Subject: Re: [security-services] Minutes for SSTC Telecon (18 Oct 2011)
On 10/18/2011 12:07 PM, Nguyenphu, Thinh (NSN - US/Irving) wrote:
Minutes for SSTC call: 18 Oct 2011 1. Roll Call& Agenda Review. [Note] quorum is established.
Roll Call: Internet2 Scott Cantor Nokia Corporation Frederick Hirsch Internet2 Nathan Klingenstein Internet2 Chad La Joie Oracle Hal Lockhart IBM Gregory Neven Nokia Siemens Networks GmbH & Co. KG Thinh Nguyenphu Red Hat Kenneth Peeples Red Hat Anil Saldhana Quorum: 7 out of 9 voting members (77%): Achieved. Status Changes: none
2. Need a volunteer to take minutes. [Note] Thinh Nguyenphu volunteered 3. Approval of minutes from last meetings: Minutes from SSTC Call on 20 Sept 2011: http://lists.oasis-open.org/archives/security-services/201109/msg00008.h tml [Note] approved Minutes from SSTC Call on 20 Sept 2011: http://lists.oasis-open.org/archives/security-services/201110/msg00004.h tml [Note] approved 4. AIs& progress update on current work-items: (a) Current electronic ballots: (none) (b) Status/notes regarding past ballots: (none) (c) Session Token Profile (Hal) - Status: Hal already submitted request for CSD and 15-day PR. - Status: 15-day PR from 3 Oct to 18 Oct 2011. http://lists.oasis-open.org/archives/security-services/201110/msg00006.h tml [Note] Hal reports PR ends today, and document only received two editorial comments by TCAdmin, which were minor comments. (d) Attribute Predicate Profile (Gregory/Franz-Stefan) - Status: 30-day PR from 15 Oct to 14 Nov 2011. http://lists.oasis-open.org/archives/security-services/201110/msg00008.h tml [Note] Gregory: PR just started. (e) Kerberos profiles [3 items] (Josh/Thomas) - Status: Committee Specification creation requested. - Status: Tickets TCADMIN-664, 665, 666. [Note] Still waiting for TCAdmin to creating committee specification. (f) Change Notify Protocol Version 1.0 (Thinh/Phil) - Status: Committee Specification creation requested. - Status: Tickets TCADMIN-696 - in process. [Note] Thinh: no update, waiting for TCAdmin. (g) Channel binding proposal (Scott) - Status: awaiting other items in other groups. - Any updates? [Note] no update today. (h) Enhanced Client or Proxy Profile (Scott) - Status: work waiting for items in IETF Kitten WG. - Any updates? [Note] no update today. (i) Metadata Extensions for Documentation/Registration (Chad) - Status: 15-day PR from 3 Oct to 2 Nov 2011. http://lists.oasis-open.org/archives/security-services/201110/msg00005.h tml [Note] Chad: During PR, the document receives one comments. The response to the comment is available at http://wiki.oasis-open.org/security/PublicComments20111003-20111102. Mostly, there will be a new revision. (j) Metadata Extensions for Login and Discovery User (MDUI) (Scott) - Status: 30-day PR from 14 Oct to 13 Nov 2011. http://lists.oasis-open.org/archives/security-services/201110/msg00007.h tml [Note] Scott: The document receives one comment. The comment resolution is available at http://wiki.oasis-open.org/security/PublicComments20111014-20111113 5. Assorted mail items: 6. Other items: - IIW in October (17-19 Oct). - Kerberos Conference at MIT (Last week of Oct): Hal: There will be excellent panel on Tuesday. The panel will feature three past SAML co-chair. It will have great discussion on federation, SAML, Kerberos, etc. - New security paper: Scott and Hall reported on new security paper from Germany. New security paper published from Germany, which identify potential SAML security risk. The security paper, How to break XML encryption, will be presented at ACM conference CCS 2011. The paper documented some new techniques of attach SAML security assertion. It may provides some recommendation to mitigate the problem. It is recommended that members of SS TC to review the document and we can discuss further meeting. 7. Next SSTC Call: - Tue 1 November 2011. _______________________________________________________ --------------------------------------------------------------------- To unsubscribe, e-mail: firstname.lastname@example.org For additional commands, e-mail: email@example.com