OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Draft Minutes SSTC Telecon (Tue 29 May 2012)

Draft Minutes SSTC Conference Call, Tuesday 29 May 2012, 12:00pm ET

> 1. Roll Call & Agenda Review.

To be added.

> 2. Need a volunteer to take minutes.

Frederick Hirsch volunteered to take minutes

> 3. Approval of minutes from previous meeting(s):
>   - Minutes from SSTC Call on 15 May 2012: 
> http://lists.oasis-open.org/archives/security-services/201205/msg00004.html

David Staggs moved to approve minutes, Second Scott.

Minutes approved and accepted.

> 4. AIs & progress update on current work-items:
>  (a) Current electronic ballots: (none)

no ballots open

>  (b) Status/notes regarding past ballots: (none)

no ballots open

Reminder Board election.

>  (c) SAML2.0 Approved Errata 0.5
>      - Status: published
> http://lists.oasis-open.org/archives/security-services/201205/msg00008.html

Has been published. No question or discussion.

>  (d) SAML Metadata Extensions for Registration and Pub Information V1.0
>      - Status: published
> http://lists.oasis-open.org/archives/security-services/201205/msg00007.html

Has been published. No question or discussion.

>  (e) SAML 2.0.1 and Security Considerations doc
>      - Status: SSTC agrees to proceed on this in 2012.
>      - Issues: Should metadata and trust exchange frameworks 
>                be made mandatory.
>      - Status: Scott has emailed a proposal to the list.
>      - AI:  Scott to start a "SAML2.x Planning Wiki Page" with 
>             list of items and/or changes to go into SAML2.x
> http://lists.oasis-open.org/archives/security-services/201203/msg00011.html

Scott posted link to wiki, summarized discussion by topic and degree of agreement. Some items are open discussion points. Please review and update page as needed.


Goal is to effectively define agreed goals for next version. 

Scott: In agreement section "compatibility" used instead of "conformance" due to existing implementations.

Scott: Items that are agreed have been discussed on a call, items in the close to agreement section have not been agreed on a call, even if not controversial. The list of profiles is those that appeared to have advocates in the group, or which might offer simplification. Expectation is to reference XML Signature 1.1 and XML Encryption 1.1 as part of update, looks like the schedules may align.

Thomas: what are dependencies on HTML5 or other web standards?

Scott: HTML5 progressing, not waiting for HTTP update..

Scott: it is valuable to also be clear on what we have chosen not to include in 2.1/2.0.1

Scott: Metadata is of concern to me so I documented this in detail; we may need to revisit metadata use cases to drive interest

Scott: A lot of implementation questions focus on some of the core requirements around strings, dates, URIs, and so forth, and their XML representations. We can deal with this by being clearer in the specification.
This matters for metadata, as validation occurs often, so we need to be very clear, and tighten constraints in the XML Schema for metadata. My opinion is that we could do it so that normative behavior of the specification, the lexical space of allowed documents, stays the same even if schema is changed to provide better error reporting.

Hal: focusing on SSO details, some questions

Scott:  I understand some of those, will document

Hal: there are coding tricks such as packaging post message with javascript as well, to use javascript against post, sometimes needed, but not documented

Scott: this was out of scope of the binding....

Hal: seems like an implementation choice that should be documented.

Scott: Some of this could be implementation guidelines, but not sure it is needed

Frederick: could this be an item for the wiki?

Hal: I can add it

Hal: only part of browser behavior is defined by RFC, there are also unwritten behaviors

Scott: suggest voting members send support or concerns about moving "close to agreement" to "agreement" section, also to review other sections

Thomas: what about those no longer on SSTC mailing list

Scott: we can share proposal once we have more agreement, they can respond via feedback form

>  (f)  SSTC Webinar:
>      - Proposed topic: scope of work for the 2.0.1 spec.
>      - AI: Thomas to email Dee to suggest dates (around the 1st week of 
>            June on the planned work in 2.x). 
>            Audience assumed to be SAML-knowledgeable.
>      - Status: need further group discussion & planning.

Thomas: webinar useful for outreach for 2.x, as long as clear on our plans

Hal: Wiki provides good basis for webinar, as long as clear on status

Thomas: planning for end of June?

Scott: need more discussion on list first

Thomas: could move later

Scott: or share where we are at that time

Hal: we are close, want feedback about items under consideration

> 5. Assorted mail items:
> 6. Other items:

No other issues of concern. No other business.

> 7. Next SSTC Call: 
>   - Tuesday 12 June 2012. 
> ______________________________________________________

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]