OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Draft SSTC Minutes 7 January 2014


 Agenda SSTC Conference Call Minutes
Tuesday 7 January 2014, 12:00pm ET

> 1. Roll Call & Agenda Review.

Nate chaired in Thomas's absence

Attendance (Hal)

Voting Members

Internet2 					Scott Cantor
Nokia Corporation 			Frederick Hirsch
Veterans Health Administration 	Mohammad Jafari
Internet2 					Nathan Klingenstein
Covisint Corporation 			Chad La Joie
Oracle 					Hal Lockhart

Guests

Australia					Otto, Ian

Agenda agreed without change


> 
> 2. Need a volunteer to take minutes.
> 
Frederick Hirsch took minutes

> 3. Approval of minutes from previous meeting(s):
> 
>   - Minutes from SSTC Call on 10 December 2013:
> 
> https://lists.oasis-open.org/archives/security-services/201312/msg00002.html

Chad moved, Scott seconded. Minutes approved without objection.

> 
> 
> 4. AIs & progress update on current work-items:
> 
>  (a) Current electronic ballots: None.
> 
>  (b) Status/notes regarding past ballots: None.
> 
>  (c) SAML 2.1 work (Chad)
>      - SAML2.1 wiki:
>        https://wiki.oasis-open.org/security/SAML2Revision
> 
>      - Chad's list:
>        https://wiki.oasis-open.org/security/SAML21
> 
>      - Sample ToC for an SSO Profile:
>        https://wiki.oasis-open.org/security/SAML21ExampleProtocol
> 
>      - AI for everybody:  please review SSO profile draft & give feedback.
>        (This will part of a multi-part specification).
> 
>      - Thematic profiles from Chad:
> https://lists.oasis-open.org/archives/security-services/201312/msg00004.html
> 
> 

Chad sent out list, response on list from Scott

Nate noted concern regarding keeping low total workload to get done in reasonable schedule, concern that authentication topic is broad, duplication of material

Chad remarked that reason for doing this is to clean it up and make it more approachable, better to duplicate to make material accessible to users.

Scott noted that if cut and paste  issues with OpenOffice introducing formatting errors in process, needed revision and possible introduction of errors, requiring more detailed proof-reading.

General agreement on duplication rather than referencing.

Chad  - Attributes form a critical part in systems - do not want them obscured with artifact and assertions.

Scott would like to deprecate artifact but can't since OpenID connect based on it.

Chad - should we remove deprecated materials?

Scott, Artifact in separate bindings document rather than separate piece of work

Deprecation might be an issue if material is currently being used

Chad, deprecated since 2005 so could go away in this revision

Hal - this isn't a major version but perhaps nobody will complain since earlier document still exists.

Nate - what happens with schema

Hal - won't change core schema

Nate - agreement to remove artifact profile from specification but not from schema

Hal we can deprecate material if a new better method is known, but no reason to deprecate otherwise, even if not used much.

Scott would be willing to own non-browser authentication document, more fully specify delegation in this

Chad - ok with me

Nate is metadata a theme

Chad, no, not a profile

Scott, Chad  - would like to see security considerations inside the profiles

Scott might want to define an updated artifact type related to SHA-1 support and possible deprecation

Action item: Scott  to look at existing artifact formats and use of SHA-1

Plan also to move to XML Signature 1.1 and XML Encryption 1.1

Chad: Templates from TC Admin that had previous categorization of profiles, will ask TC Admin about new templates


>  (d) Conceptual/overview of Metadata (Rainer Hoerbe)
>      - Further Steps thread. Any updates?
> 
> https://www.oasis-open.org/apps/org/workgroup/security/document.php?document_id=50362
> 

Rainer not present, defer.

> 
>  (e) XSPA updates (Mohammad Jafari)
>     - Any updates?
> 

No update at this time, please keep on agenda.

> 
>  (f) SAML Token Profile for ebMS (Ian Otto / Australia)
>      - Any updates or news from the 30-day PR.
> 

Public review concluded with only minor comments. Spec being updated, no more TC work on this needed.

Nate - thanks for joining SSTC calls, glad to hear of progress, will remove from future agendas.

> 
>  (g) Folding SAML.XML.ORG material into SAML/SSTC site.
>      - AI: Scott will create a new front page
> 
> https://wiki.oasis-open.org/security/FrontPage
> 

Scott has created updated front page, adding new sections, let TC Admin about changes. Ready for redirect to be setup.

TC agrees that xml.org redirect can be established now.

> 
> 5. Assorted mail items:
> 
> 
> 6. Other items:
> 

No other business.  Nate thanks everyone

> 
> 7. Next SSTC Call:
>   - Tuesday 21 January 2014

Adjourn





[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]