OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xspa message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Draft meeting minutes Nov 5, 2018

Minutes for 5 Nov 2018 TC meeting.

 

Meeting started at 12:05 PM PT.

 

**Attendance:

Mohammad Jafari, co-chair (VHA)

Mike Davis (VHA)

Kathleen Connor (VHA)

Suzanne Gonzales-Webb (VHA)

David Staggs (VHA)

 

Chair: We have quorum.

 

**Administrivia:

- Approval of the draft minutes from the last meeting on 10/29/2018:

https://lists.oasis-open.org/archives/xspa/201810/msg00005.html

Unanimously approved.

 

**XSPA SAML Profile Working Draft 13:

https://www.oasis-open.org/apps/org/workgroup/xspa/download.php/64189/saml-xspa-v2.0-wd13-20181102.doc

- Completed the non-normative section on JSON encoding; harmonized subject id with OpenID 'sub' claim.

- Added conformance to SAML subject ID profile.

- Conformance to FHIR flattening style for Concept Descriptors, following feedback from FHIR Security WG.

 

** Remaining issues (all minor/editorial):

- Vocabulary reference for integrity

Mohammad and Kathleen will follow up.

 

- Missing citation for reference to "Liberty Identity Access Framework (LIAF) criteria for evaluating and approving credential service providers". Does it need to be update?

 

Mike moved to remove this reference. David seconded.

Unanimously approved.

 

- Final editorial review before voting.

 

Mohammad: I will do this and post WD14.

 

**Discussion of the next steps for the SAML Profile working draft.

- Do we want to present the profile to the SAML TC before or after approving the Working Draft?

Mohammad: I prefer to do this during the public review outreach.

Mike: agreed.

 

**Other business

Mike: Updating the TC site.

Mohammad will follow up after the working draft is finalized.

 

David: Should we use XACML 2.0 resource ID attribute. The current draft is referencing XACML 1.0 attribute.

Mohammad: I'll look into this and update the working draft.

 

David: subject-id in some implementations is user's email address or X509 subject id.

Mohammad: SAML subject ID allows using those, but we also intend to generalize this to accommodate use-cases where the subject of the assertions is not an end-user, e.g. an organization.

 

David: Home community ID defined by the NHIN specification is being used by some implementations (e.g. Carequality) and it would help with the adoption of the profile to support this attribute.

Mike agreed.

Mohammad: I agree. Let's follow up on the mailing list to add this to WD14

 

Adjourned at 12:30 PM PT.

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]