[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Updated minutes for SSTC Telecon (20 January 2015) - draft #2
Updated after a comment from Martijn. On 1/20/15, 6:19 PM, "Cantor, Scott" <cantor.2@osu.edu> wrote: >> AGENDA: >> >> 1. Roll Call & Agenda Review. > >Hal Lockhart >Mohammad Jafari >Martjn Kaag >Scott Cantor >Frederick Hirsch >Rainer Hoerbe > >> 2. Need a volunteer to take minutes. > >Scott volunteers. > >> 3. Approval of minutes from previous meeting(s): >> >> - Minutes from 25 November 2014: >> >> https://lists.oasis-open.org/archives/security >><https://lists.oasis-open.org/archives/security->-services/201411/msg0000 >>8 >>.html > >Scott moved to accept the minutes. Frederick seconded, motion passed. > >> 4. AIs & progress update on current work-items: >> >> (a) Current electronic ballots: None. >> >> (b) Status/notes regarding past ballots: None. >> >> (c) Follow up questions from Dutch eID presentation (Martijn Kaag) >> >> - Extension for requesting additional attributes in authnrequest. >> - Next version of SAML (2.1). Why (not)? Who? > >Martijn reiterates the requirement for extending the AuthnRequest message >with requested attributes. > >Scott notes this has been discussed for a long time, but nobody has ever >shown up with resources to work on the spec. He noted there's an existing >extension from back in the post 2.0 days defining a protocol extension to >the AuthnRequest: > >https://wiki.oasis-open.org/security/ProtocolExtThirdParty > >Using that as a basic outline would be the simplest approach. > >Hal will request the template from tc-admin and help with any questions. > >> (d) SAML 2.1 work: >> - SAML2.1 wiki: >> https://wiki.oasis-open.org/security/SAML2Revision > >Martijn expressed a concern that the perception is that SAML is not being >maintained because it dates to 2005 with no update, and asked whether 2.1 >is a legitimate need. > >Hal responded that in terms of 2.1, the main issue is that there are no >resources to work on it. It also was not intended to add any incompatible >changes, just incorporate extensions and improve the presentation. > >From a marketing or perception PoV, the issues with JSON vs. XML and so >forth are issues regardless of whether a 2.1 were to happen. > >Scott noted that during past discussion, the TC had generally concluded >that a JSON binding for SAML would be counterproductive in light of the >substantial functional duplication between SAML and the JOSE/OAuth/OIC >stack. > >Scott agreed that there's value in a 2.1 for getting vendor uptake of >numerous extensions, but it's still a resource issue primarily. Martijn indicated that he intends to work on the 2.1 project and will be reviewing the planning material done previously. > >> (e) Conceptual/overview of Metadata (Rainer Hoerbe) >> - SSTC review is requested. >> - Moving the WD for the Metadata Guidance document to CD. > >Hal: was this intended as a Note or Normative document? > >Rainer: it's a Note. > >Hal asked if we should do the optional public review? It doesn't seem >like >it matters for Notes since we can always redraft and reapprove the Note >every time a change is made. > >Rainer moved to approve SAML Metadata Guidance Version 1.0 WD-03 to >Committee Note. > >Link: https://www.oasis-open.org/committees/download.php/54940 >Doc ID: saml-metadata-guide-v1.0-wd03.doc > >Scott seconded. Motion approved unanimously. > >> (f) XSPA updates (Mohammad Jafari) >> - Any updates. > >No updates. > >> 6. Other items: > >Frederick noted he's left Nokia and is now an individual member. > >> 7. Next SSTC Call: >> - Tuesday 17 February 2015.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]