paul
Paul Madsen wrote:
497F4BF2.6080501@rogers.com" type="cite">OASIS SSTC conference call minutes
2009-01-27
Scribe: Paul Madsen
--AI--: Scott to create CD version of 'SAML V2.0 Metadata Extension for Entity Attributes Draft 2'
--AI--: Scott to propose wording for NotOnOrAfter attribute errata for core, send to list
Roll Call & Agenda Review
Attendees
pending
1. Minutes
1.1 Minutes from SSTC/SAML conference call January 13, 2009
http://lists.oasis-open.org/archives/security-services/200901/msg00029.html
additions:
http://lists.oasis-open.org/archives/security-services/200901/msg00030.html
No objection to unanimous consent
Approved minutes are archive message http://lists.oasis-open.org/archives/security-services/200901/msg00036.html
2. Announcements
2.1 Public Federal Register announcement of SAML standard in HC
http://lists.oasis-open.org/archives/security-services/200901/msg00027.html
DS: big step, announcement that the Sec of Human Health has accepted the HITSP recommendation, including TP20
Triggers legal obligations for federal agencies to use SAML. Next version will require use of additional OASIS standards,
HITSP leadership has voted to approve XSPA profile of SAML, will be pushed out as requirement
XSPA profile will be demoed at HIMSS
David calls for participation from other TCs, e.g. WS-Trust and XACML
HIMSS happens in 60 days
3. Document Status
3.1 SAML V2.0 HoK Assertion Profile (draft-09)
http://lists.oasis-open.org/archives/security-services/200812/msg00026.html
TS: I sent a summary email on Jan 20 to list. Interested should refer to that
There was a SAML dev thread initiated by NZ Gov's Brett Beaument
HoK Draft 9 is response to those comments.
SC: is this draft 9 or 7? The link in the document in the agenda says 'draft 7'...?
TS: thanks. Link that Hal put in the agenda is wrong
Correct link is
http://lists.oasis-open.org/archives/security-services/200901/msg00026.html
3.2 SAML Errata Working Document for SAML V2.0 - Working Draft 47
http://lists.oasis-open.org/archives/security-services/200901/msg00033.html
SC: updated to move everything disposed of to closed list. Some discussion on last call that we might want to start a public errata review
HL: lets save that for 4.3
4. Discussion
4.1 Move SAML V2.0 Metadata Extension for Entity Attributes Draft 2 to CD?
http://lists.oasis-open.org/archives/security-services/200901/msg00022.html
SC: Brian had substantive comments earlier.
BC: this is back to the attributes/full assertions..?
SC: which option were you arguing for?
BC: no preference, just not both. Goal is simpler implementation, but never works out
SC: we are trying to make deployements easier, not implementation
BC: I withdraw my objection
SC: my feeling is to get it out there,
SC: motion to move 'SAML V2.0 Metadata Extension for Entity Attributes Draft 2' to CD
BC: second
Vote approved by unanimous consent
--AI--: Scott to create CD version of 'SAML V2.0 Metadata Extension for Entity Attributes Draft 2'
4.2 Potential Errata: Core description of SessionNotOnOrAfter insufficient?
http://lists.oasis-open.org/archives/security-services/200901/msg00034.html
RP: potential errata around interpretation of core spec on SessionNotOnOrAfter attribute.
Suggest adding clarification as to how SessionNotOnOrAfter attribute should/must be interpreted by RPs.
3 approaches to RP processing rules
1) Core defines and profiles cant override
2) Core defines and profiles override
3) Core defers to profiles
SC: agree that original language is lacking. Think that this attribute is pretty profile specific, shouldnt
have processing rules in core. Therefore likes Option 3.
RP: suggest adding text to core along the lines of 'interpretation of this attribute is profile specific'
SC: I can add to next errata draft.
AK: wondering if this is actually profile specific, rather than policy spefific at RP. RP can decide itself
whether to rely on authentication once IDP session expired. We shouldn't ahve normative language restricting the RP's choice.
RP: Web SSO profile does apply normative language. Need text in core pointing to such rules.
--AI--: Scott to propose/add wording for next errata, send to list
AK: what about session index? related?
SC: session index and SessionNotOnOrAfter are linked, the SessionNotOnOrAfter attribute will be easier to deal with if vague
in core. Profiles define behaviour. Might imply an errata for the Web SSO profile around this.
4.3 Other Potential Errata and Errata Planning
SC: not aware of any other errata in the pipeline.
HL: so, next steps? We can do a new errata. Cant be sure we wont see some new errata tomorrow but thats always the case
SC: I have a long standing action item on one, but not sure when I will tackle it. The metadata profile I was working on
might produce an errata. Regardless, I suggest get another errata draft out now without the above, review the possibility of adding in at next call.
5. Other business
HL: no AOB
6. Action Items (Report created 26 January 2009 08:59pm EST)
#0332: Revise Query Extension for SAML AuthnReq
Owner: Sampo Kellomki
Status: Open
Assigned: 2008-05-19
Due: ---
closed
#0333: Publish a new revision of Profile for Use of DisplayName in OASIS template
Owner: Sampo Kellomki
Status: Open
Assigned: 2008-05-19
Due: ---
closed
Adjourned
Hal
--
Paul Madsen
e:paulmadsen @ ntt-at.com
p:613-482-0432
m:613-282-8647
web:connectid.blogspot.com
No virus found in this incoming message. Checked by AVG. Version: 7.5.552 / Virus Database: 270.10.14/1918 - Release Date: 27/01/2009 7:26 AM
--
Paul Madsen
e:paulmadsen @ ntt-at.com
p:613-482-0432
m:613-282-8647
web:connectid.blogspot.com
Paul Madsen
e:paulmadsen @ ntt-at.com
p:613-482-0432
m:613-282-8647
web:connectid.blogspot.com