security-services message

Subject: RE: Proposed Agenda for SSTC Telecon (March 17th, 2015)
From: Colin Wallis <Colin.Wallis@dia.govt.nz>
To: 'Thomas Hardjono' <hardjono@mit.edu>, OASIS SSTC <security-services@lists.oasis-open.org>
Date: Mon, 16 Mar 2015 02:28:02 +0000
Folks

Regarding 4 (c)....

The solutions architect working on the SAML deployment for the NZ Govt's 'RealMe' login/Authentication service adds ..

NZ has a requirement for government (SP) agencies to:

1) request some specified attributes in the <AuthnRequest> from identity provider (IdP). Based on the request the IdP should pull the attributes from attribute providers. Typically these are minimal subset combinations of identity info (such as name, DoB, PoB, Gender) depending on the context.
2) invoke user consent to release displayed attributes on the wire in the message flow in the AuthnResponse.

We wanted to use AuthnContextClassRef values in <AuthnRequest> and <AuthnResponse> to put in attributes. But we thought it is not right place to put. So we have come up with some static config approach, but it have limited success. 

We note that OpenID connect has covered this quite well (see OpenID Connect's spec Section 3.1.2.1 and in particular scope, display, consent, Requested Authentication Context Class Reference (acr) (Claim) Values).
What we want in essence, is roughly the equivalent in SAML 2.0, and for vendors to support that.
While the <samlp:Extensions>  element seems a possible route, we note that indeed 'anything goes', so we may need some rules around what we want in terms of size etc etc.

Timezones and call time slew being what it is I may not make the call..but the above FWIW anyway..

Cheers
Colin

-----Original Message-----
From: security-services@lists.oasis-open.org [mailto:security-services@lists.oasis-open.org] On Behalf Of Thomas Hardjono
Sent: Saturday, 14 March 2015 6:23 a.m.
To: OASIS SSTC
Cc: Nate Klingenstein; Thomas Hardjono
Subject: [security-services] Proposed Agenda for SSTC Telecon (March 17th, 2015)




Folks,
 
Below is the proposed agenda for our next SSTC Call.
Please let us know if you have additional items or modifications.

Note that SSTC meetings are now on a 4-week cycle.
 
 
Regards.
 
Nate+Thomas
 
 
_______________________________________________________
 
Proposed Agenda SSTC Conference Call
Tuesday 17 March 2015, 12:00pm ET
 
 
Topic: OASIS SSTC Call
Call-in Number: 1-617-324-0000
Access code: 645 403 951#
 
Date: Every 4 weeks on Tuesday
Time: 12:00 pm, Eastern Standard Time (New York, GMT-05:00)
 
Meeting Number: 645 403 951.
Meeting Password: samlsaml.
 
[Backup Telecon number:  (605) 475-4700 / passcode: 176720# ]
 
 
AGENDA:
 
1. Roll Call & Agenda Review.
 
2. Need a volunteer to take minutes.
 
3. Approval of minutes from previous meeting(s):

   - Minutes from 17 February 2015 meeting:

https://lists.oasis-open.org/archives/security-services/201502/msg00003.html



4. AIs & progress update on current work-items:
 
  (a) Current electronic ballots: None.
 
  (b) Status/notes regarding past ballots: None.

  (c) Follow up discussions from Dutch eID presentation (Martijn Kaag)
      - Any updates/questions/discussions.

  (d) SAML 2.1 work:
      - SAML2.1 wiki:
        https://wiki.oasis-open.org/security/SAML2Revision

      - Starter docs:
https://lists.oasis-open.org/archives/security-services/201403/msg00010.html

      - Martijn had indicated that he is interested to work on the 2.1 project.

 
  (e) XSPA updates (Mohammad Jafari)
     - Any updates.


  (f) Clarifications for algorithm support for metadata extension (Scott)
     - Was there any AIs from last SSTC meeting?
 
 
5. Assorted mail items:

 
6. Other items:

- IETF#92 Dallas (March 22-27)
- IIW (April 6-9)
- RSA Conference (April 2-24).

 
7. Next SSTC Call:
   - Tuesday 14 April 2015.

 
 
 
-------------------------------------------------
**** You can forward this email invitation to attendees ****
 
Hello ,
 
Thomas Hardjono invites you to attend this online meeting.
 
Topic: OASIS SSTC Call
Date: Every 4 weeks on Tuesday, from Tuesday, February 5, 2013 to no end date
Time: 12:00 pm, Eastern Standard Time (New York, GMT-05:00)
 
Meeting Number: 645 403 951
 
Meeting Password: samlsaml
 
 
-------------------------------------------------------
To join the online meeting (Now from mobile devices!)
-------------------------------------------------------
1. Go to https://mit.webex.com/mit/j.php?ED=170547347&UID=0&PW=NZDIyZDMzZGU5&RT=MiMxMQ%3D%3D
2. If requested, enter your name and email address.
3. If a password is required, enter the meeting password: samlsaml 4. Click "Join".
 
To view in other time zones or languages, please click the link:
https://mit.webex.com/mit/j.php?ED=170547347&UID=0&PW=NZDIyZDMzZGU5&ORT=MiMxMQ%3D%3D
 
-------------------------------------------------------
To join the audio conference only
-------------------------------------------------------
To receive a call back, provide your phone number when you join the meeting, or call the number below and enter the access code.
Call-in Number: 1-617-324-0000
 
Access code: 645 403 951
 
-------------------------------------------------------
For assistance
-------------------------------------------------------
1. Go to https://mit.webex.com/mit/mc
2. On the left navigation bar, click "Support".
 
You can contact me at:
hardjono[at]mit.edu
1-781-7299559
 
To add this meeting to your calendar program (for example Microsoft Outlook), click this link:
https://mit.webex.com/mit/j.php?ED=170547347&UID=0&ICS=MI&LD=1&RD=2&ST=1&SHA2=AAAAAqQ8HRHsFV2sx7PeRL8WhHjtErKdRExJqKIpxM3zbAAL&RT=MiMxMQ%3D%3D
 
The playback of UCF (Universal Communications Format) rich media files requires appropriate players. To view this type of rich media files in the meeting, please check whether you have the players installed on your computer by going to https://mit.webex.com/mit/systemdiagnosis.php.
 
 
 
 
http://www.webex.com
 
CCP:+16173240000x645403951#
 
IMPORTANT NOTICE: This WebEx service includes a feature that allows audio and any documents and other materials exchanged or viewed during the session to be recorded. By joining this session, you automatically consent to such recordings. If you do not consent to the recording, discuss your concerns with the meeting host prior to the start of the recording or do not join the session. Please note that any such recordings may be subject to discovery in the event of litigation.
 
----------------------------------------------------------------------

____________________________________________






____________________________________________
Thomas Hardjono
MIT Consortium for Kerberos & Internet Trust
w:  kit.mit.edu

e:  hardjono[at]mit.edu
m:  +1 781 729 9559
b:  http://hardjono.mit.edu
____________________________________________



---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
References:
- Proposed Agenda for SSTC Telecon (March 17th, 2015)
  - From: Thomas Hardjono <hardjono@mit.edu>