[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes of SSTC Conference call on Sep 12, 2006
Attendance - see the end of this message. ACTION: Ari will take draft 10 of Attribute Sharing Profile and in consultation with Tom (and others) will produce a draft 10a for SSTC review. ACTION: Tom will retract draft 11 of Profiles for X.509 Subjects and create a new deployment profile. ACTION: Chairs to move Metadata docs to public review. ACTION: Asish and Paul to make editorial changes to Shared Credentials document to make the document look like CD. ACTION: Eve to CDize errata based on draft 35. 1. Roll Call & Agenda Review, Appoint Secretary Quorum achieved. 2. Approve minutes from August 29 con-call Approved by unanimous consent. 3. Follow up on NZ Government Authentication Standards Launched Hal: NZ is eager to hear feedback. Chairs have received private communication from the leaders and it's OK to send comments to the list. Prateek: Has indicated to the leader that they could publish a draft to the SSTC repository. Hal: We can comment on the list or directly to them. They will be watching the list. 4. New documents published a. X.509 Profiles SAML V1.1 Profiles for X.509 Subjects http://www.oasis-open.org/archives/security-services/200608/msg00120.html This is the identical to SAML 2.0 profiles for X.509 Subjects (see below) except for encryption. SAML V2.0 Profiles for X.509 Subjects http://www.oasis-open.org/archives/security-services/200608/msg00124.htm Tom Scavo: this is an evolution of draft 11 of the attribute sharing profile. The primary purpose of this refactoring is a SAML attribute profile for X.509 subjects. Believes that the deployments that meets the attribute sharing profile will also meet the X.509 Subjects profile with the exception of the metadata specification. In short, this is a repackaging of attribute sharing profiles. Discussion of the way forward http://www.oasis-open.org/archives/security-services/200608/msg00127.htm Tom Scavo: There are two options to proceed: 1. If refactoring is too drastic we can choose one of the earlier drafts (e.g., draft 10). 2. Stick with draft 11. Prateek observes that the proposal is to generalize the original draft. Scott Cantor: The refactoring is consistent with a number of comments that were posted to the list. Also, all the submissions appear unnecessary in light of the original SAML attribute Query profile. I.e., there appears to be nothing new. This seems to be a deployment scenario. For example, the Subject profile does not add anything beyond using the DN. Rob Philpott: There was a requirement for referring to a profile for RFPs. Prateek: The question is if this a profile or a new kind of document entity such as deployment note. Scott: Not particularly concerned with the entity that captures this. Though he believes these are more appropriately "deployment profiles". The issue is that there are not enough normative "MUST"s in the document to get an end-to-end agreement. Tom Scavo: An end-to-end profile was purposely avoided because the non-normative section of the Attribute Query profile does not include an X.509 example. The last draft separates out the profiling of SAML assertion. This is important because the SAML assertion can be bound to a SOAP message or an X.509 certificate. Tom Scavo: The language could be changed to "basic" and "enhanced". Greg Whitehead: the RFP process appeared to be requiring a single document that could be referred to. Prateek: suggests that there is a difference between profiles and deployment notes. Hal: The argument may be that Attribute Query-compliant products might find the deployment note useful. Hal: Are there objections to the document as is before we can proceed. Prateek: If the current CD is a "deployment profile" then the issue of generalizing it is somewhat misplaced. The "grid" community could publish its deployment profile/note and that would be useful. Rob Philpott: agrees. Hal: Need to get a specific course of action. Ari: Take CD02 and incorporate a number of comments that are improvements and corrections and republish. Tom: Most of these were done in drafts 9 and 10. Greg: The SSTC encourages the development of a deployment scenario that meets the requirements of the "grid". Hal: We have not had a CD vote since the public review. Prateek: Nothing has happened beyond the closing of the CD review. We have not moved beyond. Rob: We can respond to the comments that were received during the public review and change the CD (as long as there are not normative). Hal: Let's table any discussions regarding other deployment notes/profiles. If Tom and a couple of other active folks can work on a new version of the Attribute Query profile then we can move this forward. Prateek: Asks Ari if he can take ownership. Ari: How large of a change would be acceptable to the process. In other words, if the new CD makes changes to the document's structure, would