[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: OASIS SSTC con call minutes 2009-02-24
SSTC Conference Call minutes February 24, 2009, 12:00pm ET Scribe: RL "Bob" Morgan Summary: * The 2 holder-of-key drafts are accepted as Committee Drafts. * AI: TomS will create CD versions of the 2 holder-of-key drafts. Roll Call & Agenda Review ** Quorum achieved. 1. Minutes 1.1 Minutes from SSTC/SAML conference call February 10, 2009 http://lists.oasis-open.org/archives/security-services/200902/msg00023.html ** Approved without comment. 2. Announcements 2.1 SAML XML.org Forum: new posts http://lists.oasis-open.org/archives/security-services/200902/msg00036.html 3. Document Status 3.1 SAML V2.0 Holder-of-Key Web Browser SSO Profile - Draft 11 http://www.oasis-open.org/committees/download.php/30614/sstc-saml-holder-of-key-browser-sso-draft-11.pdf Ready for Committee Draft vote? TomS moves to accept as CD, NateK seconds. Discussion: none ** Approved without objections. 3.2 SAML V2.0 Holder-of-Key Assertion Profile - Draft 9 http://www.oasis-open.org/committees/download.php/30782/sstc-saml2-holder-of-key-draft-09.pdf Ready for Committee Draft vote? ScottC moves to accept as CD, TomS seconds. Discussion: ScottC: in section 2.4.1, line 255, constraints on KeyInfo "the current specification" refers to what? TomS: this doc, will make that clear will also make clear that second edition of XML Sig is basis Scott: would be good to have doc package for public review by next call. ** Approved without objections. 4. Discussion 4.1 comments re draft-sstc-metadata-iop-03 http://lists.oasis-open.org/archives/security-services/200902/msg00024.html ScottC: intend to add text clarifying scope of spec in -04 rev note that PKI-oriented deployments may not find this profile useful doc name can be changed later if needed HalL: would be good to cast it as positive instead of negative ScottC: will try 4.2 DAV issue with Redirect/Artifact bindings http://lists.oasis-open.org/archives/security-services/200902/msg00037.html ScottC: Folks using Shib looking at situations where DAV (webdav/caldav) client coresides with browser and shares cookie store, so SAML might be used. Desire to permit use of PROPFIND etc, which is what DAV clients do first when redirected. Intent of SAML spec seems to be to permit idempotent methods rather than just GET. Maybe implementation note in Errata would suffice, rather than overhead of new binding. TomS: are there impl notes in main spec? ScottC: a few. HalL: could loosening this create vulnerability? ScottC: doesn't change message flow, just permit new methods ScottC: taking this seriously with a binding would mean replacing old bindings, which would be big deal 5. Other business None. 6. Action Items (Report created 23 February 2009 09:52pm EST) #0345: Propose wording for SessionNotOnOrAfter attribute errata for core Owner: Scott Cantor Status: Open Assigned: 2009-02-09 Due: --- Remains open. Adjourned at 12:32 EST. Attendance: Voting Members -------------------- Rob Philpott EMC Corporation John Bradley Individual Jeff Hodges Individual Scott Cantor Internet2 Nathan Klingenstein Internet2 Bob Morgan Internet2 Tom Scavo NCSA Frederick Hirsch Nokia Corporation Ari Kermaier Oracle Corporation Hal Lockhart Oracle Corporation Brian Campbell Ping Identity Corporation Anil Saldhana Red Hat Kent Spaulding Skyworth TTG Holdings Limited Emily Xu Sun Microsystems Duane DeCouteau Veterans Health Administration Quorum Achieved: 15 out of 21 voting members (71%) Membership Status Change: Eve Maler, Paul Madsen, Peter Davis and Srinath Godavarthy lost voting rights.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]