[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Proposed Minutes for SSTC Telecon (18 Feb 2014)
> 1. Roll Call & Agenda Review. Frederick, Hal, Thomas, Mohammad, and Nate joined. > 2. Need a volunteer to take minutes. Nate gladly volunteered. > 3. Approval of minutes from previous meeting(s): > > - Minutes from SSTC Call on 4 February 2013: > > https://lists.oasis-open.org/archives/security-services/201402/msg00010.html Due to a lack of quorum no action was taken. > (c) SAML 2.1 work (Chad) > - SAML2.1 wiki: > https://wiki.oasis-open.org/security/SAML2Revision > > - Chad's list: > https://wiki.oasis-open.org/security/SAML21 > > - Sample ToC for an SSO Profile: > https://wiki.oasis-open.org/security/SAML21ExampleProtocol > > - AI: Chad to request admin (Chet E.) to regenerate templates. Chad wasn't here so he couldn't update us. We believe he's in the midst of regenerating the templates. > (d) Conceptual/overview of Metadata (Rainer Hoerbe) > - Further Steps thread. Any updates? > > https://www.oasis-open.org/apps/org/workgroup/security/document.php?document_id=50362 Rainer was not on the call either. > (e) XSPA updates (Mohammad Jafari) > - Any updates? Mohammad had no updates on the XSPA work beyond to state that work on the SAML profile continues at this point in time. > (f) Folding SAML.XML.ORG material into SAML/SSTC site. > - Waiting for action from TC-Admin. > > https://wiki.oasis-open.org/security/FrontPage Thomas did contact TC-Admin to tell them that we were ready for the migration to occur, and they've said they were going to do so, but the redirect in place is apparently only a big, bolded link on the saml.xml.org front page. > (g) Usage of SAML in NSTIC-funded pilots (the Daon slides) > - Folks to review slides from Daon (via Colin Wallis & Jamie Clark). > - Any feedback for Daon and for SAML developers in NSTIC pilots? > > https://lists.oasis-open.org/archives/security-services/201401/msg00007.html Hal said that from Daon's perspective, the implementation they're using is what SAML does, so it doesn't really matter what the specifications say. There may not be much need for changes to the specifications, but there may be a need for enhancements to the SAML product being used. Hal uploaded a presentation that he gave to the OASIS Trust Elevation TC. He didn't change anything but had an interesting conversation with Ian Otto. His purpose was to ask the TC to detect gross errors, but it's there for a reference to understand the extent to which SAML permits reauthentication with a stronger method, becoming a more and more popular use case. He threw in a slide on XACML's potential role in the same process. > 7. Next SSTC Call: > - Tuesday 4 March 2014 We look forward to meeting you then.