that be a problem Prateek: start from CD02 and make changes with "track changes" on. Tom: most (if not all) of the comments during public review are captured in drafts 9 and 10. Draft 11 is a different document with normative changes. ACTION: Ari will take draft 10 and in consultation with Tom (and others) will produce a draft 10a for SSTC review. ACTION: Tom will retract draft 11 and create a new deployment profile. b. Text Based Challenge Response AC http://www.oasis-open.org/archives/security-services/200609/msg00005.htm Sharon: Incorporates all of the comments Tom had made. All are editorial in nature. Hal: Suggest that the SSTC review and take a CD vote in the next call unless there are lots of changes/questions. c. Metadata updates http://www.oasis-open.org/archives/security-services/200609/msg00010.htm http://www.oasis-open.org/archives/security-services/200609/msg00012.htm http://www.oasis-open.org/archives/security-services/200609/msg00014.htm Prateek: These are docs that being prepared for a second public review. Scott: There are ready for a short 15 day public review. Scotts makes motion to put these three docs for short review. Eve seconds. No objections. ACTION ITEM: Chairs to move these docs to public review. d. Shared Credentials RequestedAuthnContexts Extension http://www.oasis-open.org/archives/security-services/200609/msg00020.htm SharedCredential Authn Context Extension http://www.oasis-open.org/archives/security-services/200609/msg00021.htm Discussion http://www.oasis-open.org/archives/security-services/200609/msg00025.htm Paul Madsen: these docs address schema issues. Hoping to have a vote on this call. Hal: No difference in terms of time between voting today or next time. Paul: makes motion to accept these as CD. Ashish: Seconds the motion. No objections. Motion passes. ACTION: Asish and Paul need to make editorial changes to make the document look like CD. e. HTTP POST Simple Sign Profile http://www.oasis-open.org/archives/security-services/200609/msg00027.htm Jeff Hodges: Various editorial changes have been made. Primary technical change is to convey KeyInfo from XML DSIG. The diagram and description on page 10 was updated to make it more accurate. Clarified language to indicate that the binding is for a one-way message exchange. Hal: where does this stand? Scott: Will make some suggestions and possibly produce another draft. 5. Errata Review http://www.oasis-open.org/archives/security-services/200609/msg00030.htm Jahan: No changes since last time. All errata items have been addressed. Eve: Will make first attempt to CD'izing draft 35 of errata. 6. Open AIs #0264: Comment on "attribute-based federation" section Owner: Prateek Mishra Status: Open Assigned: 2006-08-28 Due: --- Eve: Put on the agenda and discuss it next time. #0263: NameID and the use of SPProvidedID Owner: Jahan Moreh Status: Open Assigned: 2006-07-18 Due: --- Status: Jahan will review and will inform chair of status. #0262: Creation of the "new" LDAP/X.500 profile Owner: Scott Cantor Status: Open Assigned: 2006-07-18 Due: --- Status: Still pending #0261: Chairs to contact GUIDE for follow-up Owner: Status: Open Assigned: 2006-07-18 Due: --- Staus: Closed. Eve: Could we have a discussion on this? Hal: Please post questions. #0240: Status of SAML 2.0 submission to ITU T Owner: Abbie Barbir Status: Open Assigned: 2005-11-08 Due: --- Status: Pending. Should wrap up in the next 2-4 weeks. Meeting adjourned at 13:20 EDT. Steve Anderson BMC Software Bhavna Bhatnagar Sun Microsystems Brian Campbell Ping Identity Scott Cantor Internet2 Heather Hinton IBM Frederick Hirsch Nokia Jeff Hodges NeuStar John Hughes PA Consulting Ari Kermaier Oracle Hal Lockhart BEA Systems, Inc Paul Madsen NTT Corporation Eve Maler Sun Microsystems Prateek Mishra Oracle Jahan Moreh Sigaba Bob Morgan Internet2 Ashish Patel France Telecom Rob Philpott RSA Security Tom Scavo National Center for Supercomputing Applications David Staggs Veteran's Health Admin Eric Tiffany IEEE Industry Standards Greg Whitehead Hewlett-Packard Company Thomas Wisniewski Entrust Attendance of Non-Voting Members Sharon Boeyen Entrust Carolina Canales-Valenzuela Ericsson Peter Davis NeuStar Chris Laskowski Booz Allen Hamilton Rebekah Metz Booz Allen Hamilton Anthony Nadalin IBM Attendance of Observers Michael Bowman Booz Allen Hamilton Greg Desmarais Sigaba Membership Status Changes Peter Davis NeuStar - Lost voting status after 8/29/2006 call Anthony Nadalin IBM - Lost voting status after 8/29/2006 call Chris Laskowski Booz Allen Hamilton - Granted TC Membership 8/30/2006 Andrew Sliwkowski RSA Security - Removed from TC 9/12/2006 Sharon Boeyen Entrust - Granted voting status after 9/12/2006 call Carolina Canales-Valenzuela Ericsson - Granted voting status after 9/12/2006 call Thanks, Jahan ------------------------ Jahan Moreh Chief Security Architect 310.288.2141
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]