OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes for SSTC Conference Call (November 17th, 2009)

Proposed Agenda SSTC Conference Call
November 17, 2009, 12:00pm ET

Dial in info: +1 408-774-4073
Conference code: 4480739
Password: 72657265 (SAMLSAML)

1. Roll Call & Agenda Review

2. Need a volunteer to take minutes

3. Approval of minutes from last meeting (Nov 3, 2009):


Rob moved to accept minutes. Ari seconded the motion.

4. AIs & progress update on current work-items:

  (a) Current electronic ballots:
        - Condition Delegation Restriction (1.0) as Committee Spec. (Ballot closes Nov 14th)

Announcement that the ballot measure had passed. No comment from attendees.

  (b) Status/notes regarding past ballots:

       (i) SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0 as a CS
           SAML V2.0 Holder-of-Key Assertion Profile Version 1.0
             - AI: Create CD in three forms [Tom/Nate]
             - AI: Chairs to request ballot to make into CS status. [Hal/Thomas]

Hal and Nate absent, no comment on AI status.

  (c) sstc-saml-approved-errata-2.0-draft-49:
             - AI: Scott/Bob to provide text changes for the Errata doc [Scott/Bob]

Scott needs to talk to Bob about what must be done to get IANA registration changed. Scott knows little about the process, and it may not even be possible to change the existing registration. Bob doesn't know either, but guesses a new registration would be needed. 

Scott also needs to produce new draft errata document; no progress on PEs.

  (d) Progress on getting Jira instance for SSTC:
             - AI: chairs to get accounts on JIRA [Hal/Thomas]

Issue creation permissions for accounts still outstanding. Hal's AI.

  (e) Kerberos related items. [Josh/Thomas]
             - AI: Josh/Thomas to prepare CD version in three formats.

[Ari's call was dropped - need notes from Thomas.]

Josh has worked through data model ambiguities, and will produce new versions soon. Josh's AI.

             - AI : Look into updating XML signatures 1.1 (in W3C) to 
                      include Kerberos-mechanism. [Scott/Thomas/Josh]

Josh thinks this is the right thing to do in the long term. In the shorter term, if we were to have a Kerberos/XML-DSIG dependent spec, we'd be waiting for a while.

Scott says 1.1 is pretty much closed, so we'd have to wait for 2.0 in any case. But isn't this just an HMAC signature, anyway? Then we don't really need to update XML-DSIG to support Kerberos signatures.

Josh is thinking about encoding rules for principal names and the like for Kerberos XML signatures.

Scott doesn't think specifying that is very important for the spec.

  (f) Expressing Identity Assurance profile for SAML2.0 (LOA)  [Bob Morgan]
       - AI: Produce CD version of Identity Assurance profile and update the wiki.

Bob still hasn't produced the CD version yet. Will try to produce in the next couple weeks.

  (g) Delegation Condition Extension Profile (Scott)
       - AI: Hal to check on progress of request to make electronic ballot (for CD to go to CS).

Scott isn't sure if 13/19 on the ballot meets the required super-majority for passage.
Rob will look up the process rules and report. Done: 2/3 majority passes, which was reached.
AI is on chairs to notify Mary to finalize publication.
(Scott will add an attestation if needed.)

  (h) Port the SSTC Work Summary to the wiki [Hal]

Hal absent; no report.

  (i) CS version of Text-based Challenge/Response profile [Anil]

Anil has uploaded ODT, PDF, HTML formats. No change to schema, but still needs to be uploaded. Anil's AI.

Ballot for CS was completed in April, so once the docs are uploaded the TC needs to review and notify Mary, who will do formal publication.

5. New work items:


6. Assorted threads on saml-dev/comment list
   - IIW event

Paul M.: Sent email to list about developments in that community on MS OpenID selector. May drive effort to develop multi-protocol selector, though current focus is on OpenID. Question for SSTC is whether we want to ensure SAML requirements are addressed from the start. Is such a selector of interest to the SAML community?

Bob: How to include MS in discussions about how to handle RPs cleanly?

Discussion seems to agree that SSTC is interested in selector as a WAYF substitute for SAML. If MS will do a selector that supports both IMI and OpenID, maybe it can handle SAML as well. But until an appropriate venue materializes for discussion with the requisite parties, we'll just wait and see.

   - OAUTH and SAML (consent & authentication discussion) - from Paul Madsen

Paul: At IIW had discussion on how SAML could work with OAuth. How are SAML/OAuth roles distributed, how to extend/profile SAML, etc. Welcome participation by anyone who's interested.
Consent: Surprising number of IdP deployments that ask for consent in practice. What does consent mean in the OAuth and OpenID flows?
MS Web Resource Authorization Profile - alternative to OAuth protocol, submitted to IETF OAuth WG for harmonization.
[Bulk of discussion not recorded intelligibly.]

7. Next Call: Tue 1 December, 2009

8. Other: Plans for SSTC calls during Holiday season (mid-December and early January)

Thomas: Must decide on next call.

Thomas adjourned the call at 1:05pm EST.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]