Re: [security-services] Minutes, SSTC Concall, Feb 26, 2008

[Brian Campbell <bcampbell@pingidentity.com>]

It's usually a pretty safe bet to assume it's Scott so I can see how you
would make that mistake ;-)

Speaking of Scott, I think there's one more correction that needs to be
noted on these minutes.  You've got, "**Scott has volunteered to maintain
the errata document.**" He did volunteer to do *some* maintenance on the
document but I don't think he signed up to be the primary maintainer of it
going forward.  Correct me if I'm wrong here.



On 2/26/08 7:59 PM, "Anil Saldhana" <Anil.Saldhana@redhat.com> wrote:

> Hi Tom,
>    thank god I recognized your voice as yours. Rest of the speakers I
> just assumed to be Scott. :) I guess I will blame myself for being under
> the weather (my state has worsened now).
> 
> I will wait for a couple of days to see if there are any other changes
> and then send amended minutes.
> 
> Regards,
> Anil
> 
> Tom Scavo wrote:
>> Hi Anil,
>> 
>> A few minor corrections to the minutes below.
>> 
>> On Tue, Feb 26, 2008 at 1:23 PM, Anil Saldhana <Anil.Saldhana@redhat.com>
>> wrote:
>>> Roll Call & Agenda Review
>>> 
>>>  Voting Members:
>>>  Hal Lockhart    BEA Systems, Inc.
>>>  Rob Philpott    EMC Corporation
>>>  Scott Cantor    Internet2
>>>  Bob Morgan      Internet2
>>>  Eric Tiffany    Liberty Alliance Project
>>>  Tom Scavo       National Center for Supercomputing Applica...
>>>  Peter Davis     Neustar, Inc.
>>>  Jeff Hodges     Neustar, Inc.
>>>  Frederick Hirsch Nokia Corporation
>>>  Paul Madsen     NTT Corporation
>>>  Ari Kermaier    Oracle Corporation
>>>  Brian Campbell  Ping Identity Corporation
>>>  Anil Saldhana   Red Hat
>>>  Emily Xu        Sun Microsystems
>>>  Kent Spaulding  Tripod Technology Group, Inc.
>>>  David Staggs    Veterans Health Administration
>>> 
>>>  Members: None
>>>  Observers: None
>>> 
>>>  16 out of 21 Voting Members - Quorum Achieved
>>> 
>>>  Membership Status Change
>>>  Lost Voting Status - Abbie Barbir(Nortel), Eve Maler (Sun) and Charles
>>>  Knouse (HP)
>>> 
>>>  Scott Cantor requested that at the end of each rollcall (future
>>>  meetings), the observers need to be reminded that they cannot speak or
>>>  make comments during the meeting.
>>> 
>>>  Need a volunteer to take minutes
>>>  Anil Saldhana
>>> 
>>>  1. Approve minutes from Feb 12, 2008
>>>  http://lists.oasis-open.org/archives/security-services/200802/msg00009.html
>>> 
>>>  Approved
>>> 
>>>  Administrative:
>>>  Hal talks about Oasis IDTrust Steering Committee sponsored IDTrust08
>>>  workshop at NIST.
>>>     - TC members (SAML and XACML) speaking at the conference.
>>>     - The chairs have received a preview proposal from Internet2 on SSO
>>>  profile using TLS (Order of Key).
>> 
>> The profile requires holder-of-key subject confirmation, not "Order of Key."
>> 
>>>  3. Document Status
>>> 
>>>  3.1 Five specs finished public review and are [slowly] on their way to CS
>>> 
>>>  No public comment during review but some necessary minor changes
>>> 
>>>  * SAMLv2.0 HTTP POST "SimpleSign" Binding
>>>  - Had/has broken references
>>> 
>>>  *Identity Provider Discovery Service Protocol and Profile
>>>  ?
>>> 
>>>  * SAML V2.0 Attribute Sharing Profile for X.509 Authentication-Based
>>> Systems
>>>  ?
>>> 
>>>  * SAML V2.0 Deployment Profiles for X.509 Subjects
>>>  - Needs a minor change to the terminology previously introduced in the
>>>  conformance section
>>> 
>>>  * SAML V2.0 LDAP/X.500 Attribute Profile
>>>  - Need to add Mark Wahl as a contributor.
