Re: [security-services] Agenda SSTC Conference Call - March 28, 2006

[Heather Hinton <hhinton@us.ibm.com>]

Have partial access again, so, here
are minutes, transcribed from paper:

1. Roll Call & Agenda Review
<minutes> 
Roll call taken by Steve Anderson; quorum achieved
with 19 of 32 voting members. Roll to be added.
[NOTE; Steve, please add roll and re-post, thanks!]
</minutes>


2. Approve minutes from 14-Mar con-call
http://www.oasis-open.org/apps/org/workgroup/security/email/archives/200
603/msg00016.html
<minutes> 
Minutes approved with unanimous consent
</minutes>

<minutes>
Moved to a report on ITU by Abbie [AB] (who had to
leave early)
[AB] We are still missing an A.5 (?) qualification
from Liberty. Abbie is planning a final version for the end of next week.
It will be distributed to selected TC members. It has incorporated errata.

Eve Maler [EM] Liberty folks are working on the legal
angle 
[AB] He needs everything by April 19 to finalize for
ITU submissions. There are still issues of coordiation but those do not
concern this TC. 
</minutes>

3. CD Vote (Full Majority Vote Required) 
http://www.oasis-open.org/apps/org/workgroup/security/download.php/17140
/sstc-saml-x509-authn-attrib-profile-draft-08-diff.pdf
<minutes>
Voted CD for earlier draft, but somehow newer draft
(8) was accidentally posted to the web site. To resolve this, would like
to make draft 8 be the CD draft. 
MOTION: Vote to approve newer draft, draft 8, as the CD draft. 
        Moved: Bob Morgan
[BM], Seconded: Guy Denton [GD]
Discussion:
Prateek Mishra [PM] Difference has that there was
some pending "editorial edits" from Rob that got dropped and
have been added back into 8 - so its no big deal to approve 8
Motion was approved with unanimous consent
</minutes>

4. Vote to hold Public Review of same document
<minutes> 
MOTION: Vote to include this doc in the public revision
        Moved: Rob Lockhart
[RL], Seconded: Rick Randell [RR]
Motion was approved with unanimous consent
</minutes>

5. SAML Assertions in TLS proposal
http://www.oasis-open.org/apps/org/workgroup/security/email/archives/200
603/msg00027.html
http://www.oasis-open.org/apps/org/workgroup/security/email/archives/200
603/msg00028.html
<minutes> 
Bob Morgan has posted a bunch of messages about the
IETF discussions re SAML and TLS. There is still lots more work beofre
it can be considered a complete proposal. 
[PM] Wil TLS implementations really support these
extension attributes?
[BM] THere is already TLS 1.1, there is more interest
in making use of extensions, people are looking at crypto algorithm alternatives

Bob went on to report on the "Digital Identity
Exchange, DIX" discussions. This is of even more interest to the SAML
TC. This is promoted by SXIP and the Identity Gang. It describes lightweight
identity extensions. Do we want to use this as impetus to think about new
use cases/scenarios/profiles for SAML? There was no decision to go forward
within IETF as the use cases proposed by DIX need more work. 
Bob will re-post information about IETF to the list
</minutes>

6. New Errata document available
http://www.oasis-open.org/apps/org/workgroup/security/email/archives/200
603/msg00029.html
<minutes>
Jahan Moreh [JM] There is a new errata document. Discussion
of errata items:
PE43 - working 
PE44 - Superceded by Subject Confirmation. Jahan will
delete (there will be some renumbering changes)
PE45 - Jeff Hodges [JH] had an item to pull all information
from multiple sources into a single thread - this is still in progress
PE46 - No updates to proposed text.
Hal Lockhart [HL] Take the text, keep it in errata
and wait for Conor to comment 
PE47 - discussion
Scott Cantor [SC]- was trying to say same as the matching
rules
[PM] What if we say "contains an ID field"
[SC] Model is to delete about eight words from the
text. Can we vote on the text with an ammendment?
[HL] Yes 
[SC] So text reads "contains an identifier [stuff
deleted up to comma], ...."
MOTION: Accept text as ammended
        Moved: Scott Cantor,
Seconded: Prateek Mishra
Approved with unanimous consent

Discussion returned to PE45 - 
[JH] it is in fact updated in the text. 
MOTION: Accept PE45 as proposed in text by Jahan
        Moved: Jahan Moreh,
Seconded: Rick Randell
Approved with unanimous consent

