Subject: Re: [security-services] Minutes SSTC Conference Call (9 March 2010)
On 03/23/2010 11:03 AM, ARI KERMAIER wrote: > Minutes from the last meeting, roll-call missing. > Regards, > Ari > > >> -----Original Message----- >> From: Thomas Hardjono [mailto:hardjono@MIT.EDU] >> Sent: Monday, March 08, 2010 1:22 PM >> To: OASIS SSTC >> Cc: Harold Lockhart >> Subject: [security-services] Proposed Agenda SSTC Conference Call (9 >> March 2010) >> >> >> >> >> Folks, >> >> Let us know if there are any corrections or changes >> needed for the Agenda. >> >> Note: Thomas will not be on the call due to a meeting clash, but Hal >> will be present. >> >> >> Hal+Thomas >> ----------------- >> >> _______________________________________________________ >> >> Proposed Agenda SSTC Conference Call >> Tuesday 9 March 2010, 12:00pm ET >> >> Dial in info: +1 408-774-4073 >> Conference code: 4480739 >> Password: 72657265 (SAMLSAML) >> >> >> 1. Roll Call& Agenda Review >> > No quorum. > > Voting Members: Scott Cantor Internet2 Bob Morgan Internet2 Tom Scavo NCSA Frederick Hirsch Nokia Corporation Thinh Nguyenphu NSN Ari Kermaier Oracle Corporation Hal Lockhart Oracle Corporation Anil Saldhana Red Hat Emily Xu Sun Microsystems Members: Anthony Nadalin Microsoft Corporation Phil Hunt Oracle Corporation Quorum: Not Achieved: 9 out of 19 (47%) Status: Paul Madsen and Nate Klingenstein lose voting rights >> 2. Need a volunteer to take minutes >> > Ari (was) volunteered. > > >> 3. Approval of minutes from last meeting (23 Feb, 2010): >> > Skipped due to lack of quorum. > > >> http://www.oasis- >> open.org/apps/org/workgroup/security/email/archives/201003/msg00006.htm >> l >> >> NB. Minor typo ("ICAM" vs "ICANN"). >> >> >> 4. AIs& progress update on current work-items: >> >> (a) Current electronic ballots: None open >> > No update. > > . > >> (b) Status/notes regarding past ballots: (none) >> > No update. > > >> (c) SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0 as a >> CS >> SAML V2.0 Holder-of-Key Assertion Profile Version 1.0 >> - Status: Mary asked chairs to send 1 email per request to TC- >> Admin >> - AI: Thomas will resend to Mary, 1 email per request for all >> documents. (TBD Thomas) >> > Ballot passed. Issue Tracker: TC-Admin 52 > No official notification from TC-Admin, though. > Who should create the CS version -- TP-Admin? > > >> (d) Kerberos related items. [Josh/Thomas] >> - Attribute Profile and the Subject Confirm Method docs are in >> 60-day review. >> - Kerberos Web Browser SSO Profile: >> - Want to move to CD, but waiting for reformatting of doc >> - AI: Thomas/Josh to reformat to CD format before resubmitting >> request. >> > No update. > > >> (e) Expressing Identity Assurance profile for SAML2.0 (LOA) >> - Bob has done all corrections Mary asked for. >> - Status: Mary asked chairs to send 1 email per request to TC- >> Admin >> - AI: Thomas will resend to Mary, 1 email per request for all >> documents. (TBD Thomas) >> > Issue Tracker: TC-Admin 75 > Scott reports having sent requested info to Mary, but status not updated. > > >> (f) CS version of Text-based Challenge/Response profile. >> - Status: Mary asked chairs to send 1 email per request to TC- >> Admin >> - AI: Thomas will resend to Mary, 1 email per request for all >> documents. (TBD Thomas) >> > No update, but no open AI in SSTC. > > >> (g) Errata doc: >> - Scott working on publishing updated "Approved Standard with >> Approved Errata". >> > Getting document published at URL is still outstanding. Scott still doesn't have closure on whether he or RC-Admin will do the edits for the CS version. > > >> (h) NSN Attribute Update proposal (Thinh) >> > Phil Hunt (Oracle) posted an alternate proposal that covers similar use cases. Basically the same as last Fall's proposal, with the addition of full subject lifecycle management (Add, Modify), and Replace in the Modify operation. > Scott asks: Is this a back-channel or front-channel protocol? > Answer: Intended as back-channel, but could be profiled as front-channel. > Scott: Don't you need to have subject authentication to add a subject? Sounds like something to be careful about. > Phil: Maybe need additional spec for authn/delegation. > Scott: Does Modify Subject include NameID modification? Isn't that already covered by Manage NameID protocol? > Discussion/observations about proposals for authentication, SP credentialing, policy, IDP semantics, etc. > Hal calls for TC to review the new proposal. > > >> (i) Metadata Interop profile (Scott) - update >> > Scott suggested incorporating Josh's Kerberos-related profiles into a revision of the current profile. Scott rev'ed the document to v2.0, merged in the material, reworked the conformance section. Also made some modifications to respond to objections from other communities (ICAM, et al). Posted March 1. Still has some cleanup and schema work to do. Also wants to pull in XML-DSIG 1.1 KeyInfo, but timelines may not work out if we want to progress the document to CS sooner. > > (j) Scott has a new profile draft, just uploaded, that he'll describe briefly on the > call to solicit comment. http://wiki.oasis-open.org/security/RequestInitProtProf > Scott: Proposal to standardize a Shibboleth mechanism for how to ask a provider to initiate SSO (SP or IDP initiated). Particularly useful for SPs supporting multiple protocols. Not SAML(2)-specific, designed to work across multiple protocols, including InfoCard. Composable with the Discovery Protocol. > > >> >> 5. New work items: none. >> >> >> 6. Assorted threads on saml-dev/comment list: >> - SAML assertion profile in OAuth 2.0 (Paul M.) >> > Sunil mentions that SAML is not strongly referenced in the OAuth spec. Bob mentions that they might be removing that reference. > >> - Project Moonshot (Josh) >> - IETF draft and planned BOF at IETF77 >> > Scott: There are various conversations and proposals going on about where SAML fits into this. Try to attend the Bar BOF at IETF77. > > >> >> 7. Next Call: Tuesday 23 March, 2010. >> New dial-in number (MIT webex number): Thomas to post on separate >> email.