Subject: Re: [security-services] Minutes for SSTC Call (1 November 2011)
On 11/01/2011 11:52 AM, Hal Lockhart wrote:
Minutes SSTC Conference Call Tuesday 1 November, 2011, 12:00pm ET 1. Roll Call& Agenda Review.
Attendance:- Open Identity Exchange John Bradley Member Internet2 Scott Cantor Secretary AOL George Fletcher Member M.I.T. Thomas Hardjono Chair Oracle Hal Lockhart Secretary Microsoft Anthony Nadalin Member Red Hat Anil Saldhana Secretary Voting Members: 4 of 9 (44%)
Did not achieve quorum.2. Need a volunteer to take minutes.Hal taking minutes3. Approval of minutes from last meetings: Minutes from SSTC Call on 18 October 2011: http://lists.oasis-open.org/archives/security-services/201110/ msg00012.htmlDeferred.4. AIs& progress update on current work-items: (a) Current electronic ballots: (none) (b) Status/notes regarding past ballots: (none) (c) Session Token Profile (Hal) - Status: Hal already submitted request for CSD and 15-day PR. - Status: 15-day PR ended. Two minor comments received. http://lists.oasis-open.org/archives/security-services/201110/ msg00024.htmlHal to create electronic ballot to request TC admin to create Electronic ballot for CS vote on Session Token Profile.(d) Attribute Predicate Profile (Gregory/Franz-Stefan) - Status: 30-day PR from 15 Oct to 14 Nov 2011. http://lists.oasis-open.org/archives/security-services/201110/ msg00008.htmlNo new information.(e) Kerberos profiles [3 items] (Josh/Thomas) - Status: Two Committee Specifications published on 24 Oct 2011.Two out of three have been published. Third is in process.(f) Change Notify Protocol Version 1.0 (Thinh/Phil) - Status: Committee Specification creation requested. - Status: Tickets TCADMIN-696 - in process.No change.(g) Channel binding proposal (Scott) - Status: awaiting other items in other groups. - Any updates?No updates.(h) Enhanced Client or Proxy Profile (Scott) - Status: work waiting for items in IETF Kitten WG. - Any updates?No updates.(i) Metadata Extensions for Documentation/Registration (Chad) - Status: 15-day PR from 3 Oct to 2 Nov 2011. - Status: one comment was receoved duirng PR period. - AI: will revise document. http://wiki.oasis-open.org/security/PublicComments20111003-20111102.Message posted prior to call. http://lists.oasis-open.org/archives/security-services/201111/msg00001.html Will publish revised document.(j) Metadata Extensions for Login and Discovery User (MDUI) (Scott) - Status: 30-day PR from 14 Oct to 13 Nov 2011. - Status: One comment has already been received. http://wiki.oasis-open.org/security/PublicComments20111014-20111113Comments recorded in wiki page along with responses. Error in schema as shown in doc. Other corrections require a new update. Review is still in progress.5. Assorted mail items: 6. Other items:IETF meeting in Taipei - Of potential interest to SAML members: Oauth WG will meet (and perhaps recharter). Jose WG will also meet. Scott working on a new Errata Draft. Probably after New Years for approval. General discussion of recent attack on XML encryption. Scott feels SAML core should be modified to include advice on countermeasures. It was reported that Internet2 uses Assertion Encryption by Default. Ficam Profile requires encryption. Scott noted that the Security Considerations doc "is a mess" and he does not have time to do a rewrite. There is text left over from 1.1 as well as errors. It would be desirable for someone to take on the task of a rewrite. Hal7. Next SSTC Call: - Tue 15 November 2011.--------------------------------------------------------------------- To unsubscribe, e-mail: firstname.lastname@example.org For additional commands, e-mail: email@example.com