security-services message

Subject: Corrected minutes for May 1, 2012 call
From: "Cantor, Scott" <cantor.2@osu.edu>
To: SAML <security-services@lists.oasis-open.org>
Date: Thu, 3 May 2012 17:36:03 +0000
Minutes corrected to include motion and vote for Approved Errata.

-- Scott

SSTC Conference Call Minutes
Tuesday 1 May 2012, 12:00pm ET
 
1. Roll Call 
 
[insert]
 
Quorum achieved
 
 
2. Need a volunteer to take minutes.
 
  David
Staggs offered to record the minutes
 
 
3. Approval of minutes from previous
meeting(s):
 
Minutes from SSTC Call on 3 April 2012 were
approved by unanimous consent:
http://lists.oasis-open.org/archives/security-services/201204/msg00008.html
  
Minutes from SSTC Call on 17 April 2012 are
attached by unanimous consent:
http://lists.oasis-open.org/archives/security-services/201204/msg00015.html
 
 
4. AIs & progress update on current
work-items:
 
  (a)
No current electronic ballots.
 
  (b)
No status/notes regarding past ballots.
 
  (c)
Metadata Extensions for Registration & Publication Info (Chad)
   - Information on the publication date will be
available soon.
 
  (d)
Metadata Extensions for Login and Discovery User Interface (MDUI) (Scott)
   - MDUI
has been published.  TC-Admin #896
 
  (e)
SAML2.0 Approved Errata (Scott)
   - No
comments received.  Scott moves to accept
CSD01 as Approved Errata.
http://docs.oasis-open.org/security/saml/v2.0/errata05/csd01/
Hal seconded. Motion passed.
 
  (f)
SAML 2.0.1 and Security Considerations doc
   - Long
discussion on plans.
        Main
points:
  Clean-up
of 2.0.1 and Security Considerations doc: incorporate material from errata.
  Address
the ³Simple SSO² profile where IdP initiates an unsolicited exchange.
Hal: must address how IdP knows which SP to
point to.  Scott: could include SP in the
request to IdP to initiate exchange. The profile would bypass the discovery
step and SP would not have to generate SAML token but still need
discussion on
security implementations.
  Consensus
for changes to 2.0.1. Scott volunteered to start WIKI page of the topics
that
would be added into the core documents for 2.0.1.  Some outreach to
Kantara Federation and Interoperability
group, e.g. IdP generated SSO would be beneficial.  There are several
candidate changes Scott
will organize on the WIKI for review and discussion including updates to
profiles, bindings and core documents.
 
     
- AI: Scott to start WIKI
page.
http://lists.oasis-open.org/archives/security-services/201203/msg00011.html
 
 
(g)  SSTC Webinar:
- Thomas proposed discussion after WIKI is
set up and the proposed 2.0.1 changes are discussed.  The proposed changes
would be included in the
content for the Webinar on the SSTC.
Initial topics could include extensions, simplified SSO, errata, etc.
 
  (h)
Enhancement for Dynamic Attribute Queries (David Chadwick)
     -
Discussion deferred until David Chadwick can be on the call.
http://lists.oasis-open.org/archives/security-services/201204/msg00009.html
 
 
5. Assorted mail items:
 
None.
 
 
6. Other items:
  - David
Staggs mentioned XSPA TC is reviewing the XSPA Profile of SAML for changes
based on its initial use.  AI: David to send e-mail on when XSPA
profile will be submitted to the SSTC.
 
 
7. Next SSTC Call: 
   -
Tue 15 May 2012. 
 
Meeting adjourned.