OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: OASIS SSTC con call minutes 2009-07-28


Minutes from SSTC Conference Call, July 28, 2009, 12:00pm ET

*** Summary

** Votes

* Approve XSPA draft as Committee Draft:
http://www.oasis-open.org/committees/download.php/33396/saml-xspa-1%200-cd04.doc
* Approve ballot request to accept above XSPA doc as a Committee
   Specification


** Action items

* Scott Cantor will update the document SAML V2.0 Condition for Delegation
     Restriction, sstc-saml-delegation-cd-01
* Scott Cantor will produce a new redline version of the SAML spec set to
     align with errata draft 49

*** Full minutes

Called to order by Thomas H at 12:04 EDT.  Quorum achieved.

1. Roll Call & Agenda Review

2. Need a volunteer to take minutes

** Your humble scribe, RL "Bob" Morgan

3. Approval of minutes from last meeting (30 June 2009)

http://lists.oasis-open.org/archives/security-services/200907/msg00032.html

** Approved without objection.

4. AIs & progress on current work-items:

  (a) Current electronic ballots:
        SAML V2.0 Attribute Extensions Version 1.0
        SAML V2.0 Metadata Extension for Entity Attributes Version 1.0
        SAML V2.0 Metadata Interoperability Profile Version 1.0
        SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0 as a CS
        SAML V2.0 Holder-of-Key Assertion Profile Version 1.0

  (b) Report 15-Day review of revised XSPA profile.

Document:
http://www.oasis-open.org/apps/org/workgroup/security/email/archives/200
907/msg00024.html

DavidS:  a spreadsheet was posted in this message:
http://www.oasis-open.org/apps/org/workgroup/security/email/archives/200
907/msg00020.html
listing changes between the XSPA document above and the previous version
of the document.  These changes are non-substantive, ie they would not
affect a compliant implementation.
DavidS:  move to accept latest XSPA rev as committee draft.  Duane 
seconds.
** Approved without objection.
DavidS:  move to create ballot to accept cd-04 as Committee Specification.
Duane seconds.
** Approved without objection.

  (c) 15-Day review of sstc-saml-approved-errata-2.0-draft-49.

Hal:  note that review is only on new errata, 64-79.  Waiting on Mary from
OASIS to set up review.

  (d) Progress on getting Jira instance for SSTC (Scott).

Scott:  waiting for Mary.

  (e) Duane to add a page for the XSPA page in the SAML wiki.

Duane:  working on it.

  (f) SAML V2.0 Holder-of-Key Assertion Request Profiles.

Tom:  nothing to report.

  (g) Level of Assurance Authentication Context Profiles for SAML 2.0.

RLBob:  added new section defining attribute for certification assurance,
   as discussed on list
Scott:  attribute profile needs conformance section too
RLBob:  will do
Scott:  is there normative dependency on metadata attribute doc?
RLBob:  yes, so progress of the assurance doc is dependent on that doc
Scott:  should be OK, metadata attribute doc is pretty mature

  (h) Other current item discussion

Scott:  take an AI to update the profile for condition for delegation
   restriction document
and AI to produce new redline version of SAML spec set to align with
   errata-49

Scott:  need attestations for some of recent docs to get them to OASIS
standard.

Hal:  standing agreement with ITU-T to accept SSTC materials as ITU-T
   standards without modification, should pass along errata-49 after
   upcoming review.  Probably some issue with ITU-T errata process being
   quite different from OASIS errata process.

5. New work items

None reported.

6. Assorted threads on saml-dev/comment list
  - HMAC issues in XML Dsig

Hal:  issue kept non-public for a few months while vulnerability was being
analyzed and implementations updated.  Arguably the standard wasn't
written clearly enough.
Scott:  implementations generally done by XML people, not security people.

  - Question about namespace definition (SAML IOP event)

Kyle not on call.  Will discuss next time if needed.

Scott:  working drafts of XML signature updates coming.  SSTC will want to
consider revisions to specify use of the new sig methods, since they may
make SAML more usable to more implementations.

Next call August 25, 2009.

** Attendance

Voting Members:
Rob Philpott EMC Corporation
John Bradley Individual
Scott Cantor Internet2
Bob Morgan Internet2
Thomas Hardjono M.I.T.
Tom Scavo National Center for Supercomputing Applic
Frederick Hirsch Nokia Corporation
Srinath Godavarthi Nortel
Paul Madsen NTT Corporation
Ari Kermaier Oracle Corporation
Hal Lockhart Oracle Corporation
Anil Saldhana Red Hat
Eve Maler Sun Microsystems
Duane DeCouteau Veterans Health Administration
David Staggs Veterans Health Administration

Members:
Richard Franck IBM

Quorum:  15/21 Voting Members (68%)
Status Changes:  Richard Franck gains voting rights.  Brian Campbell and
   Jeff Hodges lose voting rights.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]