OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: Draft Minutes 4 February 2014


Minor correction:

> Will give overview of SSO, authentication
> request, request initiation and LLO profile.
> Will explain how XACML can return missing attributes.

Should be:

 Will give overview of SSO, authentication
 request, request initiation and LOA profile.
 Will explain how XACML can return an indication of missing 
 attributes which can trigger step up authentication.

Hal

> -----Original Message-----
> From: Frederick.Hirsch@nokia.com [mailto:Frederick.Hirsch@nokia.com]
> Sent: Tuesday, February 04, 2014 1:14 PM
> To: security-services@lists.oasis-open.org
> Cc: Frederick.Hirsch@nokia.com; ndk@internet2.edu; hardjono@MIT.EDU;
> Hal Lockhart
> Subject: Draft Minutes 4 February 2014
> 
> SSTC Conference Call
> Tuesday 4 February 2014, 12:00pm ET
> 
> > 1. Roll Call & Agenda Review.
> 
> Quorum achieved. Hal Chaired.
> 
> Attendance
> 
> Voting Members
> 
> Internet2 					Scott Cantor
> Nokia Corporation 			Frederick Hirsch
> Veterans Health Administration 	Mohammad Jafari
> Covisint Corporation 			Chad La Joie
> Oracle 					Hal Lockhart
> Red Hat 					Anil Saldhana
> 
> Members
> 
> Open Identity Exchange 			John Bradley
> 
> >
> > 2. Need a volunteer to take minutes.
> 
> Frederick Hirsch volunteered to take minutes
> 
> > 3. Approval of minutes from previous meeting(s):
> >
> >   - Minutes from SSTC Call on 21 January 2013:
> >
> > https://lists.oasis-open.org/archives/security-
> services/201401/msg0001
> > 0.html
> 
> Minutes approved by unanimous consent.
> 
> > 4. AIs & progress update on current work-items:
> >
> >  (a) Current electronic ballots: None.
> >
> >  (b) Status/notes regarding past ballots: None.
> >
> >  (c) SAML 2.1 work (Chad)
> >      - SAML2.1 wiki:
> >        https://wiki.oasis-open.org/security/SAML2Revision
> >
> >      - Chad's list:
> >        https://wiki.oasis-open.org/security/SAML21
> >
> >      - Sample ToC for an SSO Profile:
> >        https://wiki.oasis-open.org/security/SAML21ExampleProtocol
> >
> >      - Thematic profiles from Chad:
> > https://lists.oasis-open.org/archives/security-
> services/201312/msg0000
> > 4.html
> 
> Chad has talked with Chet, sent message to list. Group needs to decide
> on open question - Should security considerations and conformance be
> left as separate document(s) or rolled into new drafts?
> 
> General agreement on call to rolling into profile documents for clarity
> and conformance to specific profile.
> Original idea was conformance to having families of related material,
> but this may not be appropriate going forward but could be a separate
> document if needed.
> 
> May need updates to security considerations.
> 
> ACTION: Chad will send out names for documents to list looking for
> agreement, then will ask Chet to regenerate templates.
> 
> NSTIC feedback indicates continuing interest in SAML and need for
> profiles for deployment.
> 
> >      - New templates for SAML2.1:
> >
> > https://lists.oasis-open.org/archives/security-
> services/201401/msg0001
> > 1.html
> >
> >  (d) Conceptual/overview of Metadata (Rainer Hoerbe)
> >      - Further Steps thread. Any updates?
> >
> > https://www.oasis-
> open.org/apps/org/workgroup/security/document.php?do
> > cument_id=50362
> >
> >  (e) XSPA updates (Mohammad Jafari)
> >     - Any updates?
> 
> No updates.
> 
> >  (f) Folding SAML.XML.ORG material into SAML/SSTC site.
> >      - Scott has created updated front page.
> >      - AI: Thomas to ping TC Admin folks.
> >
> > https://wiki.oasis-open.org/security/FrontPage
> 
> 
> Thomas is checking on this, redirect has not been implemented yet.
> 
> ACTION: Thomas to check on SAML.XML.ORG update.
> 
> >  (g)  Usage of SAML in NSTIC-funded pilots (the Daon slides)
> >      - Folks to review slides from Daon (via Colin Wallis & Jamie
> Clark).
> >      - Any feedback for Daon and for SAML developers in NSTIC pilots?
> >
> > https://lists.oasis-open.org/archives/security-
> services/201401/msg0000
> > 7.html
> 
> 
> Hal noted Trust Elevation TC asked him to give overview on SAML support
> for step up authentication mechanism; will include some XACML as well.
> Should happen Thursday.
> Will post slides on SAML archive, would appreciate any feedback
> Wednesday (before Thursday). Will give overview of SSO, authentication
> request, request initiation and LLO profile.
> Will explain how XACML can return missing attributes.
> 
> Discussion of use cases, e.g. need to have stronger authentication
> during session after some point (SP initiated flow),
> 
> John Bradley mentioned need for SP to be aware of changes in confidence
> and use case for social media identities to be used for government
> access, using step-up authentication by third party, to enable use of
> such identities. Use case of third party identity providers (in
> addition to initial IDP).
> 
> Discussion of Daon. Need more use case information. Question as to why
> client needs to ask for this information from SP rather than using
> client information, need better understanding. Using location as part
> of authentication. Geo XACML have defined types related to Daon. Scott
> noted used IETF syntax for data expression.
> 
> Question for everyone, are there areas to pursue as new work in SSTC?
> 
> Scott asked whether adding some key pieces of Liberty to SAML would
> obtain adoption; OpenID/OAuth might need to deal with those issues.
> 
> Dealing with attribute functionality seems interesting but not many
> implementers providing attribute sources, need clarity on business
> case.
> 
> Hal noted there may be question about unifying different SAML and OIDC
> approaches by offering higher level profile. (slide 21, Example 1 -
> http://www.idecosystem.org/filedepot_download/1369/1039 ) John noted
> this is policy but not technical standards issue, so will depend on
> implementation support (possible with standard as written).
> 
> Hal asked regarding interest in TC providing summary feedback to NSTIC.
> No immediate interest,  please indicate on list if interested.
> 
> > 5. Assorted mail items:
> >
> 
> No discussion
> 
> >
> > 6. Other items:
> >   - RSA conference coming up.
> 
> No discussion
> 
> > 7. Next SSTC Call:
> 
> Tuesday 18 February 2014
> 
> 
> Adjourned
> 
> regards, Frederick
> 
> Frederick Hirsch
> Nokia
> 
> 
> 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]