Subject: Proposed Minutes for SSTC Telecon call (July 7th, 2014)
> 1. Roll Call & Agenda Review. Quorum was achieved. > 2. Need a volunteer to take minutes. Nate volunteered. > 3. Approval of minutes from previous meeting(s): > > - Minutes from 14 April 2015 meeting: > https://lists.oasis-open.org/archives/security-services/201505/msg00000.html > > - Minutes from 12 May 2015 meeting: > https://lists.oasis-open.org/archives/security-services/201505/msg00004.html > > - Minutes for 9th June 2015 meeting: > https://lists.oasis-open.org/archives/security-services/201506/msg00004.html Nobody objected to use of a single motion to approve all three minutes, and Scott so moved. Nate seconded, and no objections were registered, and the minutes were adopted. > (c) Presentation on UK citizen identity federation, GOV.UK<http://GOV.UK> > - Deferred to August (Adam unavailable) --- Adam Cooper (UK Cabinet Office). Adam had to send his regrets, but he anticipates being able to join next month’s edition. > (d) SAML 2.1 work: > - SAML2.1 wiki: > https://wiki.oasis-open.org/security/SAML2Revision > > - Starter docs: > https://lists.oasis-open.org/archives/security-services/201403/msg00010.html > > - Martijn had indicated that he is interested to work on the 2.1 project. We have not received any updates from Martijn. Given resourcing constraints, and a lack of strongly compelling reasons to do a complete 2.1 amongst the participants present, Scott proposed as an alternative an updated conformance document which could be the basis for implementation profiles. We would like to encourage the broadest participation possible for that because we want to accommodate as many implementations as reasonable and ensure that the conformance profiles are highly visible to developers working on implementations. This would be a more modernized conformance document containing an alternative set of conformance classes that would have more applicability to the way that SAML 2.0 has been used in practice over the last 10 years. There are processes spinning up within InCommon, Kantara, and other venues that would yield potential inputs to this work, many of which hope to produce something useable by October. Scott expressed his hope that new conformance profiles could be written by the end of the year or early next year. It would also be possible to do an implementation profile directly in the SSTC, but that may be more overhead and less effective and the hand-off points with other organizations may be less clear. The SSTC will be evaluating both options. It’s likely we will also want an updated cryptographic guide given that the world has evolved in both measures and countermeasures since the last cryptography guidelines were written. It would also be nice to migrate some committee specifications to OASIS standards, but that is not an immediate priority for the SSTC to accomplish itself. > (e) XSPA updates (Mohammad Jafari) > - Any updates. Mohammad was unable to join today’s call. > 7. Next SSTC Call: > - Tuesday 4 August 2015. We look forward to speaking with Adam and everyone else then. Thomas is likely to be on vacation, so Nate will chair the call.