OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: Proposed Agenda for SSTC Call (8 Feb 2011)

Quorum was achieved with nearly full attendance.

> 2. Need a volunteer to take minutes.

Nate volunteered to take minutes.

> 3. Approval of minutes from last meetings:
> - Minutes from SSTC Call on 25 January 2010:
> http://www.oasis-open.org/apps/org/workgroup/security/email/archives/201101/msg00020.html

Scott moved to approve the minutes; Frederick seconded.  No objections  
were registered and the minutes were approved.

>  (c) Kerberos Attribute Profile: [Josh/Thomas]
>      - Status: Request submitted for 15-day Public Review.
>      - Status: Thomas submitted CSD request to Oasis on 15 Dec 2010.
>      - Status: CSD Published.

The SSTC has approved both these requests, but Thomas waited until the  
CSD request had been published before requesting the 15 day review.   
He'll submit the review today.

>  (d) SAML V2.0 Metadata Profile for Algorithm Support Version 1.0:
>      - Status: seeking to move to CS status.
>      - AI: Ballot request submitted 26 Jan 2011.

The ballot hasn't been created yet.

>  (e) Session Token Profile (Hal)
>      - Status: New version WD04 uploaded.
>      - Status: Wish to request CD Ballot.

Hal has uploaded a new version of the Session Token Profile.  Scott  
still wants some time to evaluate the document, suggesting there may  
be some changes to attribute namespaces that would be necessary and  
normative changes.  Hal is comfortable with deferral until Scott can  
get his feedback submitted.

>  (f) Change Notify Protocol Version 1.0 (Thinh/Phil)
>      - AI: Seeking to move to CSD status.
>      - Status: Thomas submitted CSD request to Oasis on 15 Dec 2010.
>      - Status: CSD Published.

No further updates.

>  (g) Channel binding proposal (Scott)
>      - Any updates?

No updates.  Scott won't be ready to take this draft forward until he  
gets some other work done in other working groups.

>  (h) Metadata extension for Login/Discovery (Scott)
>      - Status: Thomas submitted CSD request to Oasis on 15 Dec 2010.
>      - Status: awaiting response from Oasis.
>      - #339 on Oasis Issues Tracker: http://tinyurl.com/47yta4p

This is still being processed by TC Admin.

>  (i) Enhanced Client or Proxy Profile (Scott)
>      - Any updates?

Not yet, but Scott hopes to have a new draft ready by the next call.

>  (j) Metadata Extensions for Documentation/Registration (Chad)
>      - WD02 uploaded before Christmas.
>      - Any updates?

Chad doesn't have any updates.  As far as he's aware there hasn't been  
much review of the draft.  Scott suggested the strongest review of  
documents comes at the CD phase, but if there are specific items that  
he wants examined before moving to CD, simply flagging them on the  
email list will usually elicit feedback.

Chad will give it another once-over before moving this towards CD  
status, but he may be ready to so move in a couple calls.

> 5. Assorted mail items:
>   - NIST IDtrust 2011

There was a call for posters that went out.

>   - RSA conference 2011

A handful of SSTC members will be at the RSA conference and hope to  
encounter each other on the floor somewhere.

> 6. Other items:

Scott has an errata to review and may have some other errata to bring  
forward later.


The basic objection has been to the word "pseudorandom", which has a  
technical connotation, particularly in the SAML specification because  
it would confer protection against value collision.  If that  
requirement were to be imposed on persistent NameID .  The  
distinction, as Hal put it, is between an unguessable value and a  
globally unique value.

Scott is proposing alternative language that does a better job of  
capturing the SSTC's original intent.

If the text is acceptable, then it can be marked accepted in JIRA and  
it would be added to the next approved errata draft, which is still  
some way off at this time.  No formal vote is necessary, but he'd like  
resolution of the TC to accept the proposal.  A few SSTC members  
wanted a little more time to review the text, so he'd like to have it  
on the agenda for an upcoming call.

> 7. Next SSTC Call:
>   - 22 February 2011

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]