[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] minutes (w/ attendance) SSTC concall 20-May-2008
wrt AI: PM to address this bug in Technical Overview CD-02 Section 4.6 I've uploaded v16 to Kavi so I presume we can vote out a CD-03 next call. paul =JeffH wrote: > > ============================================================================ > > SSTC/SAML concall Tue May 20 09:10:06 PDT 2008 > ---------------------------------------------------------------------------- > > minutes by =JeffH > > > proposed agenda: > http://lists.oasis-open.org/archives/security-services/200805/msg00050.html > > > > AI summary > ---------- > > AI: BC signs up to help Eve on SSTC home page revamp > AI: PM to address this bug in Technical Overview CD-02 Section 4.6 > AI: SSTC at large to be prepared to discuss/consider > xspa-saml-profile-01 as a > work item on next call > > > > Brian Campbell wrote: > > (Added 4.4 at the suggestion of David Staggs) > > > > Proposed Agenda SSTC Conference Call > > May 20, 2008, 12:00pm ET > > > > Dial in info: +1 215 446 3648 > > Access code 270-9441# > > > > Roll Call & Agenda Review > > > Voting Members: > Brian Campbell Ping Identity > Scott Cantor Internet2 > Eve Maler Sun Microsystems > Jeff Hodges NeuStar > Ari Kermaier Oracle > Hal Lockhart BEA Systems, Inc > Paul Madsen NTT Corporation > Bob Morgan Internet2 > Rob Philpott EMC Corporation > Anil Saldhana Red Hat > Tom Scavo NCSA > David Staggs Veteran's Health Admin > Eric Tiffany Liberty Alliance Project > Emily Xu Sun Microsystems > George Fletcher AOL > Prateek Mishra Oracle > Kent Spaulding Tripod Technology Group > Srinath Godavarthi Nortel > > Members: > Peter Davis Neustar > Frederick Hirsch Nortel > > Quorum Achieved: 18 out of 21 Voting Members > > Membership Status Changes: Peter Davis and Frederick Hirsch (back as > Voting Members) > > > > 1. Approve minutes from May 6, 2008 > > > http://lists.oasis-open.org/archives/security-services/200805/msg00024.html > > > > Brian Campbell (bc): approved by unanimous consent. > > > > 2. Administrative > > > > 2.1 SSTC Home Page > > Eve Maler (closing out AI#327) submitted proposal > > > http://lists.oasis-open.org/archives/security-services/200805/msg00033.html > > > Eve (em) working on this. see msg on list.. > "AI #0327: Draft proposal for SSTC home page cleanup" > > Eve doesn't want to "loose data", wishing to have folks looking over > her shoulder > and to take action items and help do editing > > AI: BC signs up to help Eve - will connect offline on specifics > > > Scott Cantor(sc): proposes that the wiki "saml dev" discussion forum > shud be > shut down and > pointed to saml-dev@ list > > Jeff Hodges (jh) agrees, as does em > > > > 2.2 Updating Specification Status after ballots > > > http://lists.oasis-open.org/archives/security-services/200805/msg00042.html > > > bc: references Fredericks msg on the topic, he thinks that this won't > affect us > in near term. > > msg thread beginning 19-May-2008 entitled > "[security-services] FW: [chairs] Updating Specification Status after > ballots" > > bc: so if anyone has questions, can ask Mary and/or BC; but otherwise > thinks we > proceed as we are and see what happens, if anything > > > > 3. Document Status > > > > 3.1 Subject-based Profiles for SAML V1.1 Assertions > > (Re)Submitted to TC Admin for initial public review on May 19th > > bc: just fyi, wrt these docs... > > > 3.3 Holder-of-Key Web Browser SSO Profile > > AIs #329, 330 & 331 > > > > 3.4 Proposal: Query Extension for SAML AuthnReq > > AI #332 > > > > 3.5 Proposal: Profile for Use of DisplayName > > AI #333 > > > bc: ..all above, just want to do bookkeeping on them, no additional > discussion > today? > we just need to track the AIs (will cover them again at the end of > this meeting..) > > > > 4 Other business > > > 4.1 Error in Technical Overview CD-02 Section 4.6 > > > http://lists.oasis-open.org/archives/security-services/200805/msg00027.html > > > bc: Rob noticed this, treatment of signatures on the response. see msg > above. > > seems to be something we shud fix > > pm: I'm most recent editor, will fix it. > > AI: PM to address this bug in Technical Overview CD-02 Section 4.6 > > > > 4.2 SAML 2.0 Interoperability Testing > > > http://lists.oasis-open.org/archives/security-services/200805/msg00026.html > > > > http://projectliberty.org/liberty_interoperable/events/saml_2_0_interoperabi > > > lity_test > > Eric Tiffany (et): any questions on this? read the msgs and sign up if > yer > interested. > > > > > 4.3 X509SubjectAltName or full cert as in nameid? > > > http://lists.oasis-open.org/archives/security-services-comment/200805/msg00002.html > > > bc: discussion btwn David Kemp & Tom Scavo wrt SubjectAltNames as a > NameIdentifier, or perhaps entire cert > > Tom Scavo (ts): so david is basically wondering about the attr sharing > profile > which is at CS stage, he's suggesting that perhaps somethg other than > (just) > x.509 SubjectNamem might be used as NameIdentifier. > > ts: suggested that if he has something specific in mind, he