Draft Meeting Minutes for March 8, 2011 Call

[Chad La Joie <lajoie@itumi.biz>]

1. Roll Call & Agenda Review.

Voting Members: TBD
Non-voting Members: TDB

Quorum achieved.


2. Need a volunteer to take minutes.

Chad will take notes.


3. Approval of minutes from last meetings:

- Minutes from SSTC Call on 22 Feb 2011:

http://www.oasis-open.org/apps/org/workgroup/security/email/archives/201103/msg00001.html

Minutes approved by motion brought by Nate and seconded by Anil.


4. AIs & progress update on current work-items:

 (a) Current electronic ballots: None.

Nothing to do.

 (b) Status/notes regarding past ballots: (none).

Nothing to do.

 (c) Kerberos Attribute Profile: [Josh/Thomas]
    - Status: Request submitted for 15-day Public Review.
    - Status: CSD Published. Awaiting 15-day review to start.
      http://tools.oasis-open.org/issues/browse/TCADMIN-398

Nothing to do.  Waiting for the public review.

 (d) SAML V2.0 Metadata Profile for Algorithm Support Version 1.0:
    - Status: Ballot passed.

http://www.oasis-open.org/apps/org/workgroup/security/email/archives/201102/msg00035.html

Nothing to do.  CSD process completed and published.  Can be removed
from the agenda.

 (e) Session Token Profile (Hal)
    - Status: New version WD06 uploaded.
    - Status: CSD Creation has been requested.

http://www.oasis-open.org/apps/org/workgroup/security/email/archives/201103/msg00002.html

Associated Jira requesting the publication of the CSD has been closed.
 Robin indicates that the publication will occur in 2-3 days.  30 day
PR will follow after this publication.

 (f) Change Notify Protocol Version 1.0 (Thinh/Phil)
    - AI: Seeking to move to CSD status.
    - Status: CSD Published.
    - AI: Thinh/Phil to submit request for 30-Day PR.

Request for 30 day PR has been made.  No announcement of the PR has
yet been made.
[AI] Thomas will followup with Robin to check on the status.

 (g) Channel binding proposal (Scott)
    - Status: awaiting other items in other groups.

No updates.

 (h) Metadata extension for Login/Discovery (Scott)
    - Status: Thomas submitted CSD request to Oasis on 15 Dec 2010.
    - Status: awaiting response from Oasis.
    - #339 on Oasis Issues Tracker
       http://tools.oasis-open.org/issues/browse/TCADMIN-339

CSD has been published.  Document will go through another editorial
cycle to correct some minor document process mistakes.

 (i) Enhanced Client or Proxy Profile (Scott)
    - Status: WD02 uploaded last week.

 http://www.oasis-open.org/apps/org/workgroup/security/email/archives/201102/msg00027.html

Nothing new to report.  Work on the referenced GSS mechanisms,
occurring in the IETF Kitten working group.  Once this work has been
completed the ECP document can move forward.

 (j) Metadata Extensions for Documentation/Registration (Chad)
    - WD02 uploaded before Christmas.
    - Status: wish to move to CD status soon.

WD03 released.  Scott noted that the current TC roster needed to be
added in the acknowledgment section.  Scott moved that the document be
approved for CSD with the condition that the acknowledgment section
was populated with the current TC roster.  Hal seconded the motion.

[AI] Chad will add the necessary information, produce WD04 and then
submit that for CSD publication.

 (k) Errata document (Scott):

    - SECURITY-7: wish to address usage of term "psudeorandom"
      o http://tools.oasis-open.org/issues/browse/SECURITY-7

Scott, sent a note to the list describing why he feels the currently
proposed text should remain unchanged.  There we no objection on the
call but Rob, who raised a concern on the mailing list, was not on the
call so Scott was uncomfortable marking this issue as resolved.  Rob
will be asked to raise any further objection on the list and if no
more objections are raised this item will be closed.

    - SECURITY-8: AttributeConsumingService.
      o http://tools.oasis-open.org/issues/browse/SECURITY-8
      o Status: Resolved.
      o See: http://www.oasis-open.org/apps/org/workgroup/security/email/archives/201102/msg00039.html

Item resolved, can be removed from future agenda.

    - SECURITY-9: Human-readability assumption of ServiceName.
http://www.oasis-open.org/apps/org/workgroup/security/email/archives/201103/msg00000.html

Scott sent an email about this to the list.  Current SAML spec
contains an OrganizationDisplayName element which notes that the data
is meant to be consumed by a human.  There is no ServiceDisplayName,
just ServiceName, so the proposal was to add the same text indicating
the value should be human readable. No one had any objections to
accepting his proposed resolution. Issue has been marked as resolved.


5. Assorted mail items:

IETF will occur in Prague in two weeks.  IDTrust 2011 notification
email was sent to the list.


6. Other items:

Thomas asked, on behalf of a European governmental health care
initiative, whether it was possible for people to use graphics from
SAML documents in other documents.  Hal noted that this was fine, that
all the SAML documents contain a copyright and license that allows for
derivative works.

Bob noted that the Kantara Interoperability group will soon be
releasing the report from their recent interop event.  This event
tested interop against the ICAM SAML profile.  Bob asked if there were
other profiles that the TC felt should be tested in the future.  Send
comments to TC list or Kantara Interoperability group.

David asked if Kantara would be a certifying authority for the FICAM
LOA 4 profile.  LOA 1-3 already certified.  Bob noted the difference
between interop testing and actual certification and noted that it
would be useful for the TC to be aware of such functions.  David will
send a note to the list with further questions.

-- 
Chad La Joie
www.itumi.biz
trusted identities, delivered