the ITU-T standardisation process

Abbie Barbir: Thought that errata could be ignored, but on closer review some are required for interoperability.

Rob: None are normative changes, but some are clarification of intent.

Abbie: Erratum #36 is an example of one that is significant. For an implementer of the ITU-T version of the spec, lack of access to the errata would cause grief.

Abbie: Could publish errata as non-normative ITU-T note

Jamie: ITU-T want to put their stamp on a stable version; they need to understand that our errata do not indicate an unstable specification.


Jamie: ITU-T only want to deal with things that are declared OASIS Standard; need to be more formal about real specs, while having a non-normative channel to convey to users of the ITU-T versions of the specs that there is an errata process within OASIS.

Prateek: As Rob suggested, perhaps the TC needs to declare the current set of errata as a CD.

Abbie: This could add a significant turnaround time

Rob: Would CD be enough for ITU-T, or does it have to be OASIS standard?


Abbie: We don't need to rework our errata, we just need to publish a current version at a stable location so that the ITU-T version of the spec can refer to it.

6. CD Vote (Full Majority Vote Required)
http://www.oasis-open.org/apps/org/workgroup/security/download.php/16913/draft-sstc-saml-protocol-ext-thirdparty-01.pdf <http://www.oasis-open.org/apps/org/workgroup/security/download.php/16913/draft-sstc-saml-protocol-ext-thirdparty-01.pdf>
http://www.oasis-open.org/apps/org/workgroup/security/download.php/16914/sstc-saml-protocol-ext-thirdparty.xsd <http://www.oasis-open.org/apps/org/workgroup/security/download.php/16914/sstc-saml-protocol-ext-thirdparty.xsd>
http://www.oasis-open.org/apps/org/workgroup/security/download.php/16910/draft-sstc-saml-metadata-ext-query-01.pdf <http://www.oasis-open.org/apps/org/workgroup/security/download.php/16910/draft-sstc-saml-metadata-ext-query-01.pdf>
http://www.oasis-open.org/apps/org/workgroup/security/download.php/16911/sstc-saml-metadata-ext-query.xsd <http://www.oasis-open.org/apps/org/workgroup/security/download.php/16911/sstc-saml-metadata-ext-query.xsd>

Hal: should we schedule an electronic ballot? Do we need to go through Mary for that?

Some agreement expressed.

Jeff Hodges: Move that the committee declare the four specs listed in 6.(a)-(d) to be Committee Drafts.

Rob: seconds

No discussion, no objections. Motion carries.

Editor (Scott / Eve) will make the necessary changes to the documents, and add them to the CD section of the web page

Hal: Moves that these documents go to public review once the CD changes are made.

Jeff: seconds

No discussion, no objections. Motion carries.

Chairs are directed to prepare the documents and submit them to OASIS for public review.

7. Active Threads
*Audience Restriction nit... <msg00001.html>*
http://www.oasis-open.org/archives/security-services/200603/msg00001.html <http://www.oasis-open.org/archives/security-services/200603/msg00001.html>

b. *Additional errata for PE45*

c. *SubjectConfirmation errata < msg00008.html>*

Interested folks are not on the call.

Rob: is there anything on the saml-dev list that needs TC consideration?

Prateek: anyone want to bring one of those issues before the TC?

Rob: do we want to create an erratum around the artifact format discussion, such as the point that format 0x04 was intended to be mandatory to implement?

Prateek: Action for Jahan: saml-dev message number 17 in March  (http://www.oasis-open.org/archives/saml-dev/200603/msg00017.htmlcontains a potential erratum.

8. Open AIs

#0250: PE 43
Owner: Heather Hinton
Status: Open
Assigned: 2006-02-13
Due: ---

No discussion.


#0248: Provide draft of IBM's SAML 2.0 research report
Owner: Anthony Nadalin
Status: Open
Assigned: 2006-02-13
Due: ---

No discussion.


#0245: Per 17-Jan con-call: Greg W. to propose some clarifying text for
the attribute profile section re: the issues discussed on the call.
Owner: Greg Whitehead
Status: Open
Assigned: 2006-01-30
Due: ---

No discussion.


#0242: Recommended text for SAML Attr Sharing Profile
Owner: Rob Philpott
Status: Open
Assigned: 2006-01-17
Due: ---

Rob: changes must be put in the document before it goes to public review. Rob to sync up with Rick Randall to make sure changes are made.

#0240: Status of SAML 2.0 submission to ITU T
Owner: Olivier Dubuisson
Status: Open
Assigned: 2005-11-07
Due: ---

Discussed above.

#0238: Plan for red-line versions of SAML 2.0
Owner: Eve Maler
Status: Open
Assigned: 2005-11-07
Due: ---

No discussion.

#0230: SAML Conformance SSL/TLS requirements
Owner: Eric Tiffany
Status: Open
Assigned: 2005-09-12
Due: ---

No discussion.


Any other business? No.

Call for updates to attendee list.

Rob moves to adjourn.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]