Yea, XACML policy was actually shown as part of several presentations, it seemed that quite a few members of the Tiger team were very familiar with SAML and
XACML in detail, and some were lost in any technical detail and just wanted to discuss public policy
From: Staggs, David (SAIC) [mailto:David.Staggs@va.gov]
Sent: Wednesday, June 30, 2010 7:36 AM
To: Anthony Nadalin; Anil Saldhana; OASIS SSTC
Cc: Dee Schur
Subject: RE: [security-services] XSPA Profile of SAML for Healthcare
Hi Tony
That was a remarkable hearing, although I only listened to the afternoon session, which included the XSPA demonstration. The XSPA Profiles of SAML and XACML were
presented to the HIT Policy Committee “tiger team” who are responsible for setting US policy with regards to electronic healthcare. I had heard rumors that the tiger team convened thinking REST was the way forward and that the HITSP recommendations were overly
complex. This was an opportunity to show web services and SOA in real time using severs across the globe – and we succeeded.
I’m surprise we mentioned the word “XACML” at all in our quarter; we were aiming for a less technical crowd. But notice the focus was on the exchange between healthcare
organizations (which in our model requires SAML). I think “OASIS,” “XSPA,” and apparently “XACML” will now work there way into the solutions considered for the EHR problem set. I also heard others giving testimony during the Q&A stating they are adopting
OASIS XSPA. So, implicitly, SAML and WS-Trust will be included in the solution set.
I think both the SAML and XACML TCs should be pleased that they have made such an impact on the electronic delivery of healthcare. Apparently, from my interpretation
of the discussion, the next hot topic will be “ontologies” which might be a good discussion topic.
David Staggs, JD, CISSP (SAIC)
Veterans Health Administration
Chief Health Informatics Office
Standards and Interoperability
Office: 858 433 1473
From: Anthony Nadalin [mailto:tonynad@microsoft.com]
Sent: Tuesday, June 29, 2010 8:28 PM
To: Anil Saldhana; 'OASIS SSTC'
Subject: RE: [security-services] XSPA Profile of SAML for Healthcare
I was there today, the main emphasis seemed to be around XACML for rendering the consent policy from several of the vendors/deployers
From: Anil Saldhana [mailto:Anil.Saldhana@redhat.com]
Sent: Tuesday, June 29, 2010 9:20 AM
To: 'OASIS SSTC'
Subject: [security-services] XSPA Profile of SAML for Healthcare
Just changing the subject of the email for archival retrieval in future.
-------- Original Message --------
Colleagues,
There is a presentation today (June 29, 2010) of the XSPA Profile of
SAML for Healthcare to the Health Information Technology Policy
Committee. The presentation starts at 2:30 EST:
http://nmr.rampard.com/hit/20100629/default.html
Regards,
David
David Staggs, JD, CISSP (SAIC)
Veterans Health Administration
Chief Health Informatics Office
Standards and Interoperability
Office: 858 433 1473
-----Original Message-----
From: Anil Saldhana [mailto:Anil.Saldhana@redhat.com]
Sent: Tuesday, June 29, 2010 11:04 AM
To: security-services@lists.oasis-open.org
Subject: Re: [security-services] Proposed Agenda for SSTC Call (29 June
2010)
On 06/25/2010 01:39 PM, Thomas Hardjono wrote:
>
> Folks,
>
> Below is the proposed agenda for SSTC Call on June 29th.
>
> Please let us if you have additional items.
>
> Regards.
>
> Nate+Thomas
> -----------
>
> _______________________________________________________
>
> Proposed Agenda SSTC Conference Call
> Tuesday 29 June 2010, 12:00pm ET
>
> Call-in toll-free number (US/Canada): 866-699-3239.
> Call-in toll number (US/Canada): 1-408-792-6300.
> Attendee access code: 203 956 41.
> See additional Webex Voice Info at end of Agenda.
>
>
> AGENDA:
>
> 1. Roll Call& Agenda Review.
>
> 2. Need a volunteer to take minutes.
>
> 3. Approval of minutes from last meetings:
>
> Minutes from SSTC Call on 15 June 2010:
>
http://lists.oasis-open.org/archives/security-services/201006/msg00037.h
tml
> 4. AIs& progress update on current work-items:
>
> (a) Current electronic ballots: None
>
> (b) Status/notes regarding past ballots: None.
>
> (c) SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0 as
a CS
> - Status: New ballot has been requested.