should > make his > suggestions more explicit. ts doesn't plan on doing anything unless > others also > believe should be done. > > sc: agrees with TS that just using SubAltName might not be enough > granularity > > [disc of all the name types in SubAltName... general agreement that > suggestion > isn't specific enough...] > > bc: so pending any further discussion at this time, wait for him to > reply.. > where do we have NameIDFormats that apply to SubjectAltName?... > > Hal Lockhart (hl): in section 8.3 in -core- we have these name types... > > [general agreement that they might map, but not directly nor > conguently, but > something cud be done...] > > > > > 4.4 Cross-Enterprise Security and Privacy Authorization (XSPA) > Profile of > > SAML & XSPA TC > > > http://lists.oasis-open.org/archives/security-services/200805/msg00048.html > > [note draft spec attached to above message: xspa-saml-profile-01] > > david staggs (ds): HITSP (health info tech stds panel) -- trying to > create a > "transaction package" for health info package(s) -- hoping SAML TC can > help do > this correctly, want to create a profile for American health info > council use > case -- attached a draft of such a profile to that message, hope the > TC can > pick up as a work item and do it correctly > > xspa-saml-profile-01 "Cross-Enterprise Security and Privacy > Authorization > (XSPA) > Profile of Security Assertion Markup Language (SAML)" > > bc: what do you want us to do? advise or progress the doc? > > ds: the latter, would be a good idea to do this in the SSTC > > em: criterion for doing this in sstc is eg wide applicability of such > a profile > if widely applicable maybe we shud do it here... > > ds: likely users/deployers will be government-wide most likely, so > pretty wide > applicability > > em: so we should hear more about it > > ds: HITSP needs to identify/reference "Standards", rather that cook up > own > profile a la GSA did with eGov effort, so really needs this to run > thru a group > like SSTC > > rob philpott (rp): we've done such w/x.508 attr profile, but this > draft spec > looks more govt-specific -- there's a lot of health-care specific > stuff in this > draft spec -- so perhaps another health-specific group shoudl progress > this, > > ds: IHG has looked at this, but they are out of bandwidth,and we think > oasis > might be a good one too, so up to sstc to figure out whether sstc > wants to just > comment or progress it or whatever...also this new TC that's being > created (by > TS), it might take it on... > > XSPA - Cross Security Privacy Authz TC > looking for conveners (talked to e.g. EM) mostly of interest to those > serving health care. > > [discussion/queries wrt the HITSP IPR policies and ramifications thereof] > > em: was this sent to sstc as submission or ? > > ds: this is a proposed work item... > > em: so there are default IPR mode wrt sstc... > > hl: but that applies to only sstc output...and with stuff sent to the > (list) > archives means that there's some default IPR licensing on that stuff upon > submission > > ds: getting back to the spec... > > hl: suggests defer it to next call, can review before then and then > consider > the request on next call... > > bc: concurs... > > AI: SSTC at large to be prepared to discuss/consider > xspa-saml-profile-01 as a > work item on next call > > > > 5 Action Items (Report created 19 May 2008 04:36pm EDT) > > > #0333: Publish a new revision of Profile for Use of DisplayName in > OASIS > > template > > Owner: Sampo Kellomki > > Status: Open > > Assigned: 2008-05-19 > > Due: --- > > remains open > > > > > #0332: Revise Query Extension for SAML AuthnReq > > Owner: Sampo Kellomki > > Status: Open > > Assigned: 2008-05-19 > > Due: --- > > remains open > > > > > > #0331: Revise Holder-of-Key Web Browser SSO Profile to make X.509 > mandatory > > to implement > > Owner: Nathan Klingenstein > > Status: Open > > Assigned: 2008-05-19 > > Due: --- > > remains open > > > > > > #0330: Revise Holder-of-Key Web Browser SSO Profile to make clear > what 'TLS' > > means, i.e. SSL 3, TLS 1, or TLS 1.1 > > Owner: Nathan Klingenstein > > Status: Open > > Assigned: 2008-05-19 > > Due: --- > > > remains open > > > > > #0329: Revise Holder-of-Key Web Browser SSO Profile WRT Authn > Statements > > Owner: Nathan Klingenstein > > Status: Open > > Assigned: 2008-05-19 > > Due: --- > > remains open > > > > > #0328: Revise SimpleSign > > Owner: Jeff Hodges > > Status: Open > > Assigned: 2008-05-19 > > Due: --- > > > remains open > > > Additional business? > --------------------------------- > > em: any thoughts from IIW that are saml-relevant? > > [no answer] > > **meeting adjorned** > > > > > ============================================================================ > > > > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs in > OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > > -- Paul Madsen e:paulmadsen @ ntt-at.com NTT p:613-482-0432 m:613-282-8647 aim:PaulMdsn5 web:connectid.blogspot.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]