OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes from Oct 10 Conference Call

SSTC/SAML concall Tue 10/10/2006 9:01:28 AM

 > 1. Roll Call & Agenda Review, Appoint Secretary
duly performed

Bhavna Bhatnagar
Brian Campbell
Carolina Calales-Valenzuela
Scott Cantor
Peter Davis
Frederick Hisch
Jeff Hodges
John Hughes
Chris Laskowski
Hal Lockhart
Paul Madsen
Eve Maler
Prateek Mishra
Jahan Moreh
Bob Morgan
Anthony Nadalin
Ashish Patel
Rob Phillpot
Tom Scavo
david Staggs
Eric Tiffany
Greg Whitehead
Thomas Wisniewski
Emily Xu
24/28 voting members present

Abbie Barbir
Guy Denton
Jim Lien
Rebekah Metz
Michael Bowman
Greg Desmarais
John Moerhke

 > 2. Approve minutes from Sep 26 con-call
 > http://lists.oasis-open.org/archives/security-services/200609/msg00051.h
 > tml

accept via unanimous consent

 > 3. SAML TC IPR Transition Ballot failed
 > http://lists.oasis-open.org/archives/security-services/200610/msg00003.h
 > tml
 > RSA Statement
 > http://lists.oasis-open.org/archives/security-services/200610/msg00000.h
 > tml

hal lockhart(hl): 3 diff IPR modes. we can take as many ballots on which 
mode between now and apr-2007. feels a ballot for plain RAND would fail 
in this TC. there's some support apparently for RF-RAND. EMC-RSA stmt 
speaks for itself, they need some time to think about which IPR mode is 
acceptable for them. Folks need to confer in their companies and figure 
out what IPR mode is acceptable for them, and then we can re-ballot.

scott cantor(sc): we don't want to waste time holding a ballot if we 
have companies that need to figure out where they sit.

hl: concerned that after 2..3 months of discussing this that folks 
weren't ready to vote.

rob philpott(rp): working with EMC-RSA internally, looking like some 
possibility to go for RF-RAND

 > 4. Informational
 > a. The following documents were submitted to OASIS for 15 day Public
 > Review
 > i. Metadata Profile for the OASIS Security Assertion Markup Language
 > (SAML) V1.x
 > ii. SAML Metadata Extension for Query Requesters
 > iii. SAML Protocol Extension for Third-Party Requests

<no comments>

 > Public Review has not begun
 > b. SAML Basics Slide Presentation Updated
 > http://lists.oasis-open.org/archives/security-services/200610/msg00002.h
 > tml

eve maler(em):open for use, no sun slide template, one can simply credit 
eve as appropriate. ready for use now.

 > c. Replacement for original X.500/LDAP attribute profile posted
 > http://www.oasis-open.org/apps/org/workgroup/security/download.php/20650
 > /draft-sstc-saml-attribute-x500-01.pdf

sc: just a copy of earlier version except for moving the Encoding="LDAP" 
attribute up to a higher level element.

hl: please review and send comments to the list

 > 5. Discussion on List
 > b. X.509 Subject/Deployment Profiles
 > http://lists.oasis-open.org/archives/security-services/200609/msg00065.h
 > tml

Tom Scavo(ts): ari is drafting a new rev of profiles, ts is working on a 
deployment profile. there is some work that needs to be done before its 
ready to submit  to archive (per sc's comments).

 > 6. CD Vote
 > a. Simple Sign Binding
 > http://www.oasis-open.org/apps/org/workgroup/security/download.php/20561
 > /draft-hodges-saml-binding-simplesign-02.pdf
 > 7. Public Review Vote (first time - 60 days)
 > a. Shared Credentials
 > http://www.oasis-open.org/apps/org/workgroup/security/download.php/20482
 > /draft-sstc-saml-protocol-ext-rac-cd-03.pdf
 > http://www.oasis-open.org/apps/org/workgroup/security/download.php/20484
 > /draft-sstc-saml-context-ext-sc-cd-03.pdf
 > http://www.oasis-open.org/apps/org/workgroup/security/download.php/20486
 > /sstc-saml-protocol-ext-rac.xsd
 > http://www.oasis-open.org/apps/org/workgroup/security/download.php/20487
 > /sstc-saml-context-ext-sc.xsd
 > http://www.oasis-open.org/apps/org/workgroup/security/download.php/20488
 > /sstc-saml-authn-context-ext-unique.xsd
 > http://www.oasis-open.org/apps/org/workgroup/security/download.php/20487
 > /sstc-saml-context-ext-sc.xsd
 > b. Text-based Challenge Response
 > http://www.oasis-open.org/apps/org/workgroup/security/download.php/20480
 > /sstc-saml-text-based-challenge-response-authn-context-class-cd-01.pdf
 > http://www.oasis-open.org/apps/org/workgroup/security/download.php/20481
 > /sstc-saml-authncont-ext-tcr2.xsd
 > c. Simple Sign Binding (If previously voted CD)
 > http://www.oasis-open.org/apps/org/workgroup/security/download.php/20561
 > /draft-hodges-saml-binding-simplesign-02.pdf

jeff hodges(jh): explains the changes to the -02 rev of the HTTP 
POST-SimpleSign draft

jh: moves that this goes to CD

sc: 2nds

[motion carries via unanimous consent]

hl: do we have a motion to move a,b,c to pub review?

paul madsen(pm): so moves

tom wizneuski(tw)??: 2nds

[motion carries via unanimous consent]

 > 5. Discussion on List
 > a. Tech Overview Updated
 > http://lists.oasis-open.org/archives/security-services/200610/msg00014.h
 > tml

em: describes edits in the document

ts: will make a minor agreed-upon change to doc

pm: describes editing effort to get a non-monolithic html doc that's 
more useful

abbie barbir(ab): but this'll goto itu-t eventually and they use word 
and thus needs to be manually re-edited, witness his effort to re-edit 
SAMLv2 specs to word

