Draft Minutes for SSTC Conference Call, Mar 14, 2006 (with Attendance)

Summary:

Moved SAML Protocol Extensions for Third-Party Requests and SAML Metadata Extension for Query Requesters to Committee Draft status, and moved to submit same to OASIS for public review.

Actions:

Editors (Scott / Eve) to make necessary changes to the above specifications for Committee Draft status.

Chairs (Prateek) to submit the documents to OASIS for public review.

Rob Philpott / Rick Randall: Make sure changes to resolve Action Item #0242: "Recommended text for SAML Attr Sharing Profile" are made.

Jahan Moreh: open a Potential Erratum based on http://www.oasis-open.org/archives/saml-dev/200603/msg00017.html

1. Roll Call

Voting Members

Bhavna	Bhatnagar	Sun Microsystems
Sharon	Boeyen	Entrust
Brian	Campbell	Ping Identity
Carolina	Canales-Valenzuela	Ericsson
Frederick	Hirsch	Nokia
Jeff	Hodges	NeuStar
Dana	Kaufman	Forum Systems
Hal	Lockhart	BEA Systems, Inc
Eve	Maler	Sun Microsystems
Prateek	Mishra	Oracle
Bob	Morgan	Internet2
Vamsi	Motukuru	Oracle
Ashish	Patel	France Telecom
Rob	Philpott	RSA Security
Rick	Randall	Booz Allen Hamilton
Irving	Reid	Hewlett-Packard Company
David	Staggs	Veteran's Health Admin
Eric	Tiffany	IEEE Industry Standards
Greg	Whitehead	Hewlett-Packard Company
Thomas	Wisniewski	Entrust

Non-Voting Members

Abbie	Barbir	Nortel
Colin	Wallis	NZ State Svcs Commission
Emily	Xu	Sun Microsystems

OASIS Staff

Jamie Clark

2. Approve minutes from 28-Feb con-call
        http://www.oasis-open.org/archives/security-services/200602/msg00067.html <http://www.oasis-open.org/archives/security-services/200602/msg00067.html>


Approved.

3. Election of Co-Chair
Hal Lockhart, BEA elected Co-Chair, SSTC
http://www.oasis-open.org/archives/security-services/200603/msg00010.html <http://www.oasis-open.org/archives/security-services/200603/msg00010.html>

Thanks to Abbie Barbir and Hal Lockhart for their interest in the SSTC.

Election is complete, Hal is the new co-chair. Congratulations.

4. Remarks from Colin Wallis on Emerging Crypto Algs SAML Conf Spec
http://www.oasis-open.org/apps/org/workgroup/security/download.php/16936/556735_1.pdf

Colin Wallis: Government security folks in New Zealand (GCSB) have published new specifications on crypto algorithm selection, in parallel with work coming out of NIST and similar bodies. In particular, government agencies are leaning toward Elliptic Curve cryptography. Currently the crypto algorithms recommended by SAML are those supported by W3C, so changes may need to be made there.

Rob Philpott: Also some concern with availability of implementations for emerging algorithms.

Hal Lockhart: There is not currently any effort at W3C to investigate new cryptographic algorithms or other security issues. Doesn't feel that SAML should go out on a limb and profile new crypto.

Rob: Should we include some explanatory text about why we list the algorithms we do?

Colin: That would be helpful

5. Remarks from Abbie Barbir, Olivier Dubuisson, on ITU-T
standardization status

Prateek Mishra: Some question about the role of errata in the ITU-T standardisation process

Abbie Barbir: Thought that errata could be ignored, but on closer review some are required for interoperability.

Rob: None are normative changes, but some are clarification of intent.

Abbie: Erratum #36 is an example of one that is significant. For an implementer of the ITU-T version of the spec, lack of access to the errata would cause grief.

Abbie: Could publish errata as non-normative ITU-T note

Jamie: ITU-T want to put their stamp on a stable version; they need to understand that our errata do not indicate an unstable specification.

...

Jamie: ITU-T only want to deal with things that are declared OASIS Standard; need to be more formal about real specs, while having a non-normative channel to convey to users of the ITU-T versions of the specs that there is an errata process within OASIS.

Prateek: As Rob suggested, perhaps the TC needs to declare the current set of errata as a CD.

Abbie: This could add a significant turnaround time

Rob: Would CD be enough for ITU-T, or does it have to be OASIS standard?

...

Abbie: We don't need to rework our errata, we just need to publish a current version at a stable location so that the ITU-T version of the spec can refer to it.

Hal: should we schedule an electronic ballot? Do we need to go through Mary for that?

Some agreement expressed.

Jeff Hodges: Move that the committee declare the four specs listed in 6.(a)-(d) to be Committee Drafts.

Rob: seconds

No discussion, no objections. Motion carries.

Editor (Scott / Eve) will make the necessary changes to the documents, and add them to the CD section of the web page

Hal: Moves that these documents go to public review once the CD changes are made.

Jeff: seconds

No discussion, no objections. Motion carries.

Chairs are directed to prepare the documents and submit them to OASIS for public review.

7. Active Threads
a.
*Audience Restriction nit... <msg00001.html>*
http://www.oasis-open.org/archives/security-services/200603/msg00001.html <http://www.oasis-open.org/archives/security-services/200603/msg00001.html>

b. *Additional errata for PE45*
http://www.oasis-open.org/archives/security-services/200603/msg00007.html

c. *SubjectConfirmation errata < msg00008.html>*
http://www.oasis-open.org/archives/security-services/200603/msg00008.html

Interested folks are not on the call.

Rob: is there anything on the saml-dev list that needs TC consideration?

Prateek: anyone want to bring one of those issues before the TC?

Rob: do we want to create an erratum around the artifact format discussion, such as the point that format 0x04 was intended to be mandatory to implement?

Prateek: Action for Jahan: saml-dev message number 17 in March (http://www.oasis-open.org/archives/saml-dev/200603/msg00017.html) contains a potential erratum.

8. Open AIs

#0250: PE 43
Owner: Heather Hinton
Status: Open
Assigned: 2006-02-13
Due: ---

No discussion.

--------------------------------------------------------------------------------

#0248: Provide draft of IBM's SAML 2.0 research report
Owner: Anthony Nadalin
Status: Open
Assigned: 2006-02-13
Due: ---

No discussion.

--------------------------------------------------------------------------------

#0245: Per 17-Jan con-call: Greg W. to propose some clarifying text for
the attribute profile section re: the issues discussed on the call.
Owner: Greg Whitehead
Status: Open
Assigned: 2006-01-30
Due: ---

No discussion.

--------------------------------------------------------------------------------

#0242: Recommended text for SAML Attr Sharing Profile
Owner: Rob Philpott
Status: Open
Assigned: 2006-01-17
Due: ---

Rob: changes must be put in the document before it goes to public review. Rob to sync up with Rick Randall to make sure changes are made.
--------------------------------------------------------------------------------

#0240: Status of SAML 2.0 submission to ITU T
Owner: Olivier Dubuisson
Status: Open
Assigned: 2005-11-07
Due: ---

Discussed above.
--------------------------------------------------------------------------------

#0238: Plan for red-line versions of SAML 2.0
Owner: Eve Maler
Status: Open
Assigned: 2005-11-07
Due: ---

No discussion.
--------------------------------------------------------------------------------

#0230: SAML Conformance SSL/TLS requirements
Owner: Eric Tiffany
Status: Open
Assigned: 2005-09-12
Due: ---

No discussion.

Any other business? No.

Call for updates to attendee list.

Rob moves to adjourn.

security-services message