OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Updated/corrected Minutes from October 20th 2009 SSTC Call


One of the AIs for the Chairs was to correct the minutes from the SSTC Call on Oct 20th.
Thus, for simplicity I have inserted text from Tom's email seeking clarification for
one of the motions (relating to "Designated Cross-Reference Changes").

There is no change to the motion itself, nor to the actions coming out of the motion.

I've inserted the whole text as it provides some useful background information.
Hope this is ok.



-----Original Message-----
From: Anil Saldhana [mailto:Anil.Saldhana@redhat.com] 
Sent: Thursday, October 29, 2009 1:17 PM
Subject: Re: [security-services] Proposed Agenda SSTC Conference Call
(October 20, 2009)

-----New Message Follows-----

SSTC Conference Call Minutes
October 20th, 2009, 12:00pm ET

1. Roll Call & Agenda Review

Voting Members:
Rob Philpott EMC Corporation
John Bradley Individual
Scott Cantor Internet2
Nathan Klingenstein Internet2
Thomas Hardjono M.I.T.
Frederick Hirsch Nokia Corporation
Paul Madsen NTT Corporation
Ari Kermaier Oracle Corporation
Hal Lockhart Oracle Corporation
Anil Saldhana Red Hat
David Staggs Veterans Health Administration

Kyle Meadors Drummond Group Inc.
Joshua Howlett  Individual
Peter Davis Neustar, Inc.
Christian Guenther Nokia Siemens Networks GmbH & Co. KG
Thinh Nguyenphu Nokia Siemens Networks GmbH & Co. KG
Prateek Mishra Oracle Corporation
Emily Xu Sun Microsystems
George Fletcher AOL

Quorum:  Achieved:  11 out of 17 voting members (64%)
Status:  Kyle, Emily, Christian, Thinh become voting members.
Status Changes:
Richard Frank (IBM) lost voting status

2. Need a volunteer to take minutes

Staggs appointed.

3. Approval of minutes from last meeting (Sept 22, 2009):


Minutes approved.

4. AIs & progress update on current work-items:

  (a) Current electronic ballots: none

  (b) Status/notes regarding past ballots:

       (i) XSPA:
           - Spec has been submitted to OASIS for approval as Full

Voting open, all encouraged to vote.  This is the last opportunity to
vote before the next meeting.

       (ii) SAML V2.0 Attribute Extensions Version 1.0

Keeping at CS, until attestations gathered.

            SAML V2.0 Metadata Extension for Entity Attributes Version

Keeping at CS, until attestations gathered.

            SAML V2.0 Metadata Interoperability Profile Version 1.0

Keeping at CS, until attestations gathered.
Scott suggested looking at activity in Kantara for implementation

            - Wiki's have been updated
            - Formal attestations regarding implementations being sought
by Scott.

       (iii) SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0
as a CS
             SAML V2.0 Holder-of-Key Assertion Profile Version 1.0
             - Due to errata when transitioning from CD to CS status,
               these two docs need to move back to CD status.
Nate states changes submitted reverted work to working draft 

Nate moves to move WD to CD. second (Tomas)
Discussion: Changes determined non-substantive

Motion to request a ballot for special vote to make SAML V2.0
Holder-of-Key Web Browser SSO Profile Version 1.0 into committee
specification (CS) AND 
that changes are non-substantive AND that schema and XML examples are

Moved by Nate Second by Tomas

ACTION ITEM: Nate will produced CD in three forms.

ACTION ITEM: Nate will also we cross refence HoK assertion profile and
Browser profile.

ACTION ITEM: chair to submit the request.

Scott- need cross referencing (see section 2.19)

______Added on 11/13/2009: _________________
   I wasn't on the last call so I'm simply looking for a clarification with
   respect to the above motions. I don't see mention of "Designated
   Cross-Reference Changes" in the motion to take the CD to CS although I
   do see that Scott referenced the appropriate section in the TC process


   For the record, the two references that are to be taken as "Designated
   Cross-References" are references [HoKSSO-XSD] and [SAML2HoKAP] in
   specification "SAML V2.0 Holder-of-Key Web Browser SSO Profile Version
   1.0" as noted in this diff that takes draft-13 to cd-03:


   When the CD is taken to CS (by tc-admin) we want to be sure these two
   references are updated, so we want to follow section 2.19 in the TC
   process carefully. As far as I know, this is the first time the SSTC has
   encountered this issue, so I'm documenting it here and asking that it be
   included in the minutes.


