OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Proposed Minutes for SSTC Telecon (Tuesday 15 April 2014)

> 1. Roll Call & Agenda Review.
> 2. Need a volunteer to take minutes.

Nate volunteered.

> 3. Approval of minutes from previous meeting(s):
>   - Minutes from SSTC Call on 18 March 2014:
> https://lists.oasis-open.org/archives/security-services/201403/msg00009.html
> Adding Roll Cal for 3/18/2014 Meeting:
> Cantor, Scott
> Hardjono, Thomas
> Hirsch, Frederick
> Klingenstein, Nathan
> La Joie, Chad
> Lockhart, Hal
> Saldhana, Anil
> Young, Ian
> Quorum was achieved.

The link to the minutes and the roll call were sent separately due to delays in the OASIS email archiving system.

Quorum was achieved for this call as well.  Chad moved to approve the minutes and Hal seconded.  There were no objections and the minutes were adopted.

>  (c) SAML 2.1 work (Chad)
>      - SAML2.1 wiki:
>        https://wiki.oasis-open.org/security/SAML2Revision
>      - Chad's list:
>        https://wiki.oasis-open.org/security/SAML21
>      - Sample ToC for an SSO Profile:
>        https://wiki.oasis-open.org/security/SAML21ExampleProtocol
>      - Chet created starter docs:
> https://lists.oasis-open.org/archives/security-services/201403/msg00010.html

Nate committed to write the overview portion of the SAML 2.1 specification revision.

Chad has been looking at the other work that is necessary and coming up with a general approach to doing the refactoring.  He wants to ensure he starts in the right place and then he'll begin transferring content from the original 2.0 documents to the new 2.1 documents and put out a working draft once he has something in those new documents.

That will be the first round of effort.  It will initially not read very well because it will be copy/pasted material, but it will allow us to understand whether the general approach is correct.  Later rounds of effort will involve clarifications, better text, and inclusion of approved errata.

The TC wants to re-emphasize that SAML 2.1 is purely a rewrite of the specification to make it more intelligible for deployers.  Conformance classes may be re-examined, and other specifications published by the TC may be rolled in to the document, and so forth.  However, wire-level and schema compatibility with SAML 2.0 will be guaranteed.

>  (d) Conceptual/overview of Metadata (Rainer Hoerbe)
>      - Further Steps thread. Any updates?
> https://www.oasis-open.org/apps/org/workgroup/security/document.php?document_id=50362

This document is intended as guidance.  Rainer is not sure whether the SSTC is the right place to publish a guidance document.  Nate pointed out that deployment profiles generally aren't standardized in the SSTC, but Hal noted that overviews had been published by the SSTC in the past, could be published as non-normative documents known as "committee notes".

Chad noted that some of the material might be valuable in the overview text of the normative 2.1 metadata specification.  Nate suggested that publication of the document as it stands now would make sense, since a lot of the work that has been done post-2.0 will be evaluated as to whether it should be rolled into the 2.1 documents anyway.

The process for approval and publication of a committee note is the same as the process for specifications.

Rainer will get templates, put the document into proper form, and carry it forward to the SSTC for initial approval voting.

>  (e) XSPA updates (Mohammad Jafari)
>     - Any updates?

Mohammad wasn't present.

> 6. Other items:
>   - Email from Jack Verhoosel - EU Standards using SAML2.0.

Nate lamented the lack of channels by which we could reach out to the deployment community to be explicit about the intent and scope of the SAML 2.1 work and suggested that we do the best with communication channels we have, such as minutes.

Hal suggested reaching out in return to ask whether anything could be done to help the EU deploy SAML 2.0.

> 7. Next SSTC Call:
>   - Tuesday 29 April 2014

We look forward to speaking with you then.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]