OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [security-services] Re: Proposed Agenda for SSTC Call (8 Feb2011)


On 02/08/2011 11:42 AM, Nate Klingenstein wrote:
> Sent out with incomplete parsing of the discussion about 
> pseudo-randomness and persistent NameID's.  Please use this amended 
> version.
>
> ------------
>
> Quorum was achieved with nearly full attendance.


Voting Members:-
Rob Philpott     EMC Corporation
Scott Cantor     Internet2
Nathan Klingenstein     Internet2
Chad La Joie     Internet2
Thomas Hardjono     M.I.T.
Frederick Hirsch     Nokia Corporation
Phil Hunt     Oracle Corporation
Hal Lockhart     Oracle Corporation
Emily Xu     Oracle Corporation
Anil Saldhana     Red Hat
David Staggs     Veterans Health Administration

Members:
Ari Kermaier     Oracle Corporation

Quorum: 11 out of 13 voting members : 84%
Status:  Ari regains voting rights.


>
>> 2. Need a volunteer to take minutes.
>
> Nate volunteered to take minutes.
>
>> 3. Approval of minutes from last meetings:
>>
>> - Minutes from SSTC Call on 25 January 2010:
>>
>> http://www.oasis-open.org/apps/org/workgroup/security/email/archives/201101/msg00020.html 
>>
>
> Scott moved to approve the minutes; Frederick seconded.  No objections 
> were registered and the minutes were approved.
>
>> (c) Kerberos Attribute Profile: [Josh/Thomas]
>>     - Status: Request submitted for 15-day Public Review.
>>     - Status: Thomas submitted CSD request to Oasis on 15 Dec 2010.
>>     - Status: CSD Published.
>
> The SSTC has approved both these requests, but Thomas waited until the 
> CSD request had been published before requesting the 15 day review.  
> He'll submit the review today.
>
>> (d) SAML V2.0 Metadata Profile for Algorithm Support Version 1.0:
>>     - Status: seeking to move to CS status.
>>     - AI: Ballot request submitted 26 Jan 2011.
>
> The ballot hasn't been created yet.
>
>> (e) Session Token Profile (Hal)
>>     - Status: New version WD04 uploaded.
>>     - Status: Wish to request CD Ballot.
>
> Hal has uploaded a new version of the Session Token Profile.  Scott 
> still wants some time to evaluate the document, suggesting there may 
> be some changes to attribute namespaces that would be necessary and 
> normative changes.  Hal is comfortable with deferral until Scott can 
> get his feedback submitted.
>
>> (f) Change Notify Protocol Version 1.0 (Thinh/Phil)
>>     - AI: Seeking to move to CSD status.
>>     - Status: Thomas submitted CSD request to Oasis on 15 Dec 2010.
>>     - Status: CSD Published.
>
> No further updates.
>
>> (g) Channel binding proposal (Scott)
>>     - Any updates?
>
> No updates.  Scott won't be ready to take this draft forward until he 
> gets some other work done in other working groups.
>
>> (h) Metadata extension for Login/Discovery (Scott)
>>     - Status: Thomas submitted CSD request to Oasis on 15 Dec 2010.
>>     - Status: awaiting response from Oasis.
>>     - #339 on Oasis Issues Tracker: http://tinyurl.com/47yta4p
>
> This is still being processed by TC Admin.
>
>> (i) Enhanced Client or Proxy Profile (Scott)
>>     - Any updates?
>
> Not yet, but Scott hopes to have a new draft ready by the next call.
>
>> (j) Metadata Extensions for Documentation/Registration (Chad)
>>     - WD02 uploaded before Christmas.
>>     - Any updates?
>
> Chad doesn't have any updates.  As far as he's aware there hasn't been 
> much review of the draft.  Scott suggested the strongest review of 
> documents comes at the CD phase, but if there are specific items that 
> he wants examined before moving to CD, simply flagging them on the 
> email list will usually elicit feedback.
>
> Chad will give it another once-over before moving this towards CD 
> status, but he may be ready to so move in a couple calls.
>
>> 5. Assorted mail items:
>>  - NIST IDtrust 2011
>
> There was a call for posters that went out.
>
>>  - RSA conference 2011
>
> A handful of SSTC members will be at the RSA conference and hope to 
> encounter each other on the floor somewhere.
>
>> 6. Other items:
>
> Scott has an errata to review and may have some other errata to bring 
> forward later.
>
> http://tools.oasis-open.org/issues/browse/SECURITY-7
>
> The basic objection has been to the use of the word "pseudorandom" in 
> the requirements for a persistent NameID.  "Pseudorandom" has a 
> technical connotation, particularly in the SAML specification, that it 
> would confer protection against value collision.  That requirement was 
> not intended to be imposed on persistent NameID's, which just need to 
> be unique and prevent successful guessing of the underlying identity.
>
> Scott is proposing alternative language that does a better job of 
> capturing the SSTC's original intent.
>
> If the text is acceptable, then it can be marked accepted in JIRA and 
> it would be added to the next approved errata draft, which is still 
> some way off at this time.  No formal vote is necessary, but he'd like 
> resolution of the TC to accept the proposal.  A few SSTC members 
> wanted a little more time to review the text, so he'd like to have it 
> on the agenda for an upcoming call.
>
>> 7. Next SSTC Call:
>>  - 22 February 2011


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]