Subject: Updated w/ Attendance: SSTC Concall, July 31, 2007 Draft Minutes
SSTC Concall, July 31, 2007, Draft Minutes Roll Call & Agenda Review Frederick Hirsch volunteered to take minutes today. Paul Madsen will do minutes next time. Attendance of Voting Members Conor P. Cahill Brian Campbell Carolina Canales-Valenzuela Scott Cantor Peter Davis Frederick Hirsch Hal Lockhart Paul Madsen Eve Maler Prateek Mishra Anthony Nadalin Rob Philpott Anil Saldhana Tom Scavo David Staggs Eric Tiffany Attendance of Non-Voting Members Chris Laskowski Bob Morgan Lakshmi Thiyagarajan 16 out of 22 voting members present, have quorum. 1. Approve minutes from July 17 as amended http://lists.oasis-open.org/archives/security-services/200707/ msg00034.html Minutes approved unanimously. 2. Administrative 2.1 News: E-Authentication now supports SAML V2.0 http://lists.oasis-open.org/archives/security-services/200707/ msg00027.html Formerly supported SAML 1.0 now supports SAML 2.0 2.2 Workshop on SAML & XACML Given at GeoWeb 2007 in Vancouver, July 23 Hal presented workshop on SAML and XACML, much interest in SAML. 3. Document Status 3.0 Eight wiki pages added to track status and milestones for documents 3.1 Docs on their way to OS 3.1.1 Metadata Profile for the OASIS Security Assertion Markup Language (SAML) V1.x CS Version now done 3.1.2 Metadata Extension for SAML V2.0 and V1.x Query Requesters CS Version now done Metadata Profile and Metadata Extension documents are now in new document format. Chairs will request ballot to make 15 August deadline. 3.2 SAML V2.0 Errata Public Review began 16 July 2007, and ends 31 July 2007 (today) No comments have yet been received. 3.3 Docs pending public review 3.3.1 Documents needing conformance clauses *SAML V2.0 Attribute Sharing Profile for X.509 Authentication-Based Systems *SAML V2.0 Deployment Profiles for X.509 Subjects *Identity Provider Discovery Service Protocol and Profile *SAMLv2.0 HTTP POST "SimpleSign" Binding Committee needs to approve new drafts after adding conformance clauses before public review on these. 3.3.2 Security Assertion Markup Language (SAML) V2.0 Technical Overview Waiver on conformance as the doc is informational and not normative? Brian communicated with TC Admin. Committee Draft is currently highest status that can be obtained. No conformance clause necessary. Can choose to perform public review or not, but not same cycle as normative specification. OASIS is considering alternative approaches but this is not available yet. Hal - we have pending edits. Should we update and then do public review or public review first? Conor - public review would be good, but first do update Others agree. Conor - want implementers to review even if not direct target, also gives publicity. General agreement to do update and then public review. Eve asks whether any SSTC members would like to compare this SSTC technical overview with recent WS-Federation white paper. http://msdn2.microsoft.com/en-us/library/bb498017.aspx 4 Other business Eve notes Concordia and digital id world workshop - asks about attendance, that attendees contact Eve. Conor plans to attend. Hal notes XML Security Workshop "Position papers are due 14 August for the Workshop on Next Steps for XML Signature and XML Encryption to be held 25-26 September in Mountain View, California, USA, hosted by VeriSign. Attendees will discuss next steps for the XML Signature and XML Encryption specifications and share their experiences implementing and developing these standards. Topics may include interoperability and robustness, performance, legal requirements for digital signature formats, and the impact of the evolving XML environment. The Workshop is expected to give its recommendations to the XML Security Specifications Maintenance Working Group. The Workshop is free free and open to all, however, submission of position papers is required of all participants." http://www.w3.org/2007/xmlsec/ws/cfp 5 Action Items #0282: AuthnContextDecl and AuthnContextDeclRef Confusion Owner: Eric Tiffany Eric: No normative changes needed, but some guidance text might be useful. Not clear where to put it. List discussion. #0283: Change final arrows to solid in Tech Overview diagrams throughout. In progress #0286: Research the use of LDAP language tags Owner: Bob Morgan Bob: LDAP Attribute profile needs to be updated to fix schema and to preserve attribute types and tags. Scott: Suggested tagging options are not preserved and outside of profile. Bob: Tags not used much. Language tags are used. Could be XML tags. Scott: if tags used widely, then need to consider. Might want to limit to language tags rather than general case. Scott will update wiki for this document. Scott will review language tag and offer proposal. #0298: Prepare CS version of Metadata Profile for the OASIS Security Assertion Markup Language (SAML) V1.x Owner: Scott Cantor Done, close. #0299: Prepare CS version of Metadata Extension for SAML V2.0 and V1.x Query Requesters Owner: Tom Scavo Done, close. #0300: Double check w/OASIS admin that 2 metadata specs needn't conform to the new document templates Owner: Hal Lockhart Done, close. #0302: Find and distribute language around the conformance statement. Owner: Hal Lockhart Done, close. #0303: Confirm that 'null' conformance clause is ok for Tech overview. Owner: Brian Campbell Done, close. Next meeting 14 August. Meeting Adjourned.