Draft Minutes for SSTC Call (26 June 2012)

[Chad La Joie <lajoie@itumi.biz>]

On 6/25/12 10:24 AM, Thomas Hardjono wrote:
> 1. Roll Call & Agenda Review.

John Bradley, Ping Identity
Scott Cantor, Internet2
Duane DeCouteau, Veterans Health Administration
Frederick Hirsch, Nokia
Thomas Hardjono, MIT
Chad La Joie, Internet2
Nate Klingenstein, Internet2
Hal Lockhart, Oracle
Anil Saldhana, Red Hat
David Staggs, Jericho Systems

> 2. Need a volunteer to take minutes.
> 
> 3. Approval of minutes from previous meeting(s):
> 
>    - Minutes from SSTC Call on 12 June 2012: 
> 
> https://lists.oasis-open.org/archives/security-services/201206/msg00012.html

Nate moves to approve.  David Seconds.  No Objections.  Motion passes.

> 4. AIs & progress update on current work-items:
> 
>   (a) Current electronic ballots: (none)
> 
>   (b) Status/notes regarding past ballots: (none)
> 
>   (c) SAML 2.X and Security Considerations doc
>       - Status: SSTC agrees to proceed on this in 2012.
>       - AIs
>         o Move "Close to Consensus" material to "Agreement" section (done)

Completed

>         o Scott will send proposals to the list for schema cleanup.

Not yet complete, will be worked on once everyone agrees to what needs
to be done.

Scott expects most of the metadata items to be moved up to "agreement"
after discussion.

Scott: Seems to be a sense that requiring trust profile conformance at
the base level is going to far.  Is there agreement to require basic
metadata support in base level?

Hal: Oracle supports a constrained set for a base line.

Scott: We need to discuss which metadata extensions go in to the baseline.

Scott: IOP document likely to be a separate conformance level

Someone : Need to discuss whether there is a difference between use of
metadata for upfront config vs ongoing config

Scott: If it's not used for ongoing config it's not of much value.  Need
to call out specific exchange models to facilitate this.

Scott: Does anyone object to removing the DDDS/NAPTR material?

No objections raised.  Should check with NuStar as it came from them
originally. Scott will contact them and ask.

Scott: First bit of work for 2.1 is to apply the existing errata.  Ian
Young working on this and will hopefully have this completed in the next
couple weeks.

>   (d)  SSTC Webinar:
>       - Proposed topic: scope of work for the 2.0.1 spec.
>       - Status: group is close having enough to present. 
>       - Status: Hal offers to work on first-cut slides for this.

Not draft yet, should be available in the next couple of days and will
send to list.  We can discuss during the next meeting.

> 5. Assorted mail items:
> 
> 6. Other items:

XPA:
David: European organization is using the XPA profile.  An organization
will be using it for transmission of consent.  That work will be brought
to the group once it gets under way.

Dwayne: Also working with XPA with Veterans Affairs and others.

Goal is to get the XPA profile/changes to the committee by the next meeting.

> 
> 7. Next SSTC Call: 
>    - Tuesday 10 July 2012. 


-- 
Chad La Joie
www.itumi.biz
trusted identities, delivered