[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Fwd: [security-services] Agenda for SSTC Conference Call, April 13
We are item 3 b) on their agenda. No indication of what time they expect to get to it. The call is scheduled for 1.5 hours. I've asked Prateek Mishra either to provide us with a specific time at which they will address 3 b), or else move it up to the front of the agenda so we don't have to sit through all the non-XACML-related stuff. Anne
--- Begin Message ---
- From: "Mishra, Prateek" <pmishra@netegrity.com>
- To: security-services@lists.oasis-open.org
- Date: Tue, 13 Apr 2004 00:33:19 -0400
CONFERENCE CALL NUMBER AND CODE: NEW PHONE NUMBER: it is now +1 865 673 6950 , code 351-8396# 1. Accept minutes from Austin F2F, 30 March - 1 April http://lists.oasis-open.org/archives/security-services/200404/msg00020.html 2. Review recent document updates http://www.oasis-open.org/apps/org/workgroup/security/download.php/6347/sstc -saml-core-2.0-draft-10-diff.pdf http://www.oasis-open.org/apps/org/workgroup/security/download.php/6289/sstc -saml-profiles-2.0-draft-05-diff.pdf http://www.oasis-open.org/apps/org/workgroup/security/download.php/6324/sstc -saml-bindings-2.0-draft-09-diff.pdf 3. Refine recent proposals into proposed text (a) separate SSO-validity from overall assertion validity http://lists.oasis-open.org/archives/security-services/200404/msg00012.html Followup proposal from: http://lists.oasis-open.org/archives/security-services/200404/msg00014.html "So my idea would be to define a set of attributes in SubjectConfirmationData when the method is bearer. Among them would be NotOnOrAfter and probably any other stuff that needed to be signed as part of profiles that use this confirmation method." (b) XACML TC Recommendations for <saml:AttributeDesignator> "metadata" http://lists.oasis-open.org/archives/security-services/200404/msg00019.html (c) Discussion on Kerberos issues. Several messages have been exchanged. Do we have resolution? I couldn't find a summary message. (d) Following discussion at the F2F, there is now a "Attribute Profiles for SAML 2.0" document. This provides a general framework for defining varied attribute profiles, such as those based on X.500/LDAP syntax or GUID. http://www.oasis-open.org/apps/org/workgroup/security/download.php/6344/sstc -hughes-mishra-baseline-attributes-03.pdf Should this remain a "non-normative" document? Should it not be viewed as an additional profile document? (e) Request to change signature ordinality in Assertion/Request/Response http://lists.oasis-open.org/archives/security-services/200404/msg00028.html 4. Deferred items from F2F (a) Hal to summarize SAML ITU-T status (b) Deferred item: Review AI and list and extract dates from owners/close items (c) Deferred item: Establish which work items are "complete" and those that need work (d) Defferred item: John Kemp - ??examine authentication context method?? (e) Any others that require airtime? 5. Action Items from F2F (clarify owners and timeline if needed, I will enter them into the AI repository after the call) ---------------------------------------------------------------------------- ---------- 1. AI: Jeff H (or Scott?): Write up info for migration document describing Subject changes 2. AI: JohnK to propose text to meet the privacy needs when using specific NameID Format values. 3. AI: All doc editors: We need to update the contributors vs. the editors 4. Review at some future point: EncryptedNameID recipient attribute 5. Resolution: Extensions element - change Extension to use ##other 6. AI: Artifact Protocol: Review/fix boilerplate text re: recommendation for protecting messages 7. AI: RL Bob/Irving: Need to change the wording for the first paragraph under section 3.5.3 Processing Rules. 8. AI: Scott: propose change to RegisterNameIdentifier to handle unregister case and consider specifying an attribute that identifies intent of operation. 9. Follow-up: Examine SAML schema for consistent use of XML attributes vs. elements 10. AI: Eve: Optional subject implemented in core spec prose. Schema shows that subject is optional. 11. AI: Hal, Scott?- Follow-up: Need schema and some examples for use of encryption. 12. AI: Hal: revise proposal to include decisions made re: encryption along with details on use cases. 13. AI: Editors: Produce spec text that adheres to encryption proposal for group review. 14. AI: Hal: Look at SOAP binding and make sure hand waving on WS-Security works. 15. AI: Eve will send a follow-up message to Anne Anderson, which may be possible to discuss at an XACML meeting tomorrow. (This AI has already been completed) 16. AI: Chairs to solicit comments on use of gzip encoding for URL encoding 17. AI: Jeff Hodges will make a concrete proposal for a common artifact format. 18. AI: Fred Hirsch will propose text re: FIPS cipher suites. 19. AI: Scott: Relax AuthenticationStatement Occurrence 20. AI: Prateek takes ownership of driving a discussion on limiting combinations of bindings in conformance document. 21. AI: (Frederick?) ECP Section 3.3.4.1 - need to add back SOAP Header to allow an ECP to get info from the SP without having to parse AuthnRequest. 22. AI: (unassigned) - re: Validity - Document the solution proposal by which issuers are not constrained by 23. AI: RL 'Bob' - need text in Core explaining notion of ValidityPeriod is tied to 1) 24. AI: Scott Cantor - re: validity - add ReauthenticateOnOrAfter 25 AI: On hold (John Kemp) - make schema changes so that AM and AuthContext are parallel choices 26. AI: Prateek & Rob - send out message requesting opinions on deprecation of SAML AuthenticationMethod URIs 27. AI: Scott - Determine how Kerberos principals can be represented as NameIdentifiers. 28. AI: Prateek - forward Technical Overview 1.1 to external parties that had comments on draft 29. AI: Chairs - publish message to list asking for review of technical overview 1.1 and indicate that vote to bring to committee draft will be at SSTC meeting in two weeks from this week. 30. AI: Jeff H - to propose glossary definition for binding and profile, issue TECH-4 31. AI: Scott - "Binding conditions" proposal 32. AI: Prateek - to review core for locations where privacy considerations are implicit 33. AI: Eve - implement decision on core 18 after checking with Ron 34. AI: Hal - to send focus call information to XACML list regarding SSTC focus call 35. AI: Rob - put Kavi polls for location and dates for next F2F 36. AI: Prateek - to put out notice to saml-dev, id-ff vendors and others for saml2 related implementation experience, now, give early notice regarding later attestations. 37. AI: JeffH - send notice to Liberty members requesting interest in creating SSTC implementations from parties that have met Liberty 1.1 conformance tests 38. AI: Eve - publish tentative schedule on home page 39. AI: Eve to publish core-09 by Tuesday 40. AI: Frederick to send his updates on bindings and profile to Scott who will then incorporate additional edits. 41. AI: John H - draft of technical 1 pager with final deadine end of April To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave_workgroup.php.--- End Message ---
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]