[digression wrt word, OpenOffice, etc]

hl: water is under bridge wrt our using .odt format

pm: I'll just do the manual editing to do a multi-part .html rev, .5 hr, 
will just have to re-do it when there's substantive rev to the spec.

em: ok, so we have out answer

em: continues describing updates that are in the queue to this overview. 
one item is a non-trivial aspect, eg describing attained security 

hl: thinks that putting the concepts into context security-wise is a 
reasonable thing to do

em: we'll send the chunk of text to the list such that we can get 
feedback quickly

em: old line 591, sec 3.5, sugg here is that it's too detailed, breaks 
up the flow, move to end of main section?

rp: move this stuff to sec 5?

hl: likes rob's suggestion

em: figure 5 ought to be re-done?

rp: fig 5 looks good to him. described as a typical example of containment.

hl: genericizing the containment is likely reasonable

jh: yes, [points to "how to learn saml" doc, ensuing discussion of 
adopting that doc into overview]

hl: jh should cast that doc as an sstc draft and submit it so copyright 
et al is ok

jh: will do

em: now discussing of holder-of-key

hl: which brings up confirmation method, which a signal invention

sc: tho it has evolved into something somewhat different in SAMLv2

em & hl welcome such a contrib

em: and this will feature SAML's unique value-add

sc: timeline?

em: do in a week?

sc: will try

em: new line # 628, sec 4.1.1, ques about adding an advanced topic here 
wrt RelayState. perhaps RelayState needs to be described in more detail

pm: there's privacy implications of RelayState, need to be careful

sc: one can make claim it's not worth discussing, and as well as 
discussing in detail. eg if have unsolicited response, don't need it.

hl: perhaps at too detailed level

rp: it has its uses, perhaps shd discuss it

sc: but there's limitations to it, and it is not in metadata and is an 
out of band agreement, etc

gw: so there's perhaps usefulness to defining that behavior [in some 
appr fashion]

em: consensus is to mention it here with approp caveats? not add 
"advanced topic" stuff?

gw,rp,sc: yes, yes.

em: new line 635, sec 4.1.2, step 3 of redirect post, just after fig 15. 
[peering at it... ]  looks like it is correct now

em: new line 655, sec 4.1.3, immed above fig 16, describe how to do 
artifact exchange? via a "swooping" line?

several: swoooping is fine

em: this is the old fig, need to redo anyway

[disc of diagram and the comment em is responding to. gnarly details 

em: moving onto single logout -- there's several scenarios now, shall we 
cull it to one ?

rp: there's 3 now....

hl: one is sufficient (?)

rp: but there's salient differences....

em: so keep the two mult SP scenarios, and drop the single SP one, cuz 
propogating the logout is what is interesting....

em: sec 4.4.1....

jim lien(jl)??: had two diff comments there....

em: may have made a mistake on pasting....

em: now the sec on allowCreate?  sec 4.4.3

rp: need to describe allowCreate how it works

pm: will craft some text....

em: new line , sec 4.4.4, transient pseudonyms...  someone didn't like 
the membership number, perhaps we shud use some sort of membership status

em: new sec 4.5, but left in old 4.4.5, in comparison, do we want to 
show a flow that shows just attrs being exchanged?  do we want to show 
the two diff flows? if not, will delete 4.4.5

rp: never liked it

em: out it goes modulo objections....

em: last stuff is about validity periods and artifact identifiers

em: now taking suggestions for things that were diffs btwn saml v1.x and 
saml v2 that trips them up?

[no suggestions right off]

jl: to clarify comment on nameid format -- its not applicable anymore

hl: noone should be planning an implementation around this overview doc, 
and the details are in the normative docs...

 > 8. Errata Update
 > No new document published. Official Errata document in progress.

hl: eve is still working on putting errat doc in form for new oasis 
errata process.

 > 9. Open AIs
 > #0269: CDize errata based on draft 35
 > Owner: Eve Maler
 > Status: Open
 > Assigned: 2006-09-25
 > Due: ---

still open

 > #0268: CD-cize Shared Credentials doc
 > Owner: Ashish Patel
 > Status: Open
 > Assigned: 2006-09-25
 > Due: ---


 > #0267: Chairs to move docs to new public review
 > Owner:
 > Status: Open
 > Assigned: 2006-09-25
 > Due: ---


 > #0266: New deployment profile
 > Owner: Tom Scavo*
 > Status: Open
 > Assigned: 2006-09-25
 > Due: ---

still open.

 > #0265: Updated draft of X.500 attribute sharing deployment profile
 > Owner: Ari Kermaier
 > Status: Open
 > Assigned: 2006-09-25
 > Due: ---

still open.

 > #0263: NameID and the use of SPProvidedID
 > Owner: Jahan Moreh
 > Status: Open
 > Assigned: 2006-07-18
 > Due: ---

still open.

 > #0262: Creation of the "new" LDAP/X.500 profile
 > Owner: Scott Cantor
 > Status: Open
 > Assigned: 2006-07-18
 > Due: ---


 > #0261: Chairs to contact GUIDE for follow-up
 > Owner:
 > Status: Open
 > Assigned: 2006-07-18
 > Due: ---

still open.

 > #0240: Status of SAML 2.0 submission to ITU T
 > Owner: Abbie Barbir
 > Status: Open
 > Assigned: 2005-11-08
 > Due: ---

still open.

hl: assigned numbers for the specs are set and wont be changed.

em: thx to tom scavo, has been updating the saml doc template, has 
current refs that are accurate, will post when done

sc: what about ack's section?

em: will endeavor to cover that too. will maintain all this as a 
continually-updated "working doc"


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]