OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Corrected Minutes from 10/16/2012 -- Proposed Minutes SSTC Telecon (Tue 10/16/2012)

[Please let me know if they are more bugs/typos]

Proposed Minutes SSTC Telecon (Tue 10/16/2012) - Corrected

1. Roll Call & Agenda Review.

Frederick Hirsch
Chad La joie
Anil Saldhana
Nate Klingenstein
Scott Cantor
Hal Lockhart
Ian Young
Mohammad Jafari
Thomas Hardjono
John Bradley

Agenda: add Hal's email about metadata format.

2. Need a volunteer to take minutes.

Thomas taking minutes.

3. Approval of minutes from previous meeting(s):

   - Minutes from SSTC Call on 18 September 2012:

Motion:  Chad.
Second: Hal.
No objections. Motion passes.

4. AIs & progress update on current work-items:

(i) Support of SAML for metadata in other formats

- Background:  during the recent Webinar on SAML2.1 Hal received a question from the audience regarding the possible use of metadata expressed in other formats, and whether SAML could support it. See email on the list:  

- Hal clarified by stating that the question pertains only to Metadata portion.  We already have various formats for metadata in other protocols.  So the questions becomes: is such a thing (metadata in other formats) useful for this TC? Expressing metadata in JSON for example, is not difficult.

- There is a project called Global Federated Identity and Privilege Management (GFIPM). Chad asks why they don't use SAML metadata as we want to know why that is.

- Nate states that he is aware of GFIPM, and takes an AI to reach-out to that community.

- John Bradley: the OIDC (OpenID-Connect) and folks such as Roland Hedberg are looking into other formats for metadata in the OIDC.  JohnB suggest that it would be beneficial for everyone to have a canonical metadata format that could be used across systems. The OIDC has not mandated the use of XML parsers, so it is difficult to mandate the usage of entity-descriptors in XML (which thus requires XML parsers). And so in the OIDC community it makes sense to use JSON format (for metadata).

- Scott suggest that it would make more sense to have something like SAML metadata but with a wider applicability, since it is too difficult to get existing softwares to speak JSON.  JohnB: likes the SAML format (since it is canonical, can be signed, etc), and suggest perhaps leaving only the entity descriptors to be in JSON format. Scott: there exists a number of discovery tools that make use of SAML metadata, but it will be difficult to determine *which parts* of the metadata should be expressed in JSON. Scott suggest that a better approach to discovery is using domain-based lookup.

- Hal: reiterates that SAML2.1 is making metadata mandatory, so we need to provide a better answer (than what was given in the Webinar).  Hal suggests to expand that question/exploration to the wider community.

- JohnB suggest that alternate metadata formats need not be tightly-coupled with SAML or XML.  For example: 3rd party issued attribute statements.  Nate states that the XRD/XRDS efforts tried that approach but did not work.

- Scott suggest that the SSTC needs to wait for a concrete proposal (brought to the SSTC), and not for the SSTC to pre-empt discussions in the other communities (eg. OIDC community). JohnB states that with the growing deployments of OIDC, we can anticipate that Attribute Providers may be seeking a single metadata format (that would be supported by different protocols). Thomas states that since we are doing SAML2.1, perhaps we need to wait for new spec contributions.

- JohnB states that OIDC has a metadata format for individual IdPs, but for a Centralized IdP approach there are a couple of proposals making its way in the OIDC community. So a decision has not yet been made there. JohnB states that it's the "SAML people" in OIDC that desire the centralized approach.  Scott states there is a lack of progress to launch trust federations in other areas other than Higher Education.

- Thomas asks JohnB for AI, if JohnB could be go-between, and also to communicate with folks during the IETF Atlanta in November. Scott and Thomas plan to be at IETF Atlanta.

(ii) SAML2.1:

- Scott states that his time has become limited since he has taken-on a new role (busy until towards end of 2013).  Chad should still be able to contribute.  Also hoping that Ian Young can contribute.

- No updates on SAML2.1.

- SAML2.1 Wiki: the Agreement Section is ok.  Scott hopes to hand-off initial docs to Chad and Ian.

(iii)  Webinar:

-  Hal:  Webinar went well.  Over 70+ people connected online. The only impacting issue seems to be the metadata format question. Would have been good if we had a better answer for that question. Scott indicated that it would be better if we had a back-channel like a live chat room to ask questions. Hal suggest for next time we should use a back-channel (eg. chat room).

- Hal received some follow-up questions.  One  of them was about whether it was illegal to use alternate metadata in SAML2.0. The answer is: No.

(iv) Asynchronous Single Logout Protocol Extension (Scott):  Now in 30 day Public Review.

(v) Other items:

- Thomas says that IIW in Mountain View CA is next week, followed by the MIT Kerberos Conference (week after), and followed by the IETF in Atlanta (first week of November).

o Meeting adjourns at 12:49PM.


Thomas Hardjono
MIT Kerberos Consortium
email:  hardjono[at]mit.edu
mobile: +1 781-729-9559

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]