[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: draft minutes for SSTC conf call 7 Sep 2010
I never got attendance info from anyone, but here are meeting minutes. - RL "Bob" --- SSTC Conference Call Tuesday 7 Sept 2010, 12:00pm ET AGENDA: 1. Roll Call & Agenda Review. 2. Need a volunteer to take minutes. ** Your humble scribe: RL "Bob" Morgan 3. Approval of minutes from last meetings: Minutes from SSTC Call on 24 August 2010: http://www.oasis-open.org/apps/org/workgroup/security/email/archives/201008/msg00061.html ** motion to approve from Nate, second JohnB, no objections. 4. AIs & progress update on current work-items: (a) Current electronic ballots: None. (b) Status/notes regarding past ballots: None. (c) SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0 as a CS - Status: Thomas has asked Mary for CS edition to be created and published. (2 Sept) (d) SAML V2.0 Holder-of-Key Assertion Profile Version 1.0 - Status: Thomas has asked Mary for CS edition to be created and published. (2 Sept) ** AI: Nate will update wiki to reflect current state of these documents. (e) Kerberos related items. [Josh/Thomas] - Kerberos Attribute Profile: - AI: Josh/Thomas will suggest additions to Attribute Profile. Item still outstanding to deal with reference to Internet Draft document, this is still TBD. (f) SAML V2.0 Identity Assurance Profiles, Version 1.0 - Status: Now in 15-day review. (Closes 10 Sept) (g) SAML V2.0 Metadata Profile for Algorithm Support Version 1.0: - Status: now in 60-day public review. (Closes 13 October) - Any updates? (h) Service Provider Request Initiation Protocol and Profile Version 1.0 - Status: now in 60-day public review. (Closes 13 October) - Any updates? No comments observed so far. Scott says there are errors in examples in one of the docs, he will fix. (i) NSN Attribute Management proposal (Thinh/Phil) - any updates? Discussion: Thinh: [explains telephony use case] Scott: still don't understand use case from security point of view, seems to compromise security of SSO Thinh: what if IdP doesn't want to give federated ID to SP? Scott: then it's an error, or use some other ID as an attr or nameID doesn't seem like there's a unique requirement here raised before as "SP lite" scenario, ie no state maintained at SP GeorgeF: SP doesn't want federated ID, but why? Thinh: could be just a limitation of SP, an old architecture [more discussion of use case ...] GeorgeF: seems like NameIdentifier Management Protocol covers this case Scott: though this still doesn't remove mapping burden from SP Ari: if the SP is really proxying IdP, this case could apply ... Ari: could SP send persistent opaque nameID in request? Scott: sure, not typically done, but OK this is more about changing what IdP implementations do than creating new protocol GeorgeF: as an IdP implementor, this would be a change ... Scott: could be possible use for AllowCreate flag in request ... [more discussion ...] Thinh: will look at these suggestions, will modify draft with Phil (j) SOA-TEL Token Correlation Profile (Federico/TI) - any updates? Federico: new version uploaded today, with several modifications and a use case in appendix to better motivate profile also contains some embedded questions ... Thomas: let's discuss new version on next call Scott: seems like this is just delegation, handled by existing protocol so no new feature needed this is the delegation-condition specification, which includes motivating cases Federico: some constraints in the stated case ... Scott: end result is the same, if it's going to be secure Federico: can we discuss on list? Scott: sure 5. New work items: - Project Moonshot (potential new work item) Josh not on call to discuss 6. Next Call: Tuesday 14 September, 2010. ** Actually 21 September, not 14.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]