>
http://www.oasis-open.org/apps/org/workgroup/security/email/archives/201
006/msg00032.html
>
>
> (d) SAML V2.0 Holder-of-Key Assertion Profile Version 1.0
> - Status: CS-01 version of this doc is on WiKi.
> - AI: Thomas to ask Mary to move into Doc tree.
> - Status: Awaiting Mary.
>
> (e) Kerberos related items. [Josh/Thomas]
> - Kerberos Web Browser SSO Profile:
> - Status: Public review period closed on 15 June 2010.
>
> (f) Expressing Identity Assurance profile for SAML2.0 (LOA)
> - Status: Public review period closed on 13 June 2010.
>
> (g) Older docs: Thomas has formally asked Mary to post these 4 docs
(3/11th)
> (I) Protocol Extension for Third-Party Requests (CS-01)
> (II) Protocol Extension for Requested Authentication Context
(CS-01)
> (III) Shared Credentials Authentication Context Extension and
Related Classes (CS-01)
> (IV) Text-based Challenge/Response (CS-01)
> - Status: Still awaiting response from Mary.
>
> (h) NSN Attribute Management proposal (Thinh/Phil) - any updates?
>
> (i) SSO initiation draft (Scott) - any updates?
>
>
> 5. New work items:
> - SOA-TEL token correlation document uploaded (Federico)
> - Please review doc for July 13th SSTC call.
>
>
http://www.oasis-open.org/committees/download.php/38374/sstc-saml-token%
20correlation-profile-v0.8.pdf
>
>
> 6. Assorted threads on saml-dev/comment list:
> - IETF Federated Authentication BOF (at July IETF meeting)
>
> 7. Propose an SSTC Face-to-Face meeting for September 2010:
> - Awaiting for room confirmation.
>
> 8. Next Call: Tuesday 13 July, 2010.
>
> _______________________________________________________
>
> WEBEX INFO: Voice only (no slides)
> -From: Thomas Hardjono [messenger@webex.com]
> -Sent: Monday, February 22, 2010 2:01 PM
> To: Thomas Hardjono
> Subject: (Forward to attendees) Meeting invitation: Oasis SSTC
Bi-Weekly call
>
> **** You can forward this email invitation to attendees ****
>
> Hello ,
>
> Thomas Hardjono invites you to join this meeting.
>
> Topic: Oasis SSTC Bi-Weekly call
> Date: Every 2 weeks on Tuesday, from Tuesday, February 23, 2010 to
Tuesday, February 22, 2011
> Time: 12:00 pm, Eastern Standard Time (New York, GMT-05:00) Meeting
Password: samlsaml (required only for viewing meeting information
online)
>
> -------------------------------------------------------
> To join the teleconference
> -------------------------------------------------------
> Call-in toll-free number (US/Canada): 866-699-3239.
> Call-in toll number (US/Canada): 1-408-792-6300.
> Attendee access code: 203 956 41.
>
> Backup call-in toll number (US/Canada)*: 1-408-792-6300.
>
> Global call-in numbers:
https://mitweb.webex.com/mitweb/globalcallin.php?serviceType=MC&ED=12153
1977&tollFree=1
> Toll-free dialing restrictions:
http://www.webex.com/pdf/tollfree_restrictions.pdf
>
>
> * Backup call-in toll number (US/Canada) should only be used if the
primary number does not work.
>
> -------------------------------------------------------
> To view the meeting information in other time zones and languages
> -------------------------------------------------------
> 1. Go to
https://mitweb.webex.com/mitweb/j.php?ED=121531977&UID=0&PW=NNTM1ZjExNjB
j&ORT=MiMxMQ%3D%3D
> 2. Enter the meeting password: samlsaml (required only for viewing
meeting information online) 3. Click "OK".
>
> -------------------------------------------------------
> For assistance
> -------------------------------------------------------
> You can contact Thomas Hardjono at:
> hardjono[AT]mit.edu
> M: (781) 729-9559 [send text (faster), or call (slower)]
>
> To add this meeting to your calendar program (for example Microsoft
Outlook), click this link:
>
https://mitweb.webex.com/mitweb/j.php?ED=121531977&UID=0&ICS=MI&LD=1&RD=
2&ST=150&SHA2=n-oGARm-I0Eu1RsrOxwyjJ/VNIVl-VH2GDQDN2Hbn9g=&RT=MiMxMQ%3D%
3D
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php