>>> 
>>> 
>>>  Brian: Not much public comment. Need some necessary minor changes.
>> 
>> No public comment was received.
>> 
>>>  Brian: Not aware of any issues associated with some profiles; hence
>>>  marked as ?
>>>         -- Need to move these drafts into community drafts.
>>>         -- Mark Wahl needs to be added in the appendix.
>>>         -- Next week, we need to have a CD vote.
>>> 
>>>  Hal: We can do the voting as a batch.
>>> 
>>>  Tom: Is there a need for fresh uploads of these documents?
>>>  Hal: If there are no changes, then they can be left as committee drafts.
>>> 
>>> 
>>> 
>>>  3.2 Technical Overview
>>>  
>>> http://www.oasis-open.org/committees/download.php/25411/sstc-saml-tech-overv
>>> iew-2.0-draft-14.pdf
>>> 
>>>  Much discussion:
>>>  http://lists.oasis-open.org/archives/security-services/200802/msg00005.html
>>>  + msgs 12-26
>>>  Where do we stand?
>>> 
>>>  Brian: No clear agreement/disagreement.
>>>  Tom: No changes have been yet made.
>>>      -- I will incorporate Frederick's comments.
>> 
>> Paul Madsen made the above remarks.  Frederick's comments will be found here:
>> 
>> http://www.oasis-open.org/archives/security-services/200802/msg00035.html
>> 
>>>  3.3 Subject-based Profiles for SAML V1.1 Assertions
>>>  http://lists.oasis-open.org/archives/security-services/200801/msg00003.html
>>>  and definition of "strongly matches"
>>>  http://lists.oasis-open.org/archives/security-services/200801/msg00025.html
>>>  [still] Awaiting further discussion.
>>> 
>>>  Brian: Things have been pretty much silent.  Very little discussion
>>>  happened.
>>>  Tom: Uploaded Draft 2 this morning.
>>>       -- Two changes - motivating text in introduction and definition of
>>>  strongly matches.
>>>       -- Close to completion.
>>>   From Tom's email:
>>>  
>>> http://www.oasis-open.org/apps/org/workgroup/security/download.php/27337/sst
>>> c-saml1-profiles-assertion-subject-draft-02.pdf
>>>  
>>> http://www.oasis-open.org/apps/org/workgroup/security/download.php/27338/sst
>>> c-saml1-profiles-assertion-subject-draft-02-diff.pdf
>>> 
>>> 
>>>  "I added some motivating text to the Introduction (along the lines of
>>>  what Brian asked about) and added a working definition of "strongly
>>>  matches" in section 2.5.  Much of the remaining profile depends on
>>>  this definition, so if you're okay with that (as Scott pointed out),
>>>  then the rest of the profile follows easily."
>>> 
>>>  Brian: Encourage everyone to take a look.
>>> 
>>> 
>>>  4 Errata
>>> 
>>>  4.1 (AI#311) Additions/Adjustments to PE65 Second-level StatusCode
>>> 
>>>  http://lists.oasis-open.org/archives/security-services/200802/msg00027.html
>>> 
>>>  Abbie is handling this.
>>>  **Scott has volunteered to maintain the errata document.**
>>> 
>>> 
>>>  5 Other business
>>> 
>>>  Silence.
>>> 
>>> 
>>>  6 Action Items (Report created 25 February 2008 04:28pm EST)
>>> 
>>>  #0323: Make errata on orig spec with correct reference in place of
>>>  draft-mealling-uuid-urn-05.txt
>>>  Owner: Jeff Hodges
>>>  Status: Open
>>>  Assigned: 2008-02-11
>>>  Due: 2008-03-11
>>> 
>>>  Scott will take care of this.  Reassigned to Scott.
>>> 
>>> 
>>>  #0311: Propose specific document changes required for PE-65
>>>  Owner: Scott Cantor
>>>  Status: Open
>>>  Assigned: 2007-10-23
>>>  Due: 2008-03-11
>>> 
>>> 
>>>  Call Adjourned
> 
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  You may a link to this group and all your TCs in OASIS
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>