OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Draft Minutes, SSTC teleconference, March 11, 2008


Minutes from SAML teleconference, 11 March 2008
Minute taker - Frederick Hirsch

> Roll Call & Agenda Review

Roll Call:-

Voting Members:
Hal Lockhart  	    BEA Systems, Inc.  	
Rob Philpott 	    EMC Corporation 	
Scott Cantor 	    Internet2 	
Bob Morgan 	    Internet2 	
Tom Scavo 	    National Center for Supercomputing Applications	
Frederick Hirsch    Nokia Corporation
Ari Kermaier 	    Oracle Corporation 	
Anil Saldhana 	    Red Hat 	
David Staggs 	    Veterans Health Administration 	

Members:
Eve Maler 	     Sun Microsystems 	
Nathan Klingenstein  Internet2 	

Non-Voting Members:
None

9 out of 16 voting members (Quorum Achieved)

Hal Lockhart chaired.

> Need a volunteer to take minutes
Frederick Hirsch taking minutes

> 1. Approve minutes from Feb 26, 2008
> http://lists.oasis-open.org/archives/security-services/200803/ 
> msg00011.html

Approved unanimously.

> 2. Administrative
>
> 2.1 SAML XML.org: Call for Site Sponsors
> http://lists.oasis-open.org/archives/security-services/200803/ 
> msg00012.html

Note call for sponsors.

> 2.2 OASIS XACML InterOp Demo, RSA 2008, San Francisco, California,  
> USA, April 7-11 2008
> http://lists.oasis-open.org/archives/security-services/200802/ 
> msg00065.html

Every day ongoing throughout event.

> 2.3 OASIS Symposium: Call for Proposals for the eGovernment  
> Workshop oneID and Citizen-centric Administration
> http://lists.oasis-open.org/archives/security-services/200802/ 
> msg00059.html

Call for papers.

> 3. Document Status
>
> 3.1 Subject-based Profiles for SAML V1.1 Assertions (Draft-02)
> http://lists.oasis-open.org/archives/security-services/200802/ 
> msg00039.html

Tom Scavo posted new draft. Adds missing material, but not complete.  
Needs conformance section.

Please comment on list.

> 3.2 Five specs finished public review and are on their way to CS
>
> * SAMLv2.0 HTTP POST "SimpleSign" Binding
> http://lists.oasis-open.org/archives/security-services/200802/ 
> msg00062.html
>
> *Identity Provider Discovery Service Protocol and Profile
> (Is this unchanged?)


Scott: This was not changed since last fall.


> * SAML V2.0 Attribute Sharing Profile for X.509 Authentication-Based
> Systems
> http://lists.oasis-open.org/archives/security-services/200803/ 
> msg00004.html
>
> * SAML V2.0 Deployment Profiles for X.509 Subjects
> http://lists.oasis-open.org/archives/security-services/200802/ 
> msg00056.html
>
> * SAML V2.0 LDAP/X.500 Attribute Profile
> http://lists.oasis-open.org/archives/security-services/200802/ 
> msg00060.html
>
> Are we ready to vote these to CD?
> If so, are we ready to request a CS vote?

Frederick Hirsch moved to move these five documents to committee  
draft. Tom Scavo seconded.
No objection, motion approved unanimously.

Tom Scavo moved to Request Administrator to hold committee  
specification vote.
Frederick Hirsch  seconded.
Approved unanimously.

Hal requested editors to create Committee Draft versions of the  
documents using todays date 11 March 2008, updating footers and title  
page appropriately.
Editors also to provide appropriate formats for each document,  
including editable document, PDF and XHTML for each specification.

> 3.3 Technical Overview
> http://lists.oasis-open.org/archives/security-services/200803/ 
> msg00009.html
> New draft posted.

Paul Madsen posted new version. Please review changes by next call.

> 3.4 Holder-of-Key Web Browser SSO Profile Draft
> http://lists.oasis-open.org/archives/security-services/200802/ 
> msg00051.html

Nathan Klingenstein introduced a new profile to combine benefits of  
SAML and PKI, using TLS for key transport, and SAML for identity  
information. He outlined
benefits and the approach, described in the document.

Hal - One potential issue with fingerprint is that there is no  
specification for it, even though typically SHA-1. WSS states it  
explicitly for this reason.
Matching issuer and serial number leads to DN matching, which may  
have issues.

Nathan - one goal is that SP need not understand contents of  
certificate content, hence not issuer and serial number.

Hal - Thanks for submission. Please send comments to list.



> 4 Errata
>
> 4.1 Metadata Errata Items
> http://lists.oasis-open.org/archives/security-services/200802/ 
> msg00066.html


Status of errata
Scott - Cleaned up errata document, e.g. removed duplicates in errata  
document, as well as removing proposed errata that have been closed.  
Two errata remain open from previously, and 2nd level status code and  
metadata are two new errata.

Two to vote on.
PE65
PE66

Link to errata document notice
http://www.oasis-open.org/apps/org/workgroup/security/email/archives/ 
200802/msg00068.html

Link to errata document
http://www.oasis-open.org/apps/org/workgroup/security/download.php/ 
27435/sstc-saml-errata-2.0-draft-42.pdf

see line 1186, page 35

motion to approve PE65, Scott moved, Rob seconded
Approved unanimously

motion to approve PE66, Scott moved, Rob seconded
Approved unanimously

Hal - Scott please move these from proposed errata to errata.

PE67, 68, 69 are on the list

Rob - Scott please update PE67  for when element is present. Will  
also cover other elements.

Hal - please look at spec for possible exceptions

PE68, raised some time ago. multiple <KeyDescriptor>
any of the included keys may be used

Motion to accept PE68 as errata item.  Scott  moved, Rob seconded
No objection, approved unanimously

PE69
Additional work, possibly profile proposal from Scott.
e.g. might want self-signed cert to send key rather than bare key,  
but may not want to require cert trust processing, etc.

Motion to accept PE68 as errata item.  Scott  moved, Rob seconded
No objection, approved unanimously

Scott will update errata document.

> 5 Other business

None

> 6 Action Items
>
> #0323: Make errata on orig spec with correct reference in place of  
> draft-mealling-uuid-urn-05.txt
> Owner: Scott Cantor
> Status: Open

Still open.

> Assigned: 2008-02-11
> Due: 2008-03-11


next call is  25 March.

regards, Frederick

Frederick Hirsch
Nokia


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]