[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Draft Minutes for SSTC Conference Call, Mar 14, 2006
Summary:
Moved SAML Protocol Extensions for Third-Party Requests and SAML Metadata Extension for Query Requesters to Committee Draft status, and moved to submit same to OASIS for public review.
Actions:
Editors (Scott / Eve) to make necessary changes to the above specifications for Committee Draft status.
Chairs (Prateek) to submit the documents to OASIS for public review.
Rob Philpott / Rick Randall: Make sure changes to resolve Action Item #0242: "Recommended text for SAML Attr Sharing Profile" are made.
Jahan Moreh: open a Potential Erratum based on http://www.oasis-open.org/archives/saml-dev/200603/msg00017.html
1. Roll
Call
2. Approve minutes from
28-Feb con-call
http://www.oasis-open.org/archives/security-services/200602/msg00067.html <http://www.oasis-open.org/archives/security-services/200602/msg00067.html>
Approved.
3. Election of Co-Chair
Hal
Lockhart, BEA elected Co-Chair, SSTC
http://www.oasis-open.org/archives/security-services/200603/msg00010.html <http://www.oasis-open.org/archives/security-services/200603/msg00010.html>
Thanks to Abbie Barbir and Hal Lockhart for their interest in
the SSTC.
Election is complete, Hal is the new
co-chair. Congratulations.
4. Remarks from Colin Wallis
on Emerging Crypto Algs SAML Conf Spec
http://www.oasis-open.org/apps/org/workgroup/security/download.php/16936/556735_1.pdf
Colin Wallis: Government security folks in New
Zealand (GCSB) have published new specifications on crypto algorithm selection,
in parallel with work coming out of NIST and similar bodies. In particular,
government agencies are leaning toward Elliptic Curve cryptography. Currently
the crypto algorithms recommended by SAML are those supported by W3C, so changes
may need to be made there.
Rob Philpott: Also some concern with
availability of implementations for emerging algorithms.
Hal Lockhart:
There is not currently any effort at W3C to investigate new cryptographic
algorithms or other security issues. Doesn't feel that SAML should go out on a
limb and profile new crypto.
Rob: Should we include some explanatory text
about why we list the algorithms we do?
Colin: That would be
helpful
5. Remarks from Abbie Barbir, Olivier Dubuisson,
on ITU-T
standardization status
Prateek Mishra: Some question about the role of errata in the ITU-T
standardisation process
Abbie Barbir: Thought that errata could be
ignored, but on closer review some are required for
interoperability.
Rob: None are normative changes, but some are
clarification of intent.
Abbie: Erratum #36 is an example of one that is
significant. For an implementer of the ITU-T version of the spec, lack of access
to the errata would cause grief.
Abbie: Could publish errata as
non-normative ITU-T note
Jamie: ITU-T want to put their stamp on a stable
version; they need to understand that our errata do not indicate an unstable
specification.
...
Jamie: ITU-T only want to deal with things that
are declared OASIS Standard; need to be more formal about real specs, while
having a non-normative channel to convey to users of the ITU-T versions of the
specs that there is an errata process within OASIS.
Prateek: As Rob
suggested, perhaps the TC needs to declare the current set of errata as a
CD.
Abbie: This could add a significant turnaround time
Rob: Would
CD be enough for ITU-T, or does it have to be OASIS
standard?
...
Abbie: We don't need to rework our errata, we just need to publish a current version at a stable location so that the ITU-T version of the spec can refer to it.
