Updated minutes for SSTC Telecon (20 January 2015) - draft #2

["Cantor, Scott" <cantor.2@osu.edu>]

Updated after a comment from Martijn.


On 1/20/15, 6:19 PM, "Cantor, Scott" <cantor.2@osu.edu> wrote:

>> AGENDA:
>> 
>> 1. Roll Call & Agenda Review.
>
>Hal Lockhart
>Mohammad Jafari
>Martjn Kaag
>Scott Cantor
>Frederick Hirsch
>Rainer Hoerbe
>
>> 2. Need a volunteer to take minutes.
>
>Scott volunteers.
>
>> 3. Approval of minutes from previous meeting(s):
>> 
>>    - Minutes from 25 November 2014:
>> 
>> https://lists.oasis-open.org/archives/security 
>><https://lists.oasis-open.org/archives/security->-services/201411/msg0000
>>8
>>.html
>
>Scott moved to accept the minutes.  Frederick seconded, motion passed.
>
>> 4. AIs & progress update on current work-items:
>> 
>>   (a) Current electronic ballots: None.
>> 
>>   (b) Status/notes regarding past ballots: None.
>> 
>>   (c) Follow up questions from Dutch eID presentation  (Martijn Kaag)
>> 
>>       - Extension for requesting additional attributes in authnrequest.
>>       - Next version of SAML (2.1). Why (not)? Who?
>
>Martijn reiterates the requirement for extending the AuthnRequest message 
>with requested attributes.
>
>Scott notes this has been discussed for a long time, but nobody has ever 
>shown up with resources to work on the spec. He noted there's an existing 
>extension from back in the post 2.0 days defining a protocol extension to 
>the AuthnRequest:
>
>https://wiki.oasis-open.org/security/ProtocolExtThirdParty
>
>Using that as a basic outline would be the simplest approach.
>
>Hal will request the template from tc-admin and help with any questions.
>
>>   (d) SAML 2.1 work:
>>       - SAML2.1 wiki:
>>         https://wiki.oasis-open.org/security/SAML2Revision
>
>Martijn expressed a concern that the perception is that SAML is not being 
>maintained because it dates to 2005 with no update, and asked whether 2.1 
>is a legitimate need.
>
>Hal responded that in terms of 2.1, the main issue is that there are no 
>resources to work on it. It also was not intended to add any incompatible 
>changes, just incorporate extensions and improve the presentation.
>
>From a marketing or perception PoV, the issues with JSON vs. XML and so 
>forth are issues regardless of whether a 2.1 were to happen.
>
>Scott noted that during past discussion, the TC had generally concluded 
>that a JSON binding for SAML would be counterproductive in light of the 
>substantial functional duplication between SAML and the JOSE/OAuth/OIC 
>stack.
>
>Scott agreed that there's value in a 2.1 for getting vendor uptake of 
>numerous extensions, but it's still a resource issue primarily.

Martijn indicated that he intends to work on the 2.1 project and will be 
reviewing the planning material done previously.


>
>>   (e) Conceptual/overview of Metadata (Rainer Hoerbe)
>>       - SSTC review is requested.
>>       - Moving the WD for the Metadata Guidance document to CD.
>
>Hal: was this intended as a Note or Normative document?
>
>Rainer: it's a Note.
>
>Hal asked if we should do the optional public review? It doesn't seem 
>like 
>it matters for Notes since we can always redraft and reapprove the Note 
>every time a change is made.
>
>Rainer moved to approve SAML Metadata Guidance Version 1.0 WD-03 to 
>Committee Note.
>
>Link: https://www.oasis-open.org/committees/download.php/54940
>Doc ID: saml-metadata-guide-v1.0-wd03.doc
>
>Scott seconded. Motion approved unanimously.
>
>>   (f) XSPA updates (Mohammad Jafari)
>>      - Any updates.
>
>No updates.
>
>> 6. Other items:
>
>Frederick noted he's left Nokia and is now an individual member.
> 
>> 7. Next SSTC Call:
>>    - Tuesday 17 February 2015.