OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Proposed Minutes for SSTC Call (Tue 24 July 2012)

I have collected some data about SAML federation deployments in the context of Kantara's Global Trust Framework Survey. The last table on the page has a column "Technical Protocols", where one of the entries is "SAML". 

The "database" behind the page currently lists 68 SAML deployments, including those from refeds.terena.org.

- Rainer

Am 24.07.2012 um 18:31 schrieb Nate Klingenstein:

1. Roll Call & Agenda Review.

2. Need a volunteer to take minutes.

Nate volunteered to take the minutes.

3. Approval of minutes from previous meeting(s):

 - Minutes from SSTC Call on 10 July 2012:


Hal moved for the approval of the minutes and Scott seconded.  No objections; minutes approved and adopted.

4. AIs & progress update on current work-items:

(a) Current electronic ballots: (none)

(b) Status/notes regarding past ballots: (none)

(c) SAML 2.X and Security Considerations doc
    - Status: SSTC agrees to proceed on this in 2012.
    - AIs:
      o Scott to send proposals to the list for schema cleanup.


Scott has documents in hand that have most of the errata applied based on the original markup copies.  This will yield a clean set of documents from which to begin the SAML 2.X work.

He also drafted some close-to-consensus points about metadata requirements and added them to the Wiki.  [AI] Everyone is asked to review those points so they can become consensus instead.

He's further got a copy of the schema that he's starting to work on and he's playing with some regex patterns to see what can be done, such as requiring lengths for strings and so forth.

We're anticipate that we would need to use a newer document template(or retrofit the current documents), but we're not sure what other new OASIS requirements might apply to the specifications.  [AI] Thomas will ask TC-Admin.

 (d)  SSTC Webinar:
    - Proposed topic: scope of work for the 2.0.1 spec.
    - AI: Review Hal's draft slides.
    - AI: Group needs to decide webinar date.


The first question Hal raised is whether we could cobble together a slide to indicate the full scope of SAML deployment.  Everyone agrees that we "should", but nobody really could supply a list of deployments other than higher education federations.  There was also a reference to the Kantara list of products.  We're aware of large deployments in Europe and in the U.S. Government.

[AI] Nate will send Hal a few pointers describing deployments.

Scott would separately like to cover the improvements to the SAML specifications that will be possible based on the widespread deployment experience to date.

Hal is assuming he'll be delivering the presentation in concert with Dee from OASIS.  We plan on giving the presentation in September in order to avoid conflicting with August, also known as European Vacation Month.

 (e) Asynchronous Single Logout Protocol Extension (Chad)



There will be another working draft based on some comments that Scott supplied in a back channel.  Specifically, we'd like to place an attribute on an endpoint in metadata in order to indicate that the endpoint supports the asynchronous extension.

We expect to see working draft 2 in place for next week's call, and Chad is likely to request a vote at that point because the Shibboleth project actively needs to develop to the proposed specification.

 (f) XSPA updates (David S. & Duane)

Duane is still in the throes of cleaning up Draft 1 based on some comments generated during the XSPA TC's work on the profile.  There's also been an update of the HL7 vocabulary, so he's ensuring that all external references fit that new vocabulary set.

5. Assorted mail items:

6. Other items:
 - IETF in July 30th to 3 August, Vancouver.

7. Next SSTC Call:
 - Tuesday 7 August 2012.

We look forward to speaking with you then.

To unsubscribe, e-mail: security-services-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: security-services-help@lists.oasis-open.org

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]