[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] SSTC/SAML concall Draft Minutes Tue 2-Jun-2009
Tom Scavo wrote: > Comments inline. > > On Tue, Jun 2, 2009 at 2:18 PM, =JeffH <Jeff.Hodges@kingsmountain.com> wrote: > >> comments to the list please. >> >> =JeffH >> >> ============================================================================ >> SSTC/SAML concall Tue Jun 2 09:12:38 PDT 2009 >> ---------------------------------------------------------------------------- >> >> Hal Lockhart presiding >> >> Minutes by Jeff Hodges (=JeffH) >> >> NOTE: next TC concall/meeting is Tue 30-Jun-2009 >> >> >> Roll Call ========= Voting Members: Rob Philpott EMC Corporation John Bradley Individual Jeff Hodges Individual Scott Cantor Internet2 Nathan Klingenstein Internet2 Bob Morgan Internet2 Tom Scavo NCSA Frederick Hirsch Nokia Corporation Srinath Godavarthi Nortel Hal Lockhart Oracle Corporation Brian Campbell Ping Identity Corporation Eve Maler Sun Microsystems Emily Xu Sun Microsystems David Staggs Veterans Health Administration Members Kyle Meadors Drummond Group Inc. Duane DeCouteau Veterans Health Administration Quorum: 14 out of 20 (Quorum Achieved) Status: Duane regains voting rights. Peter Davis loses voting rights. >> AI summary >> ------------ >> >> AI -- Scott Cantor to post affirmation to list of no comments in public >> review on those docs >> >> AI -- Tom Scavo to assemble list of comments from PR on the two HOK docs and >> begin processing them >> >> AI -- Charis to make request noted in Motion 2. >> >> AI -- Dwayne to add a page for the XSPA page in the SAML wiki >> >> >> >> Motions Passed >> -------------- >> >> 1. Moved to re-affirm these specs as CD due to passing public review with no >> comments.. >> SAML V2.0 Attribute Extensions Version 1.0 >> SAML V2.0 Metadata Extension for Entity Attributes Version 1.0 >> SAML V2.0 Metadata Interoperability Profile Version 1.0 >> >> 2. Moved to request TC Admin to launch an electronic ballot to move the docs >> from Motion 1 to CD maturity level. >> >> 3. Moved to move modified XSPA profile to CD >> >> 4. Moved to have a 15-Day review of revised XSPA profile >> (xspa-saml-1.0-pr02.doc version 1) due to there being no substantive >> changes. >> >> 5. Moved to sstc-saml-approved-errata-2.0-draft-49 to CD, confirmed changes >> therein are not substantive, and to proceed to 15-Day public review. >> >> >> >> >> >> >>> Proposed Agenda SSTC Conference Call >>> June 2, 2009, 12:00pm ET >>> >>> Dial in info: +1 215 446 3648 >>> Access code 270-9441# >>> >>> Roll Call & Agenda Review >>> >>> Need a volunteer to take minutes >>> >>> 1. Minutes >>> >>> 1.1 Minutes from SSTC/SAML conference call May 5, 2009: >>> >>> http://lists.oasis-open.org/archives/security-services/200905/msg00018.html >>> >>> >> http://lists.oasis-open.org/archives/security-services/200906/msg00005.html >> (with corrected meeting attendance) >> >> >> prior minutes duly approved by unan consent. >> >> >> >> >> >> >> >>> 2. Announcements >>> >>> >>> 2.1 Public Review of SAML 2.0 Profiles has closed. >>> >>> >>> http://lists.oasis-open.org/archives/security-services/200903/msg00062.html >>> >>> Question to Scott regarding last action item (Scott to talk to Mary about >>> getting a Jira instance for SSTC.) >>> >> Scott Cantor (sc): did talk to her, she said "no problem, you don't do >> anything, I just create it...". So SC will tug her sleeve again. >> >> >> Nate Klingenstein (nk): wrt pub review, had long disc wrt changes they >> could/should make to HOK, how does that affect ? review, did I miss >> anything? >> >> Tom Scavo (ts): didn't miss anything, need to compile comments on the docs, >> yes? >> >> Hal Lockhart (hl): ques is whether we need to do short or long subsequent >> reviews, but in any case need to compile all the comments w/sources and such >> >> >> sc: at least two or three docs didn't rec any comments.. >> >> hl: docs need to be re-affimed as CDs >> >> sc: next step is to ask for vote for CS, yes? >> >> hl: yes >> >> sc: let's do that today since calls are infrequent? >> >> don't recall any comments on any but the delegation restriction one. that >> one is on hold until can produce new WD of it >> >> wrt #2, 5, 6 in the above-referenced message -- no comments on them? >> SAML V2.0 Attribute Extensions Version 1.0 >> SAML V2.0 Metadata Extension for Entity Attributes Version 1.0 >> SAML V2.0 