Re: [security-services] Revised Minutes for SSTC Call (June 15, 2010)

[Anil Saldhana <Anil.Saldhana@redhat.com>]

On 06/16/2010 12:10 PM, Emily Xu wrote:
> Revised based on Scott's correction.
>
> Thanks,
> Emily
> Emily Xu wrote:
>> Emily Xu wrote:
>>> Thomas Hardjono wrote:
>>>> Folks,
>>>>
>>>> Below is the proposed agenda for SSTC Call on June 15th.
>>>>
>>>> Please let us if you have additional items.
>>>>
>>>> Regards.
>>>>
>>>> Nate+Thomas
>>>> -----------
>>>>
>>>> _______________________________________________________
>>>>
>>>> Proposed Agenda SSTC Conference Call
>>>> Tuesday 15 June 2010, 12:00pm ET
>>>>
>>>> Call-in toll-free number (US/Canada): 866-699-3239.
>>>> Call-in toll number (US/Canada): 1-408-792-6300.
>>>> Attendee access code: 203 956 41.
>>>> See additional Webex Voice Info at end of Agenda.
>>>>
>>>>
>>>> AGENDA:
>>>>
>>>> 1. Roll Call & Agenda Review.
>>>>
Voting Members:
John Bradley     Individual
Scott Cantor     Internet2
Thomas Hardjono     M.I.T.
Thinh Nguyenphu     Nokia Siemens Networks GmbH & Co. KG
Phil Hunt     Oracle Corporation
Ari Kermaier     Oracle Corporation
Hal Lockhart     Oracle Corporation
Emily Xu     Oracle Corporation
Anil Saldhana     Red Hat
David Staggs     Veterans Health Administration


Members:
Rob Philpott      EMC Corporation
Anthony Nadalin     Microsoft Corporation
Federico Rossini     Telecom Italia S.p.a.

Status Changes: Tony Nadalin gains voting rights.  Frederick Hirsch 
loses voting rights.


>>> Quorum achieved ( 10 out of 14 voting members).
>>>> 2. Need a volunteer to take minutes.
>>> Emily Xu to do minutes.
>>>> 3. Approval of minutes from last meetings:
>>>>
>>>> Minutes from SSTC Call on 1 June 2010:
>>>> http://www.oasis-open.org/apps/org/workgroup/security/email/archives/201006/msg00013.html 
>>>>
>>>>
>>>>
>>> Approved unanimously.
>>>> 4. AIs & progress update on current work-items:
>>>>
>>>>   (a) Current electronic ballots: HOK Browser SSO.
>>>>
>>> The ballot wasn't approved.
>>> Approved unanimously to resubmit the ballot.
>>>
>>> AI: Thomas to resubmit it to OASIS.
>>>>   (b) Status/notes regarding past ballots: None.
>>> N/A
>>>>   (c) SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0 
>>>> as a CS
>>>>        - Status: Ballot open until Sun night 11pm EST.
>>>>        - Note: the new Oasis online ballot request.
>>> Save as 4(a).
>>>>   (d)  SAML V2.0 Holder-of-Key Assertion Profile Version 1.0
>>>>        - Status: CS-01 version of this doc is on WiKi.
>>>>        - AI: Thomas to ask Mary to move into Doc tree.
>>>>        - Status: still awaiting Mary.
>>>>
>>> Still waiting for Mary.
>>>>   (e) Kerberos related items. [Josh/Thomas]
>>>>         - Kerberos Web Browser SSO Profile:         - Status: In 
>>>> 60-day review.
>>>>
>>> Still in 60-day review. The review period will end soon.
>>>
>>>>   (f) Expressing Identity Assurance profile for SAML2.0 
>>>> (LOA)         - Status: In 60-day review.
>>> Still in 60-day review. Please review and submit comments.
>>> After the review period ends, Scott to prepare a proposal/suggestion 
>>> to restructure the draft.
>>>>   (g) Older docs: Thomas has formally asked Mary to post these 4 
>>>> docs (3/11th)
>>>>         (I) Protocol Extension for Third-Party Requests (CS-01)
>>>>        (II) Protocol Extension for Requested Authentication Context 
>>>> (CS-01)
>>>>        (III) Shared Credentials Authentication Context Extension 
>>>> and Related Classes (CS-01)
>>>>        (IV) Text-based Challenge/Response (CS-01)
>>>>         - Status: Still awaiting response from Mary.
>>> Still waiting for Mary.
>>> Scott: The links to approved erratas need to be changed.
>>> AI: Thomas to contact Mary to have them corrected.
>>>
>>>>   (h) NSN Attribute Management proposal (Thinh/Phil) - u[dates
>>>
>>> Phil: updated the doc. Some changes are: added three suggestions; 
>>> user provisioning related use cases; added subject to describe it 
>>> more; Response; DelineAttributes; new Status code; added processing 
>>> rules.
>>> Scott: account state management should not be addressed in SAML. It 
>>> is outside the domain of the standard.
>>> Phil: will remove/update it.
>>> Scott: be careful with anything related to state management in our spec
>>> Phil: changes to section around management nameid request?
>>> Scott: it's ok to reference it 
>> Thinh: should we move it to CD for more involvement?
>> Scott:   that wouldn't get more involvement. It is better for 
>> interested members to get others to read the draft. Phil expects 2 
>> more updates at least.  In particular, he wants to do a thorough 
>> review of processing rules. Scott: we may need to look at bindings 
>> and a profile.
> <Note from Scott: That was a comment in regards to the conformance 
> section, having to define the bindings that are MTI.>
>
>>>
>>> Phil: use case section is updated
>>> Thomas: the pictures regarding the usecases are very helpful.
>>> Federico will see if he could add some drawings to explain the use 
>>> cases from Telecom Italia.
>>>
>>>>   (i) SSO initiation draft (Scott) - update
>>>>       Status: Waiting to initiate public review of it and other 
>>>> documents.
>>>>
>>>
>>>>
>>>> 5. New work items: none.
>>>
> New draft:
>
> http://wiki.oasis-open.org/security/SAML2MetadataAlgSupport
>
>>>> 6. Assorted threads on saml-dev/comment list:
>>> None.
>>>> 7. Propose an SSTC Face-to-Face meeting for September 2010:
>>>>    - Awaiting for room confirmation.
>>> After getting the room confirmation, then we'll decide whether we 
>>> will have a Face-to-Face meeting or not.
>>>
>>>> 8. Next Call: Tuesday 19 June, 2010.
>>> Next call is June 29.
>>>
>>> Meeting adjourned.