Re: [security-services] Proposed Agenda for SSTC Telecon (7 February 2012)

[Anil Saldhana <Anil.Saldhana@redhat.com>]

_______________________________________________________

Proposed Agenda SSTC Conference Call
Tuesday 7 February 2012, 12:00pm ET

Call-in toll-free number (US/Canada): 1-866-699-3239.
Call-in toll number (US/Canada): 1-408-792-6300.
Access code: 649 646 419 #  (NEW)
Meeting Password: samlsaml.
Webex web join (see URL below).


AGENDA:

1. Roll Call&  Agenda Review.

Voting Members:  Hal, Thomas, Scott, Chad, John Bradley, Anil
Members: Ari Kermaier
Quorum: Achieved.  6 out of 8 voting members.

> 2. Need a volunteer to take minutes.
Anil volunteers.

> 3. Approval of minutes from previous meeting(s):
>
>     - Minutes from SSTC Call on 24 January 2012:
>
> http://lists.oasis-open.org/archives/security-services/201201/msg00024.html
Scott moves. John seconds.  Approved.

> 4. AIs&  progress update on current work-items:
>
>    (a) Current electronic ballots: (none)
>
>    (b) Status/notes regarding past ballots: (none)
>
>    (c) Kerberos Web browser SSO Profile (Josh/Thomas)
>        - Status: CS Ballot open until 7 Feb 2012.
Thomas:  Passed CS ballot.
>    (d) Metadata Extensions for Documentation/Registration (Chad)
>        - Status:  Admin ticket 827&  828.


Chad says no developments/updates.

>    (e) Metadata Extensions for Login and Discovery User (MDUI) (Scott)
>        - Status: WD10 uploaded.
>        - Status: CSD3 and open 15 day PR approved at 1/10/2012 telecon.
>        - Status: CS Ballot and PR request submitted to TC admin.


Scott says it is in the active ticket list.





>    (f) SAML2.0 Approved Errata (Scott)
>         - SECURITY-16 PE: Mitigation for XML Encryption CBC deficiencies
>         - Status: Scott plans to work on this.

Scott is working on updating the errata. Better to start the approval work
for the errata unless there are urgent action items to update the errata.
Look for WD in 2 days.

>    (g) SAML 2.0.1 and Security Considerations doc
>        - Status: SSTC agrees to proceed on this in 2012.
>        - Status: Continue discussion.

Hal: last time, we agreed that conformance would be the biggest challenge compared to security considerations.
     We need a proposal to begin the process to create a document.

Scott: I can work on a new doc only if metadata and trust exchange frameworks are made mandatory.
       We want products to be interoperable via metadata exchange.
       Will write a proposal via email.

John: Agree with Scott that until Metadata is made part of conformance, we are going to have the same challenges in future.
      Nothing gets the vendors' attention than a conformance clause.


> 5. Assorted mail items:
>     - Privacy Preserving Attribute Verification (Prateek)

Hal: Anil John is not on the call. Will communicate with him. Suggest dropping it until something pops up.


> 6. Other items:
>     - RSA conference 2012.


Hal: XACML showcase. KMIP interop. Oasis will have booths.
John: OpenID Connect on friday around RSA location. (Location: Microsoft location in downtown SF).
      IIW community event on monday.


> 7. Next SSTC Call:
>     - Tue 21 Feb 2012.
>