OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: (Final Amended) Minutes, SSTC Concall, Feb 26, 2008


Roll Call & Agenda Review

  Voting Members:
  Hal Lockhart      BEA Systems, Inc.
  Rob Philpott     EMC Corporation
  Scott Cantor     Internet2
  Bob Morgan     Internet2
  Eric Tiffany     Liberty Alliance Project
  Tom Scavo     National Center for Supercomputing Applica...
  Peter Davis     Neustar, Inc.
  Jeff Hodges     Neustar, Inc.
  Frederick Hirsch Nokia Corporation
  Paul Madsen     NTT Corporation
  Ari Kermaier     Oracle Corporation
  Brian Campbell     Ping Identity Corporation
  Anil Saldhana     Red Hat
  Emily Xu     Sun Microsystems
  Kent Spaulding     Tripod Technology Group, Inc.
  David Staggs     Veterans Health Administration

  Members: None
  Observers: None

  16 out of 21 Voting Members - Quorum Achieved

  Membership Status Change
  Lost Voting Status - Abbie Barbir(Nortel), Eve Maler (Sun) and Charles
  Knouse (HP)


  Frederick Hirsch suggested that during roll call if any observers are
  present they be reminded that they should not speak during the meeting
  and should consider becoming members.
  (See observer definition,  item v,  in
  http://www.oasis-open.org/committees/process.php#definitions)


  Need a volunteer to take minutes
  Anil Saldhana

  1. Approve minutes from Feb 12, 2008
 
http://lists.oasis-open.org/archives/security-services/200802/msg00009.html

  Approved

  Administrative:
  Hal talks about Oasis IDTrust Steering Committee sponsored IDTrust08
  workshop at NIST.
     - TC members (SAML and XACML) speaking at the conference.
     - The chairs have received a preview proposal from Internet2 on SSO
  profile using TLS (holder-of-key subject confirmation).

  3. Document Status

  3.1 Five specs finished public review and are [slowly] on their way to CS

  No public comment during review but some necessary minor changes

  * SAMLv2.0 HTTP POST "SimpleSign" Binding
  - Had/has broken references

  *Identity Provider Discovery Service Protocol and Profile
  ?

  * SAML V2.0 Attribute Sharing Profile for X.509 Authentication-Based
  Systems
  ?

  * SAML V2.0 Deployment Profiles for X.509 Subjects
  - Needs a minor change to the terminology previously introduced in the
  conformance section

  * SAML V2.0 LDAP/X.500 Attribute Profile
  - Need to add Mark Wahl as a contributor.


  Brian: Not much public comment. Need some necessary minor changes.
  Brian: Not aware of any issues associated with some profiles; hence
  marked as ?
         -- Need to move these drafts into community drafts.
         -- Mark Wahl needs to be added in the appendix.
         -- Next week, we need to have a CD vote.

  Hal: We can do the voting as a batch.

  Tom: Is there a need for fresh uploads of these documents?
  Hal: If there are no changes, then they can be left as committee drafts.



  3.2 Technical Overview
 
http://www.oasis-open.org/committees/download.php/25411/sstc-saml-tech-overview-2.0-draft-14.pdf 



  Much discussion:
 
http://lists.oasis-open.org/archives/security-services/200802/msg00005.html
  + msgs 12-26
  Where do we stand?

  Brian: No clear agreement/disagreement.
  Tom: No changes have been yet made.
      -- I will incorporate Frederick's comments.


  3.3 Subject-based Profiles for SAML V1.1 Assertions
 
http://lists.oasis-open.org/archives/security-services/200801/msg00003.html
  and definition of "strongly matches"
 
http://lists.oasis-open.org/archives/security-services/200801/msg00025.html
  [still] Awaiting further discussion.

  Brian: Things have been pretty much silent.  Very little discussion
  happened.
  Tom: Uploaded Draft 2 this morning.
       -- Two changes - motivating text in introduction and definition of
  strongly matches.
       -- Close to completion.
   From Tom's email:
 
http://www.oasis-open.org/apps/org/workgroup/security/download.php/27337/sstc-saml1-profiles-assertion-subject-draft-02.pdf 


 
http://www.oasis-open.org/apps/org/workgroup/security/download.php/27338/sstc-saml1-profiles-assertion-subject-draft-02-diff.pdf 




  "I added some motivating text to the Introduction (along the lines of
  what Brian asked about) and added a working definition of "strongly
  matches" in section 2.5.  Much of the remaining profile depends on
  this definition, so if you're okay with that (as Scott pointed out),
  then the rest of the profile follows easily."

  Brian: Encourage everyone to take a look.


  4 Errata

  4.1 (AI#311) Additions/Adjustments to PE65 Second-level StatusCode

 
http://lists.oasis-open.org/archives/security-services/200802/msg00027.html

  Abbie is handling this.
  **Scott has volunteered to maintain the errata document.**


  5 Other business

  Silence.


  6 Action Items (Report created 25 February 2008 04:28pm EST)

  #0323: Make errata on orig spec with correct reference in place of
  draft-mealling-uuid-urn-05.txt
  Owner: Jeff Hodges
  Status: Open
  Assigned: 2008-02-11
  Due: 2008-03-11

  Scott will take care of this.  Reassigned to Scott.


  #0311: Propose specific document changes required for PE-65
  Owner: Scott Cantor
  Status: Open
  Assigned: 2007-10-23
  Due: 2008-03-11


  Call Adjourned


  Remarks:
  [1] The minutes was amended to replace the name of the person who
  suggested the reminder to Observers about participation in the meeting,
  from Scott Cantor to Frederick Hirsch (Nokia).
  [2] The reference to Internet2 preview proposal on SSO includes 
"holder-of-key subject confirmation" and not "order of key".
  [3] Scott Cantor has confirmed to maintain the errata document.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]