Metadata Interoperability Profile Version 1.0 >> >> sc motion: move to reaffirm above as CD modulo received no comments on them >> >> Jeff Hodges (jh): second >> >> [no objection to unanimous consent to motion -- passed] >> >> AI -- SC to post affirmation to list of no comments in public review on >> those docs >> >> >> AI -- ts to assemble list of comments from PR on the two HOK docs and begin >> processing them >> >> >> sc motion: req tc admin to conduct elec ballot to move the 3 docs to CS >> maturity level >> >> ts: 2nd >> >> [pass w/unan consent] >> >> AI -- chairs, begin process on above listed docs >> >> >> >> >>> 2.2 Comment requested on removing DTD definitions from XML Signature 1.1 >>> and on elliptic curve >>> http://lists.oasis-open.org/archives/security-services/200904/msg00012.html >>> >>> Feedback requested. >>> >> hl: still not too late to comment. >> >> sc: dtds are gone >> >> hl: still debating elliptic curve, thus not to late to comment. >> >> >> >>> 2.3 Reminder - Meetings will be every four weeks - Next call July 7. >>> >> hl: nope, next call is 30-Jun (!!) >> >> >> >>> 2.4 Announcement: Upcoming SAML 2.0 IOP event, July 14-Sept. 4 >>> >>> http://lists.oasis-open.org/archives/security-services/200905/msg00020.html >>> >>> >>> >> Kyle of drummond group: nxt IOP for SAML is 14-Jul-2009, registration is >> still open >> >> >> >>> 3. Discussion >>> >>> 3.1 Review of planned work. Discuss future work plans and indication of >>> specs in the pipeline and approximate date for first drafts. >>> >> [worked down SAML Wiki page: <http://wiki.oasis-open.org/security>] >> >> ts: noted general request that someone add a page for the XSPA page in the >> wiki, >> >> AI -- Dwayne to add a page for the XSPA page in the SAML wiki >> >> >> hl: OASIS BoD have debated at length non-implementable (informational?) >> docs, so have to work in framework, this applies to Tech Overview -- any >> objection to putting the latter into Pub Review at any point? will leave in >> case anyone wants to champion it, can attach to future pub review... >> >> jh: what about simplesign? >> >> sc: there's comments in queue on it, no cycles for it now. >> >> >> sc: impl'd by two as-specificed, not sure about AOL's impl, not aware of >> other impls >> >> hl: so no intent to progress at this time, not >> >> >> hl: wrt token card profile >> >> sc: on hold for IMI TC work >> >> >> hl: SAML V2.0 Holder-of-Key Assertion Request Profiles >> >> sc: active & moving fwd. there's a opengroup doc that depends on it >> > > The Open Grid Forum's AuthZ-WG is preparing to rev a profile based on > this draft document. > > >> have public comments on it, intend to move forward >> > > http://lists.oasis-open.org/archives/security-services/200906/msg00004.html > > >> hl: Level of Assurance Authentication Context Profiles for SAML 2.0 >> status of draft 2 from march? >> >> [no answer] >> >> sc: is this one that's on agenda as another doc? is this one Paul just >> posted? >> that's paul's doc >> >> hl: this is actively being progressed.. >> sounds like we have 3 or 4 that will be ready for pub rev "soon" >> >> any other profiles to propose soon? >> >> fredrick hirsch (fh): there might be something more, can't say just yet.... >> >> >> >>> 3.2 XSPA Profile updated >>> >>> http://lists.oasis-open.org/archives/security-services/200905/msg00022.html >>> >> david staggs (ds): public comment period on this doc ended on 13-Mar, >> analyzed all comments, made approp updates, discussed cmts at last meeting, >> have spreadsheet for all 34 comments, have changes for comments, there's >> lots of interest in XSPA (calling from Healthcare SOA comments and will be >> talking about the spec on Thu this week) >> >> want to propose a motion to move doc forward. last update was recently >> posted. >> >> would be helpful to do vote today due to infrequent TC calls these days. >> >> ds: motion to move modified XSPA profile to CD (would be CD2 rev) >> >> dwayne: 2nd >> >> hl: any objs >> >> [motion passed by unan consent] >> >> hl: can get by w/short pub review. 