On 11/15/2011 01:07 PM, Nate Klingenstein wrote:
Via Gregory and Franz-Stefan and slightly touched up by yours
truly, here are the provisional minutes for the 15 November 2011
SSTC Conference Call. Thanks to them for taking the minutes,
and thanks to all for attending.
> AGENDA:
>
> 1. Roll Call& Agenda Review.
Internet2 Scott Cantor Secretary
M.I.T. Thomas Hardjono Chair
Internet2 Nathan Klingenstein Chair
Internet2 Chad La Joie Voting Member
Oracle Hal Lockhart Secretary
IBM Gregory Neven Member
Nokia Siemens Networks GmbH & Co. KG Thinh Nguyenphu
Voting Member
IBM Franz-Stefan Preiss Member
Red Hat Anil Saldhana Secretary
Status Changes: Frederick Hirsch lost voting rights
Quorum Achieved: 7 out of 9 voting members (77%)
>
> 2. Need a volunteer to take minutes.
Gregory Neven was volunteered.
> 3. Approval of minutes from last meetings:
>
> Minutes from SSTC Call on 18 October 2011:
Hal moved to accept the minutes, Scott seconded. No
objections. Minutes approved.
> http://lists.oasis-open.org/archives/security-services/201110/msg00012.html
>
> Minutes from SSTC Call on 1 November 2011:
Hal moved to accept the minutes, Scott seconded. No
objections. Minutes approved.
> http://lists.oasis-open.org/archives/security-services/201111/msg00010.html
>
>
>
> 4. AIs& progress update on current work-items:
>
> (a) Current electronic ballots: (none)
> (b) Status/notes regarding past ballots: (none)
>
> (c) Session Token Profile (Hal)
> - Status: Hal already submitted request for CSD
and 15-day PR.
> - Status: 15-day PR ended. Two minor comments
received.
> - Status: CS Ballot Request done (#744)
Thanks for voting, please vote on next ballot.
Anil will check to make sure whether roster is correct.
> http://lists.oasis-open.org/archives/security-services/201111/msg00022.html
>
>
> (d) Attribute Predicate Profile
(Gregory/Franz-Stefan)
> - Status: 30-day PR from 15 Oct to 14 Nov 2011.
> - Any updates?
>
> http://lists.oasis-open.org/archives/security-services/201110/msg00008.html
>
Franz-Stefan: 30-day public review just closed without
comments.
Franz-Stefan makes a motion to create a CS
ballot to advance the Attribute Predicate Profile CSPRD01 to
CS status.
Hal seconds. No objections. Motion approved.
Franz-Stefan and Gregory will create the
ballot request.
Hal: You need to post a summary of comments and changes
(i.e., none) to the list and reference that in the TC admin
request.
> (e) Kerberos Web browser SSO Profile (Josh/Thomas)
> - Status: CS publication delayed due to error
found in normative
> reference and in schema file.
> - AI:
> o Fix schema and normative reference.
> o Need to obtain approval as Committee Spec
Draft.
> o Then will start new 15-day PR.
Thomas:
Two documents published, third stuck because xsd file is
empty/blank.
Didn't change since Feb 2010.
Will pull back this draft and resubmit to sstc.
Scott: Schema is part of spec, so cannot have a normative
reference, as maturity level would be wrong. Also, you may
need to update the acknowledgements.
> (f) Change Notify Protocol Version 1.0 (Thinh/Phil)
> - Status: Committee Specification creation
requested.
> - Status: Tickets TCADMIN-696 - in process.
Thinh: Nothing to add.
> (g) Channel binding proposal (Scott)
> - Status: awaiting other items in other groups.
> - Any updates?
>
>
> (h) Enhanced Client or Proxy Profile (Scott)
> - Status: work waiting for items in IETF Kitten
WG.
> - Any updates?
Scott: Both being held in draft
for more experience being gained in implementation projects
going forward.
> (i) Metadata Extensions for
Documentation/Registration (Chad)
> - Status: 15-day PR from 3 Oct to 2 Nov 2011.
> - Status: one comment was received during PR
period.
> - AI: will revise document.
>
>
http://wiki.oasis-open.org/security/PublicComments20111003-20111102.
Chad:
Public review closed.
Some minor comments and typos.
Will fix and upload new WD.
Currently in limbo, may decide to keep it there for a while
to get implementation experience, or may decide to press
ahead with publication.
> (j) Metadata Extensions for Login and Discovery User
(MDUI) (Scott)
> - Status: 30-day PR from 14 Oct to 13 Nov 2011.
> - Status: One comment has already been received.
>
> http://wiki.oasis-open.org/security/PublicComments20111014-20111113
Scott:
Changes in response to comments.
Some implementations already out there in the field, which
is a practical constraint on the magnitude of changes we can
easily make now.
Try to have a revised edition done in near future.
Next step will be WD with the changes.
> (k) SAML2.0 Approved Errata
> - Status: wd-54 uploaded (Scott).
Scott:
Received couple more errata, will add those before going
back through review.
Intend to move this forward before or around end of year,
especially in light of possible security vulnerabilities in
existing implementations.
Red lines are getting crowded; would we want to go to SAML
2.1 in 2012?
May be better than piling up errata.
Nate: Not sure we want to change the actual minor version in
the protocol, but makes sense to make it easier for
implementers to read spec & errata. Prefers SAML 2.0.1.
Scott: Compatibility is a must. Security
considerations also needs considerable revision, somewhat
out of date. We might also want to significantly revise
conformance requirements, and that may take some time and
thought.
Hal: Would be useful to have a security
considerations markup document (without official status)
with sections that need fixing.
Nate: I'd like to offload as much potential 2.0.1 work as
possible from Scott, and that's one way to do it.
> 5. Assorted mail items:
>
> 6. Other items:
New agenda item: Clock Skew
Scott:
Periodically receive complaints of implementations that
don't allow clock skew.
Personally feel this is implementation guidelines material,
but e.g. Kerberos mentions it in standard.
Suggest to propose errata to
address this.
Opened issue and proposed resolution adding text to
beginning of document about dates and times, plus callback
into Conditions and SubjectConfirmation.
Nate: Change proposed text to include
"should be configurable." Give people 2 weeks to comment on
that.
> 7. Next SSTC Call:
> - Tue 29 November 2011.
|