[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for SSTC Telecon (Tue 23 July 2013)
On 7/19/13 11:40 AM, "Thomas Hardjono" <hardjono@MIT.EDU> wrote: >Tuesday 23 July 2013, 12:00pm ET > >AGENDA: > >1. Roll Call & Agenda Review. Hal Scott Nate Rainer Ian Young Chad Frederick Mohammad Ian Otto >2. Need a volunteer to take minutes. Scott volunteers. >3. Approval of minutes from previous meeting(s): > > - Minutes from SSTC Call on 9 July 2013: > >https://lists.oasis-open.org/archives/security-services/201307/msg00011.ht >ml Scott moved to approve the minutes with the minor correction. Chad seconded. There were no objections and the minutes were adopted. >4. AIs & progress update on current work-items: > > (a) Current electronic ballots: None. > > (b) Status/notes regarding past ballots: CB passed ballot. ECP did not >pass. > > (c) SAML 2.1 work (Chad) We discussed the proposed use of a numbered multi-part doc structure. Some concern about implication of ordering of the documents for a reader, so we would need explicit guidance on how to approach things in the intro document. Scott isn't thrilled with doing it, but as long as the documents retain their own identity and name (bindings, profiles, etc.), is ok with it. General acceptance to agree with the templates proposed. Open AI: Hal to express a view on whether it's ok to roll security considerations into core/profiles/bindings, or maintain a separate document. > (d) Conceptual/overview of Metadata (Rainer Hoerbe) > - Any updates? > > http://files.hoerbe.at/daunlod/eadocx-quickdoc.pdf Rainer discussed next steps for this work. Notes the UML diagram wasn't well received. Pointer above is to a reduced form of textual overview. Q: Ok to combine both drafts and include some UML in the other document? Q: Is the Tech Overview the right place for this material? Rainer notes the audience for this is for deployers and users of metadata, not implementers. Scott originally was suggesting adding material to the metadata specification. Still may be a good idea, but agrees we could use a document discussing use cases, and how to make use of the metadata spec is a good thing and is better done outside the spec, without normative language. TC agrees on having more background material in the metadata spec in 2.1 to be a good thing, and this work and the original Shibboleth documentation are potential fodder for that. Q. Noted IETF draft on entity categories. Should that be at IETF or here? Ian notes the draft in question is not at IETF. It's in an IETF format, but it's a MACE-Dir document being shephered at Internet2 and discussed by REFEDS. (Scott implied otherwise in a response on the list, he was mistaken.) > (e) XPA updates (Mohammad Jafari) > - Any updates? No updates to report. Hopefully something to talk about by next meeting. > (f) SAML Token Profile for ebMS (Ian Otto / Australia) > - First draft uploaded. > >https://lists.oasis-open.org/archives/security-services/201307/msg00024.ht >ml Initial draft out for comment. Lack of specification for token acquisition via WS-Trust noted, may need to be included for conformance purposes. > (g) SAML ECP (Scott) > - Updated WD has been uploaded. > - Request new CD ballot. Scott moves to accept ECP WD09 as CSD02. http://www.oasis-open.org/committees/download.php/49980/saml-ecp-v2.0-wd09. zip Hal seconds. No objections, motion passed. Scott moves that given no normative changes were made, this CSD02 need not repeat a public review and moves to request a ballot for advancing CSD02 to Committee Specification. Hal seconds. No objections, motion passed. Scott will request the CSD and ballot. >6. Other items: > - IETF87 Berlin coming-up. > - NSTIC IDESG Plenary at MIT (July 24-26, 2013). Hal discussed government interest in an ABAC workshop. The director of NSTIC and other GSA officials attended and expressed their opinion as to its importance. http://www.nist.gov/itl/csd/attribute-based-access-control-workshop-july-17 -2013.cfm Seeing an uptick in interest in policy and attribute-based access control. If there is interest, consider reviewing: http://csrc.nist.gov/publications/drafts/800-162/sp800_162_draft.pdf They are still accepting comments on this document, despite appearances that a deadline has passed. >7. Next SSTC Call: > - Tuesday 6 August 2013.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]