15-day >> >> >> ds: is cd2 a "major change" from cd1 ? >> >> hl: term is "substantive changes".... >> >> ds: don't believe made "substantive changes".... >> >> hl: [eads process para on this] >> e.g. schema changes are substative, else judgement call >> >> will entertain motion to have 15-day review, comments are limited to the >> changes only, and is judgement of tc that haven't made substan changes >> >> so moved by DS, 2nd Dwayne >> >> hl: any obj's ? >> >> [motion passed by unan consent] >> >> >> hl: expectation is that you create a diff -- do CD version, and diff with >> prev CD >> let hl know when done that. then hl will contact Mary. >> >> enumeration of changes may be sufficient. e.g. just put spreadsheet in >> repository, send hl links to new CD version and spreadsheet. >> >> >> ds: have source file with "tracking" turned on.... >> >> >> >> >>> 3.3 Any more comments to on saml-loa-authncontext-profile: >>> >>> - remove 800-63 schemas >>> http://lists.oasis-open.org/archives/security-services/200904/msg00013.html >>> >>> - Paul to remove specific references to NIST LOA values in a new draft. >>> >> hl: paul not on call ... any comments on above? >> >> >> RLBob Morgag (rlm): propsal on email in last week or so, add to this doc a >> new notion that in addition to being able to express LOA using AC, a >> metadata publisher say can express that an IDP has been "vertified" to use a >> particular profile, using attrs from the attrs-for-metadata draft >> >> see.. >> >> http://lists.oasis-open.org/archives/security-services/200905/msg00013.html >> >> >> have heard from other members of their federation that this would be a good >> thing. >> >> >> john bradley (jb): this isi the "why should i trust you" problem... >> >> rlm: yes, essentially. metadata signing addresses this, but folks wishing >> for more explicit attestation >> >> hl: how does this work? >> >> sc: have an assnertion (assn) about entity, has attribute (attr) in it, >> attestation, can do anything you want with assn of course, is just a common >> claim one can reference. this would be another saml-tc-defined attr >> >> hl: a reg attr statement can refer to any system entity. this one is >> particular to an entity that issues assns >> >> sc: yes, not a big deal >> >> rlm: paul supported it on list >> >> >> jb: provides for IC and other RPs to adopt it (by doing it here) >> >> >> rlm: usual nitpicking wrt actual attr name... >> >> sc: may want to do something similar to orig saml attr work. sc is fine >> with this proposal >> >> >> >> >>> 3.4 Assorted threads on saml-dev/comment list >>> >>> >>> >>> 3.6 Draft Approved Errata posted >>> >>> http://lists.oasis-open.org/archives/security-services/200905/msg00023.html >>> >> sc: anyone doing errata shud do all this in parallel, rather than waiting to >> end. tried to emulate ELM's example, hopefully essentially equivalent >> >> used 49 as increment number to try to keep it consistent >> >> removed refs to non-normative redlined spec >> >> altered lang that there _may_ be redlined specs available >> >> otherwise is just a sync up with working draft. >> >> >> hl: can put info wrt errata in wiki? >> >> AI - SC to put in wiki info wrt making errata process easier >> >> >> hl: do you have list of what orig specs are being altered by this errata? >> >> sc: every normative doc we pub'd as orig spec... >> >> hl: tc process reqs us to supply doc that proposes changes, and optionally >> provide mod'd specs incorp'g errata >> >> sc: doing the latter is burdensome >> >> hl: need to formulate motion to see that boiler plate fixes are made... in >> order to proc approved errata, need doc w/ "corrections". we would need to >> vote -49 to CD, 2nd vote to confirm that corrections do not constitute >> substan change, 3d vote to 15-day pub review, 4th full-majority vote to >> replace the existing errata doc >> >> today, can do first 3 things. >> >> entertain motion to do all first three things (noted above). all these >> errata items we process >> >> sc: so moved >> >> jh: 2nd >> >> hl: any obj's? >> >> [motion passed by unan consent] >> >> >> >> >> >>> 3.5 SAML simplesign useful in practice? >>> >>> http://lists.oasis-open.org/archives/security-services/200905/msg00015.html >>> >> hl: any more to be said on this? >> >> sc: trying to get the xmlsec wg to do a simplesign-like thing, that's where >> question comes in >> >> >> >>> 4. Other business >>> >> hl: any discussion wrt recent threads on saml-dev and comments@ lists? >> >> [silence, none] >> >> >> >> >>> 5. Action Items >>> none open >>> >> [see summary at beginning of these minutes for AIs opened during this >> meeting] >> >> >> [meeting adjourned] >>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]