OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Minutes of SS TC Concall June 19, 2007

With attendance data ...
Steve Anderson
BMC Software

-----Original Message-----
From: Hal Lockhart [mailto:hlockhar@bea.com] 
Sent: Tuesday, June 19, 2007 2:46 PM
To: security-services@lists.oasis-open.org
Subject: [security-services] Minutes of SS TC Concall June 19, 2007

> Roll Call & Agenda Review

Eric Tiffany to take minutes.

Attendance of Voting Members

  Steve Anderson BMC Software
  Abbie Barbir Nortel
  Conor P. Cahill Intel
  Brian Campbell Ping Identity
  Carolina Canales-Valenzuela Ericsson
  Peter Davis NeuStar
  Frederick Hirsch Nokia
  Jeff Hodges NeuStar
  Ari Kermaier Oracle
  Hal Lockhart BEA Systems, Inc
  Paul Madsen NTT Corporation
  Eve Maler Sun Microsystems
  Prateek Mishra Oracle
  Rob Philpott EMC Corporation
  Anil Saldhana Red Hat
  Tom Scavo National Center for Supercomputing Applications
  David Staggs Veteran's Health Admin
  Eric Tiffany IEEE Industry Standards
  Greg Whitehead Hewlett-Packard Company
  Emily Xu Sun Microsystems

Attendance of Non-Voting Members

  Jeff Bohren BMC Software
  Bob Morgan Internet2
  Anthony Nadalin IBM
  Kent Spaulding Tripod Technology Group

Attendance of Observers

  Ron Jacobson CA

Membership Status Changes

  Kent Spaulding Tripod Technology Group - Granted membership 6/6/2007
  Jeff Bohren BMC Software - Granted voting status after 6/19/2007 call
  Heather Hinton IBM - Lost voting status after 6/19/2007

19 of 23 in attendance, quorum achieved
> 1.    Approve minutes from June 5

Link above msg 29 has corrected attendence

Approved by unanimous consent

> 2.    Administrative
> 2.1 Five Specifications sent to TC Admin for Public Review (6/12)
> SAML v2.0 Technical Overview
> SAMLv2.0 HTTP POST "SimpleSign" Binding IdP Discovery SAML V2.0 
> Deployment Profiles for X.509 Subjects SAML V2.0 Attribute Sharing 
> Profile for X.509 Authentication-Based Systems

On June 12th amended request for public review was submitted, duration
is 60 days.

> 2.2 Errata sent to TC Admin for Public Review (6/18)

15 day public review should start in several days.

> 2.3 Attestations Tracking
> http://wiki.oasis-open.org/security/CommitteeSpecAttestations
> 4 - Metadata Profile
> 3 - Metadata Extension for Query Requesters
> Should we ask for a Special Majority Vote to Submit for OASIS Member 
> Vote?

4 attesting to metadata profile
3 attesting to metadata extensions for Attr Requestors

Conor moves to hold a vote to submit metadata profile and metadata
extensions specs for Attr Requestors for OASIS member vote

Tom Scavo seconds

Approved by unanimous consent

2.4 Next meeting?
4th of July is a holiday, and 3rd thus becomes difficult.  So the 7/3
meeting is canceled and the next meeting is 7/17

> 3. SAML 2.0 Profile of SPML 2.0 Submission
> http://www.oasis-open.org/archives/security-services/200706/msg00001.h
> tm
> l

Jeff Boren joins to discuss submission.  This profile is designed to
normatively specify how you would use SPML to pre-provision accounts for
future (potential) use in a federation.

Bob Morgan asks why SPML2.0 is insufficient

Jeff says there is no specific SPML format profile that maps the SAML
assertion elements.

Eve notes it is similar to XACML SAML profile.

Prateek asks how does it layer onto generic SPML implementations.

Jeff responds that the provisioning TC originally initiated this work,
which includes most of the prov vendors, but they didn't feel they had
the federation expertise.

Jeff reviews submission

Question about Optional Capabilities and how these are identified.

Jeff responds that anything not in the Core Capabilities list defined by
SPML is optional.

Question about the filtering mechanism which will need to be defined.

Jeff notes that SPML provides a filtering framework, but the details are

Question about Updates Capability.  IDP mentioned twice in discussion of
request (Jeff thinks this is a typo, should be "IDP" and "SP").  Second
question about which direction the requests should flow.  Jeff notes
that it might go in both directions

If the IDP is supposed to be the identity authority, so how can it
reconcile updates occuring at various SPs?  Jeff responds that the IDP
would periodically access the SPs to query about updates.

What is the next step?  What is left to do?

Jeff notes these things need normative language:
1. Search filtering mechanism
2. Provisioning Schema
3. What part of SAML Assertion should be used

Scope depends on how many attribute types you want to take into account.

NEW ACTION ITEM:  Investigation of IPR policy regarding submission
Owner: Hal

Jeff Hodges notes a couple of things.  Rational (answer to Bob Morgan
question) should be included in the document.

Discussion about whether this should be taken up as a work item.

Jeff H makes supportive statement, no dissenters.

Jeff H moves that SSTC take up the SPML / SAML profiling work Eve
seconds Approved by unanimous consent

Jeff Bohren volunteers to be the Editor of the document.

> 4.    Other Business
> 5.    AIs
> #0282: AuthnContextDecl and AuthnContextDeclRef Confusion
> Owner: Eric Tiffany
> Status: Open
> Assigned: 2007-03-27
> Due: ---


> #0283: Change final arrows to solid in Tech Overview diagrams 
> throughout.
> Owner: Paul Madsen
> Status: Open
> Assigned: 2007-03-27
> Due: ---


> #0286: Research the use of LDAP language tags
> Owner: Bob Morgan
> Status: Open
> Assigned: 2007-04-11
> Due: 2007-04-24

Still Open

> #0291: Request Public Review of Errata Document
> Owner: Hal Lockhart
> Status: Open
> Assigned: 2007-04-11
> Due: 2007-04-24


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]