             - AI: Create new Working Drafts of the HoK Profiles [Tom]

  (c) 15-Day review of sstc-saml-approved-errata-2.0-draft-49 [Hal]

Discussion: Scott adds a new item concerning errata.  Scott states our
process of voting on each errata separately the to append to (an
unapproved) errata draft was not required and that a quicker way would
be to produce a WD of errata and approved errata items, then voting
approved errata draft as a CD (and constitute approval of all errata
therein.  However, there are three errata that deserve discussion in
approved errata draft 51

E81: RSA SHA 1 signing not a specification requirement, just any
algorithm designed for use to sign XML is OK (no objections)

E82: co-constraints in metadata (empty elements) prose correction to
include at least one (no objections)

E83:  Wording change from experience in Liberty interop - serializing
assertions related to exclusive canonicalization, reworded to specify
that is not a requirement . (no objections)

To adopt sstc-saml-approved-errata-2.0-draft-51 as CD
Rob moves, Scott seconded

To request chairs create 15 day public review of CD of above errata
draft (includes E81, 82, 83) for 15day public review AND that changes
were not substantive AND any XML therein are well-formed.
Scott moved Tom seconded

ACTION ITEM: Scott will make CD.
ACTION ITEM: Hal to request 15 day review.

Scott had another errata item (procedural issue) from PE 80 concerning
the mime type registrations RE affiliation description and relationship
to our specification. Need someone with IETF experience requested. ARI
suggests moving to a reference.

ACTION ITEM: Hal to check with Mary on the removal of the
(non-normative) appendix that includes the mime types.  
ACTION ITEM: Scott will consult with Bob Morgan.

  (d) Progress on getting Jira instance for SSTC [Scott]

Scott: Nothing to report (NTR).

  (e) Kerberos related items (Josh):
       - Kerberos Web browser SSO profile
Josh: Kerberos web single signon profile (analogous to HoK profile)
First draft is on the TC discussion list, request for opinions on using
HoK web single sign-on as the starting point and tweak text to use
Kerberos as evidence.

Question from Josh: On HoK single sign-on profile there is a reference
to federal e-auth guideline SP 800-63
Suggested to come back to this issue later.
Request that Pdf be made on documents by two members.

To move Kerberos subject confirmation method AND Kerberos attribute
profile to CD.
Moved by Thomas, second Nate.)
Rob requests pdf but does not object.

ACTION ITEM: (Josh and Thomas) prepare CD versions in the three formats

  (f) Expressing Identity Assurance profile for SAML2.0 (LOA)  [Bob
       - AI: Produce CD version of Identity Assurance profile and update
the wiki.


  (g) Delegation Condition Extension Profile (Scott)
       - AI: Produce CD version of Condition for Delegation Restriction.

Report on motion to create an electronic ballot, Hal made the request on
Friday for CD to go to CS vote.
ACTION ITEM: Hal will check on progress.

  (h) Port the SSTC Work Summary to the wiki [Hal]

Hal will supplement the wiki.

  (i) Investigate and report on CARML. [Hal]
Hal investigated bringing Liberty specifications (CARML and WSF-DST) can
be donated by a Liberty board approval.  Attribute management profile
will be pursued independently 

  (j) Produce CS version of Text-based Challenge/Response profile [Anil]


  (k) Increasing the frequency of SSTC meetings (eg. to 2-weekly).
Beginning in two weeks, return to two week schedule.

ACTION ITEM: Anil to set up meeting schedule

5. New work items:

6. Assorted threads on saml-dev/comment list
   - SAML Attribute Management protocol discussion.
   - Metadata/IOP/Kerberos/Front channel binding discussion.

New discussion item-NSN Attribute Management protocol and Name Identity

Discussion on proposal 

Ben: The e-mail discussion leans to re-use; comparison CARML (more
features) v NSN (simple schemes).  Considering adding passing policy as
done by CARML; considering addition to NSN.  The need for SP to validate
is a good use case. 
Prateek: Supports work on attribute profile. Communicating updates back
to an authority makes this CARML functionality a natural extension to
SAML. There is a gap and this fills it.
Scott: concern implementations would fragment because of open
speciation.  Feels like overlap here and ID-WSF (DST) from Liberty - not
clear why we can't use that.
Hal: ID-WSF (DST) is heavy-weight; Scott thinks lack of detailed
description will cause fragmentation, especially with delegation.

SAML Name Identifier Proposal
Christian: Discussion on list resulted in unresolved issues in moving
Scott: Does not believe this can be done with our exchanging the roles
in the process. From protocol point of view needs to be an assertion to
be secure.
Ben: Danger in policy used to handle name ID request may cause problems
RE authN request.  

New item- Kerberos front channel bindings


No comments, suggest review next week.

Next meeting in two weeks.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]