security-services message

Subject: OASIS SSTC con call minutes 2009-01-13 (revised)
From: "RL 'Bob' Morgan" <rlmorgan@washington.edu>
To: OASIS Security Services TC <security-services@lists.oasis-open.org>
Date: Tue, 27 Jan 2009 09:01:42 -0800 (PST)

OASIS SSTC conference call minutes
2009-01-13
Scribe:  RL "Bob" Morgan

** Action Summary

PEs 75, 76, 77, and 78 were unanimously accepted as errata.

Roll Call & Agenda Review

1. Minutes

1.1 Minutes from SSTC/SAML conference call December 16, 2008
http://lists.oasis-open.org/archives/security-services/200812/msg00047.html

** Approved with no objection

2. Announcements

2.1 Public Review of XSPA Profile of SAML for Healthcare
http://lists.oasis-open.org/archives/security-services/200901/msg00017.html
Introduction
http://lists.oasis-open.org/archives/security-services/200812/msg00040.html
Examples
http://lists.oasis-open.org/archives/security-services/200812/msg00041.html

Duane:  We will demonstrate the XSPA profile of SAML (along with the new
XSPA Introduction and XSPA Examples non-normative material just
submitted) at the joint HITSP/OASIS/HIMSS presentation in the "new
directions" booth at the HIMSS09 Conference April 4-8 in Chicago.

3. Document Status

3.1 HoK Assertion Request Profiles (draft-01)
http://lists.oasis-open.org/archives/security-services/200812/msg00034.html
Motivation
http://lists.oasis-open.org/archives/security-services/200812/msg00052.html

Tom:  Primary motivation is to support VOMS, a widely-deployed
   authorization service for grid systems.  VOMS is adding SAML support in
   addition to existing X.509 support.

3.2 SAML V2.0 HoK Web Browser SSO Profile (draft-11)
http://lists.oasis-open.org/archives/security-services/200901/msg00016.html

Tom:  refactoring of -10 draft.  Message sent listing changes: ...
   Q1:  refer to SimpleSign in this profile?
   Scott:  written to permit SimpleSign, right?  should continue to permit
     any suitable binding
   Q2:  which binding should be mandatory to implement?
   Scott:  should make something MTI, don't know which, probably not
     artifact

3.3 SAML V2.0 Holder-of-Key Assertion Profile (draft-08)
http://lists.oasis-open.org/archives/security-services/200901/msg00015.html

Tom:  relaxed requirements for X.509 certs that can be used with profile,
   not referring specifically to X.509v3 except in one place.

3.4 SAMLv2.0 HTTP POST "SimpleSign" Binding
http://wiki.oasis-open.org/security/SimpleSignBinding
   Voted to public review on last call but not started yet, however,
   comments made by Tom:
http://lists.oasis-open.org/archives/security-services/200901/msg00007.html

Brian:  Not sure what path to take on this doc.
Scott:  Not enthusiastic about this doc, since it doesn't seem to have had
   uptake from the community it was intended for.  Can address comments,
   but not much interest in spending a lot of time on it.  JeffH is
   co-author ...
Peter:  hoping to align SimpleSign proposal in XRI TC with this one ...
Hal:  shouldn't take this doc to CS if we think it's changing
   is this going to be proposed in X3C XML signature?
Scott:  maybe, don't know
   people have implemented, so unwise to make technical changes
   George Fletcher had shown interest, will ping him about it
Brian:  will leave in CD status until something else happens

4. Other business

4.1 Errata...

Scott:  go through list in draft 46
   PE75:  issue is whether to nail down 2nd level status code,
     suggest not bothering, move to approve as is, Hal seconds,
     approved with unanimous consent
   PE76:  nesting issue with cache durations,
     suggest that nested conditions can narrow period, not expand it
     Scott moves to accept, Hal seconds, approved unanimously
   PE77:  generalize metadata spec to be less SAML-specific
     so it can be referenced from WS-Fed specs
     involved removing "SAML" from various phrases, couple of bigger
       changes
     Scott moves to accept, Hal seconds, approved unanimously
   PE78:  discussion indicated "MUST NOT" is OK, can be done in errata
     TomS:  support change, but might affect existing deployments
       if some IdPs reassign ...
     Scott:  constraint that IDs are supposed to be pseudo-random implies
       that reuse would be accidental and extremely rare, if implementers
       follow that recommendation
     RobP:  support MUST NOT, let's put it out for review
       Scott:  move to approve option 2, Rob seconds, approved unanimously


5. Action Items (Report created 12 January 2009 06:15pm EST)

All left open.

#0333: Publish a new revision of Profile for Use of DisplayName in OASIS
template
Owner: Sampo Kellomki
Status: Open
Assigned: 2008-05-19
Due: ---

#0332: Revise Query Extension for SAML AuthnReq
Owner: Sampo Kellomki
Status: Open
Assigned: 2008-05-19
Due: ---


Attendance
==========

Voting Members:
Rob Philpott  EMC Corporation John Bradley Individual
Jeff Hodges Individual
Scott Cantor Internet2
Nathan Klingenstein Internet2
Bob Morgan Internet2
Tom Scavo NCSA
Peter Davis NeuStar, Inc.
Srinath Godavarthi Nortel
Hal Lockhart Oracle Corporation
Brian Campbell Ping Identity Corporation
Anil Saldhana Red Hat
Kent Spaulding Skyworth TTG Holdings Limited
Eve Maler Sun Microsystems
Emily Xu Sun Microsystems
Duane DeCouteau Veterans Health Administration

Members:
Paul Madsen NTT Corporation
Ari Kermaier Oracle Corporation

Quorum: 16 out of 21 Voting Members (76%)

Membership Status Change: Paul Madsen and Ari Kermaier regain voting
   rights.
George Fletcher loses voting rights.



---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php