6. CD Vote (Full
Majority Vote Required)
a.
http://www.oasis-open.org/apps/org/workgroup/security/download.php/16913/draft-sstc-saml-protocol-ext-thirdparty-01.pdf <http://www.oasis-open.org/apps/org/workgroup/security/download.php/16913/draft-sstc-saml-protocol-ext-thirdparty-01.pdf>
b.
http://www.oasis-open.org/apps/org/workgroup/security/download.php/16914/sstc-saml-protocol-ext-thirdparty.xsd <http://www.oasis-open.org/apps/org/workgroup/security/download.php/16914/sstc-saml-protocol-ext-thirdparty.xsd>
c.
http://www.oasis-open.org/apps/org/workgroup/security/download.php/16910/draft-sstc-saml-metadata-ext-query-01.pdf <http://www.oasis-open.org/apps/org/workgroup/security/download.php/16910/draft-sstc-saml-metadata-ext-query-01.pdf>
d.
http://www.oasis-open.org/apps/org/workgroup/security/download.php/16911/sstc-saml-metadata-ext-query.xsd <http://www.oasis-open.org/apps/org/workgroup/security/download.php/16911/sstc-saml-metadata-ext-query.xsd>
Hal: should we schedule an electronic ballot? Do we need to go through Mary for that?
Jeff Hodges: Move that the committee declare the four specs listed in 6.(a)-(d) to be Committee Drafts.
Rob: seconds
No discussion, no objections. Motion carries.
Editor (Scott / Eve) will make the necessary changes to the documents, and add them to the CD section of the web page
Hal: Moves that these documents go to public review once the CD changes are made.
Jeff: seconds
No discussion, no objections. Motion carries.
Chairs are directed to prepare the documents and submit them to OASIS for public review.
7. Active Threads
a.
*Audience
Restriction nit... <msg00001.html>*
http://www.oasis-open.org/archives/security-services/200603/msg00001.html <http://www.oasis-open.org/archives/security-services/200603/msg00001.html>
b. *Additional errata for PE45*
http://www.oasis-open.org/archives/security-services/200603/msg00007.html
c. *SubjectConfirmation errata
< msg00008.html>*
http://www.oasis-open.org/archives/security-services/200603/msg00008.html
Interested folks are not on the call.
Rob: is there anything on the saml-dev list that needs TC consideration?
Prateek: anyone want to bring one of those issues before the TC?
Rob: do we want to create an erratum around the artifact format discussion, such as the point that format 0x04 was intended to be mandatory to implement?
Prateek: Action for Jahan: saml-dev message number 17 in March (http://www.oasis-open.org/archives/saml-dev/200603/msg00017.html) contains a potential erratum.
8. Open AIs
#0250:
PE 43
Owner: Heather Hinton
Status: Open
Assigned: 2006-02-13
Due:
---
No
discussion.
--------------------------------------------------------------------------------
#0248:
Provide draft of IBM's SAML 2.0 research report
Owner: Anthony
Nadalin
Status: Open
Assigned: 2006-02-13
Due: ---
No
discussion.
--------------------------------------------------------------------------------
#0245:
Per 17-Jan con-call: Greg W. to propose some clarifying text for
the
attribute profile section re: the issues discussed on the call.
Owner: Greg
Whitehead
Status: Open
Assigned: 2006-01-30
Due: ---
No
discussion.
--------------------------------------------------------------------------------
#0242:
Recommended text for SAML Attr Sharing Profile
Owner: Rob Philpott
Status:
Open
Assigned: 2006-01-17
Due: ---
Rob: changes must be put in the document before it goes to public
review. Rob to sync up with Rick Randall to make sure changes are
made.
--------------------------------------------------------------------------------
#0240:
Status of SAML 2.0 submission to ITU T
Owner: Olivier Dubuisson
Status:
Open
Assigned: 2005-11-07
Due: ---
Discussed
above.
--------------------------------------------------------------------------------
#0238:
Plan for red-line versions of SAML 2.0
Owner: Eve Maler
Status:
Open
Assigned: 2005-11-07
Due: ---
No
discussion.
--------------------------------------------------------------------------------
#0230:
SAML Conformance SSL/TLS requirements
Owner: Eric Tiffany
Status:
Open
Assigned: 2005-09-12
Due: ---
No discussion.
Any other business? No.
Call for updates to attendee list.
Rob moves to adjourn.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]