[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: OASIS SSTC con call minutes 2009-07-28
Minutes from SSTC Conference Call, July 28, 2009, 12:00pm ET *** Summary ** Votes * Approve XSPA draft as Committee Draft: http://www.oasis-open.org/committees/download.php/33396/saml-xspa-1%200-cd04.doc * Approve ballot request to accept above XSPA doc as a Committee Specification ** Action items * Scott Cantor will update the document SAML V2.0 Condition for Delegation Restriction, sstc-saml-delegation-cd-01 * Scott Cantor will produce a new redline version of the SAML spec set to align with errata draft 49 *** Full minutes Called to order by Thomas H at 12:04 EDT. Quorum achieved. 1. Roll Call & Agenda Review 2. Need a volunteer to take minutes ** Your humble scribe, RL "Bob" Morgan 3. Approval of minutes from last meeting (30 June 2009) http://lists.oasis-open.org/archives/security-services/200907/msg00032.html ** Approved without objection. 4. AIs & progress on current work-items: (a) Current electronic ballots: SAML V2.0 Attribute Extensions Version 1.0 SAML V2.0 Metadata Extension for Entity Attributes Version 1.0 SAML V2.0 Metadata Interoperability Profile Version 1.0 SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0 as a CS SAML V2.0 Holder-of-Key Assertion Profile Version 1.0 (b) Report 15-Day review of revised XSPA profile. Document: http://www.oasis-open.org/apps/org/workgroup/security/email/archives/200 907/msg00024.html DavidS: a spreadsheet was posted in this message: http://www.oasis-open.org/apps/org/workgroup/security/email/archives/200 907/msg00020.html listing changes between the XSPA document above and the previous version of the document. These changes are non-substantive, ie they would not affect a compliant implementation. DavidS: move to accept latest XSPA rev as committee draft. Duane seconds. ** Approved without objection. DavidS: move to create ballot to accept cd-04 as Committee Specification. Duane seconds. ** Approved without objection. (c) 15-Day review of sstc-saml-approved-errata-2.0-draft-49. Hal: note that review is only on new errata, 64-79. Waiting on Mary from OASIS to set up review. (d) Progress on getting Jira instance for SSTC (Scott). Scott: waiting for Mary. (e) Duane to add a page for the XSPA page in the SAML wiki. Duane: working on it. (f) SAML V2.0 Holder-of-Key Assertion Request Profiles. Tom: nothing to report. (g) Level of Assurance Authentication Context Profiles for SAML 2.0. RLBob: added new section defining attribute for certification assurance, as discussed on list Scott: attribute profile needs conformance section too RLBob: will do Scott: is there normative dependency on metadata attribute doc? RLBob: yes, so progress of the assurance doc is dependent on that doc Scott: should be OK, metadata attribute doc is pretty mature (h) Other current item discussion Scott: take an AI to update the profile for condition for delegation restriction document and AI to produce new redline version of SAML spec set to align with errata-49 Scott: need attestations for some of recent docs to get them to OASIS standard. Hal: standing agreement with ITU-T to accept SSTC materials as ITU-T standards without modification, should pass along errata-49 after upcoming review. Probably some issue with ITU-T errata process being quite different from OASIS errata process. 5. New work items None reported. 6. Assorted threads on saml-dev/comment list - HMAC issues in XML Dsig Hal: issue kept non-public for a few months while vulnerability was being analyzed and implementations updated. Arguably the standard wasn't written clearly enough. Scott: implementations generally done by XML people, not security people. - Question about namespace definition (SAML IOP event) Kyle not on call. Will discuss next time if needed. Scott: working drafts of XML signature updates coming. SSTC will want to consider revisions to specify use of the new sig methods, since they may make SAML more usable to more implementations. Next call August 25, 2009. ** Attendance Voting Members: Rob Philpott EMC Corporation John Bradley Individual Scott Cantor Internet2 Bob Morgan Internet2 Thomas Hardjono M.I.T. Tom Scavo National Center for Supercomputing Applic Frederick Hirsch Nokia Corporation Srinath Godavarthi Nortel Paul Madsen NTT Corporation Ari Kermaier Oracle Corporation Hal Lockhart Oracle Corporation Anil Saldhana Red Hat Eve Maler Sun Microsystems Duane DeCouteau Veterans Health Administration David Staggs Veterans Health Administration Members: Richard Franck IBM Quorum: 15/21 Voting Members (68%) Status Changes: Richard Franck gains voting rights. Brian Campbell and Jeff Hodges lose voting rights.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]