OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Minutes for the SSTC meeting on August 14, 2007 [DRAFT]

With attendance data
Steve Anderson
BMC Software


From: Anil Saldhana [mailto:Anil.Saldhana@redhat.com]
Sent: Tue 8/14/2007 1:11 PM
To: security-services@lists.oasis-open.org
Subject: [security-services] Minutes for the SSTC meeting on August 14, 2007 [DRAFT]

Proposed Agenda SSTC Concall, August 14, 2007

Dial in info: +1 865 673 6950
Access code: 270-9441#

Roll Call & Agenda Review
Attendance of Voting Members

  Steve Anderson BMC Software
  Abbie Barbir Nortel
  Jeff Bohren BMC Software
  Brian Campbell Ping Identity
  Scott Cantor Internet2
  Peter Davis NeuStar
  George Fletcher AOL
  Frederick Hirsch Nokia
  Hal Lockhart BEA Systems, Inc
  Eve Maler Sun Microsystems
  Prateek Mishra Oracle
  Anthony Nadalin IBM
  Rob Philpott EMC Corporation
  Anil Saldhana Red Hat
  Tom Scavo National Center for Supercomputing Applications
  David Staggs Veteran's Health Admin
  Lakshmi Thiyagarajan Hewlett-Packard Company
  Eric Tiffany IEEE Industry Standards
  Emily Xu Sun Microsystems
Attendance of Non-Voting Members

  Bob Morgan Internet2
  Kent Spaulding Tripod Technology Group

Attendance of Observers  

  Giles Hogbe ENISA

Membership Status Changes

  Anthony Nadalin IBM - Granted voting status after 7/17/2007 call
  Jeff Hodges NeuStar - Lost voting status after 7/31/2007 call
  Lakshmi Thiyagarajan Hewlett-Packard Company - Granted voting status after 7/31/2007 call
  Sarma Pisapati EDS - Granted membership 8/6/2007
  Richard Sand Tripod Technology - Group Member account deactivated 8/9/2007
  Emily Xu Sun Microsystems - Returned from LOA before 8/14/2007 call
  Ari Kermaier Oracle - Lost voting status after 8/14/2007 call
  Bob Morgan Internet2 - Granted voting status after 8/14/2007 call

19 out of 22 voting members present, have quorum. Quorum was achieved

We need a volunteer to take minutes. 
Anil Saldhana, Red Hat

1. Approve minutes from July 31


2. Administrative

2.1 News: E-Authentication now supports SAML V2.0
Paul has updated the SSTC home page

2.2 Liberty Interoperability Testing coming up

- Eric:
* Registration information can be found on the liberty website.
* Still not public yet.
* Planning on a SAML interop workshop focusing on eGovernment. Sept 17-21.
* IEEE Head Quarters at Piscataway, NJ

2.3 SAML Auth Contexts extension work

* Guest invited (Giles) from ENISA to discuss some informal work done on
AuthContext extension.
* Giles-
  - collecting use cases on the wiki.
  - feels that it is relevant to the SAML standard.
  - Tokens issued from a government standard.
  - some way of abstracting info for easier understanding by users.
  - Privacy features of Authentication Token.
  - Reputation needs to be associated with authentication.
    -- E-Reputation an important aspect of authentication (Electonic
Passwords/ID Cards)

* TC Questions:
  - Evidence that authentication context is used for Trust?
  - Some work going on in ITU Identity Group.
  - Scope of work for the TC.
    -- Either work with TC to standardize or develop it as a third party.
    -- Giles wants to standardize it via the TC.
  - Apart from the privacy(which is orthogonal), every other aspect
seems to fit in the AuthContext work.
  - Privacy may be better handled in the authorization context language
such as XACML TC.
  - The type of credential used for authentication has a privacy aspect
which is in scope for this TC.

Draw up a proposal and the TC can have a chartered discussion.
Next step from Giles is to create some requirements from SAML

2.4 Metadata and DNSSEC

Conclusion: Normative change needed if there was a direct reference. If
not, no change.

* General question from Bob Morgan about possible intersection between
SAML and Kerberos (after
a recent topic from IETF)

3. Document Status

3.1 Docs on their way to Oasis Standard
3.1.1 Metadata Profile for the OASIS Security Assertion Markup Language
(SAML) V1.x
CS Version now done
OASIS admin notified 8/13

- Mary has not reviewed them yet.
- Will be a Oasis standard in a week or two

3.1.2 Metadata Extension for SAML V2.0 and V1.x Query Requesters
CS Version now done
OASIS admin notified 8/13

- Same as 3.1.1

3.2 SAML V2.0 Errata
Public Review ended 31 July 2007
SSTC home page has been updated.  Next steps?

- Since there have been zero public comments, we will need one more TC
vote before taking it public.
- Hal motioned for acceptance of Errata Document. Eve seconded the motion.
- Unanimous Consent - APPROVED

3.3 Docs pending public review
2.3.1 Documents needing conformance clauses
*SAML V2.0 Attribute Sharing Profile for X.509 Authentication-Based
Systems (Tom maybe has done this)
*SAML V2.0 Deployment Profiles for X.509 Subjects (also Tom)

Conclusion:  Tom has uploaded the docs last week to Kavi.

*Identity Provider Discovery Service Protocol and Profile
*SAMLv2.0 HTTP POST "SimpleSign" Binding

Conclusion: TC members to review the conformance clauses (2 weeks time)
before public review.

Eve's question: Orderly expiration of certs in metadata?
* Eve will ask for an email to be sent before the next meeting.
* Will need to be put on the next meeting's agenda

4 Other business

5 Action Items (as of 13 August 2007 05:30pm EDT)

#0286: Research the use of LDAP language tags
Owner: Bob Morgan
Status: Open
Assigned: 2007-04-11
Due: 2007-04-24

Conclusion: Bob is ready to close it.

#0283: Change final arrows to solid in Tech Overview diagrams throughout.
Owner: Paul Madsen
Status: Open
Assigned: 2007-03-27
Due: ---

Conclusion: Paul absent.

#0282: AuthnContextDecl and AuthnContextDeclRef Confusion
Owner: Eric Tiffany
Status: Open
Assigned: 2007-03-27
Due: ---

Conclusion: Leave it open to figure out where the explanatory text goes.

Anil Saldhana
Project/Technical Lead,
JBoss Security & Identity Management
JBoss, A division of Red Hat Inc.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]