Discussion returned to PE43
[JM] We need text for this item
Heather Hinton [HH] The text is around but it contains
examples that we need to validate
[SC] We don't want to have to issue an errata on example
code
[HH] The text is on the list
[HL] Don't bother reposting until we have validated

</minutes>

7. Active Threads

a. *SubjectConfirmation errata <msg00008.html>* 
http://www.oasis-open.org/archives/security-services/200603/msg00008.htm
l
<minutes>
Already discussed, done 
</minutes>

b. Saml Metadata Extension for Query Requesters Spec
http://www.oasis-open.org/apps/org/workgroup/security/email/archives/200
603/msg00015.html
<minutes>
Doc is going to go in to public review 
</minutes>

8. Open AIs

#0250: PE 43
Owner: Heather Hinton
Status: Open
Assigned: 2006-02-13
Due: ---
<minutes>
Discussed. 
</minutes>

#0245: Per 17-Jan con-call: Greg W. to propose some clarifying text for
the attribute profile section re: the issues discussed on the call.
Owner: Greg Whitehead
Status: Open
Assigned: 2006-01-30
Due: ---
<minutes>
Greg Whitehead [GW] Its on his list (no progress yet).
He will try for something for the Apri 11 phone call 
</minutes>

#0238: Plan for red-line versions of SAML 2.0
Owner: Eve Maler
Status: Open
Assigned: 2005-11-07
Due: ---
<minutes>
LOTS of discussion, 
[EM] Has established from OASIS staff that it IS okay
to produce a red-lined version to incorporate errata
[EM] Note that there is a possible issue with the
ITU stuff as it has difference with potential redlined version
[HL] Should we hold errata for next doc?
[EM] Does this then make errata a CD?
[HL] Its always ongoing (errata). Its a race - what
do we do before the OASIS process fixes itself
[HL] Lets keep a hold on this [the doc] for now
</minutes>

#0248: Provide draft of IBM's SAML 2.0 research report
Owner: Anthony Nadalin
Status: Open
Assigned: 2006-02-13
Due: ---
<minutes> 
On hold waiting for Tony
</minutes>

#0242: Recommended text for SAML Attr Sharing Profile
Owner: Rob Philpott
Status: Open
Assigned: 2006-01-17
Due: ---
<minutes> 
Closed
</minutes>

#0230: SAML Conformance SSL/TLS requirements
Owner: Eric Tiffany
Status: Open
Assigned: 2005-09-12
Due: ---
<minutes> 
Eric Tiffany [ET] Based on feedback from New Zealand,
there is overlapping text. Want to merge this with NZ input
[ET] Suggestion that text be clarified based on ciphersuites
that were explicitly called out in the text. Clarification is required
to make it clear that a) these are not the only ones that are supported
and b) this is not a minimal set that needs to be supported 
[HL] How do we deal with non-errata issues?
[RP] Was going to propose text on why the ciphersuites
were selected
[ET] This will take over his issues
[HL] This needs a new action item
ACTION ITEM: New AI for Rob
        Rob to produce
explanatory text for algorithm selection
</minutes>

#0240: Status of SAML 2.0 submission to ITU T
Owner: Olivier Dubuisson
Status: Open
Assigned: 2005-11-07
Due: ---
<minutes>
Already discussed 
</minutes>

OTHER BUSINESS

Paul Madsen [PM2] Had an implicit action for shared
credential text
[PM2] Would like a new AI for tracking purposes
ACTION ITEM: New AI for Paul M
        Paul to produce
text for authentication context and relevance to shared credentials

Eve there is an explicit action for turning some docs
into CD
[EM] New AI!
ACTION ITEM: New AI for Eve
        Turn Third-Party
Request and Metadata for Requestor into CD

Dave Staggs [DS]
There will be a Veteran's Administration InfoSec meeting
in Atlanta, GA next week. At this meeting there will be an interop between
BEA and IBM for SAML 1.1. While not HSPD 11 compliant, it demonstrates
SAML and over-arching VA architecture

No Other Business


Regards

Heather Hinton, PhD, PEng
Senior Security Architect, TFIM Product Architect

hhinton@us.ibm.com
tel: + 1 512 838 0455
T/L 678-0455