[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Corrected Minutes from 10/16/2012 -- Proposed Minutes SSTC Telecon (Tue 10/16/2012)
[Please let me know if they are more bugs/typos] Proposed Minutes SSTC Telecon (Tue 10/16/2012) - Corrected ---------------------------------------------- 1. Roll Call & Agenda Review. Frederick Hirsch Chad La joie Anil Saldhana Nate Klingenstein Scott Cantor Hal Lockhart Ian Young Mohammad Jafari Thomas Hardjono John Bradley Agenda: add Hal's email about metadata format. 2. Need a volunteer to take minutes. Thomas taking minutes. 3. Approval of minutes from previous meeting(s): - Minutes from SSTC Call on 18 September 2012: https://lists.oasis-open.org/archives/security-services/201209/msg00022.html Motion: Chad. Second: Hal. No objections. Motion passes. 4. AIs & progress update on current work-items: (i) Support of SAML for metadata in other formats - Background: during the recent Webinar on SAML2.1 Hal received a question from the audience regarding the possible use of metadata expressed in other formats, and whether SAML could support it. See email on the list: https://lists.oasis-open.org/archives/security-services/201210/msg00005.html - Hal clarified by stating that the question pertains only to Metadata portion. We already have various formats for metadata in other protocols. So the questions becomes: is such a thing (metadata in other formats) useful for this TC? Expressing metadata in JSON for example, is not difficult. - There is a project called Global Federated Identity and Privilege Management (GFIPM). Chad asks why they don't use SAML metadata as we want to know why that is. - Nate states that he is aware of GFIPM, and takes an AI to reach-out to that community. - John Bradley: the OIDC (OpenID-Connect) and folks such as Roland Hedberg are looking into other formats for metadata in the OIDC. JohnB suggest that it would be beneficial for everyone to have a canonical metadata format that could be used across systems. The OIDC has not mandated the use of XML parsers, so it is difficult to mandate the usage of entity-descriptors in XML (which thus requires XML parsers). And so in the OIDC community it makes sense to use JSON format (for metadata). - Scott suggest that it would make more sense to have something like SAML metadata but with a wider applicability, since it is too difficult to get existing softwares to speak JSON. JohnB: likes the SAML format (since it is canonical, can be signed, etc), and suggest perhaps leaving only the entity descriptors to be in JSON format. Scott: there exists a number of discovery tools that make use of SAML metadata, but it will be difficult to determine *which parts* of the metadata should be expressed in JSON. Scott suggest that a better approach to discovery is using domain-based lookup. - Hal: reiterates that SAML2.1 is making metadata mandatory, so we need to provide a better answer (than what was given in the Webinar). Hal suggests to expand that question/exploration to the wider community. - JohnB suggest that alternate metadata formats need not be tightly-coupled with SAML or XML. For example: 3rd party issued attribute statements. Nate states that the XRD/XRDS efforts tried that approach but did not work. - Scott suggest that the SSTC needs to wait for a concrete proposal (brought to the SSTC), and not for the SSTC to pre-empt discussions in the other communities (eg. OIDC community). JohnB states that with the growing deployments of OIDC, we can anticipate that Attribute Providers may be seeking a single metadata format (that would be supported by different protocols). Thomas states that since we are doing SAML2.1, perhaps we need to wait for new spec contributions. - JohnB states that OIDC has a metadata format for individual IdPs, but for a Centralized IdP approach there are a couple of proposals making its way in the OIDC community. So a decision has not yet been made there. JohnB states that it's the "SAML people" in OIDC that desire the centralized approach. Scott states there is a lack of progress to launch trust federations in other areas other than Higher Education. - Thomas asks JohnB for AI, if JohnB could be go-between, and also to communicate with folks during the IETF Atlanta in November. Scott and Thomas plan to be at IETF Atlanta. (ii) SAML2.1: - Scott states that his time has become limited since he has taken-on a new role (busy until towards end of 2013). Chad should still be able to contribute. Also hoping that Ian Young can contribute. - No updates on SAML2.1. - SAML2.1 Wiki: the Agreement Section is ok. Scott hopes to hand-off initial docs to Chad and Ian. (iii) Webinar: - Hal: Webinar went well. Over 70+ people connected online. The only impacting issue seems to be the metadata format question. Would have been good if we had a better answer for that question. Scott indicated that it would be better if we had a back-channel like a live chat room to ask questions. Hal suggest for next time we should use a back-channel (eg. chat room). - Hal received some follow-up questions. One of them was about whether it was illegal to use alternate metadata in SAML2.0. The answer is: No. (iv) Asynchronous Single Logout Protocol Extension (Scott): Now in 30 day Public Review. (v) Other items: - Thomas says that IIW in Mountain View CA is next week, followed by the MIT Kerberos Conference (week after), and followed by the IETF in Atlanta (first week of November). o Meeting adjourns at 12:49PM. ---------------------------------------------------- __________________________________________ Thomas Hardjono MIT Kerberos Consortium email: hardjono[at]mit.edu mobile: +1 781-729-9559 __________________________________________
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]