OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes (with attendance) for 08/28/2007 call

 >
 > Proposed Agenda SSTC Concall, August 28, 2007
 >
 > Dial in info: +1 865 673 6950
 > Access code: 270-9441#
 >
 > Roll Call & Agenda Review

17/23 voting members present, quorum achieved

Attendance of Voting Members

  Steve Anderson BMC Software
  Abbie Barbir Nortel
  Brian Campbell Ping Identity
  Carolina Canales-Valenzuela Ericsson
  Scott Cantor Internet2
  Frederick Hirsch Nokia
  Hal Lockhart BEA Systems, Inc
  Paul Madsen NTT Corporation
  Bob Morgan Internet2
  Anthony Nadalin IBM
  Rob Philpott EMC Corporation
  Anil Saldhana Red Hat
  Tom Scavo National Center for Supercomputing Applications
  David Staggs Veteran's Health Admin
  Lakshmi Thiyagarajan Hewlett-Packard Company
  Eric Tiffany IEEE Industry Standards
  Emily Xu Sun Microsystems

Attendance of Non-Voting Members

  Jeff Hodges NeuStar
  Ari Kermaier Oracle
  RJ Schlecht MISMO
  Kent Spaulding Tripod Technology Group

Membership Status Changes

  Nick Pope Thales eSecurity Ltd. - Member account deactivated 8/20/2007
  RJ Schlecht MISMO - Granted membership 8/27/2008
  Kent Spaulding Tripod Technology Group - Granted voting status after 
8/28/2008 call
  Conor P. Cahill Intel - Lost voting status after 8/28/2007 call
 >
 > Paul volunteered to take minutes previously but was unable to take them
 > last time.)

Paul will minute

 >
 > 1. Approve minutes from August 14 (corrected)
 > 
http://lists.oasis-open.org/archives/security-services/200708/msg00037.html

Hal noticed slight error in minutes, docs aren't becoming OASIS 
standards, rather the ballot to submit them will happen soon

Approved

 >
 >
 > 2. Administrative
 >
 > 2.1 Liberty Alliance F2F Interoperability Workshop September 19-21, 2007
 > http://lists.oasis-open.org/archives/security-services/200708/msg00032.h
 > tml

Announcement posted to list

Eric encourages people to come discuss IOP profiles, follow link on 
above message

2.2 Additional matter

Carol Geyer found a reference to ANSI endorsing SAML for US eGov 
authetication? anybody have any insight


 >
 > 3. Document Status
 >
 > 3.1 Docs on their way to OS
 > 3.1.1 Metadata Profile for the OASIS Security Assertion Markup Language
 > (SAML) V1.x
 > 3.1.2 Metadata Extension for SAML V2.0 and V1.x Query Requesters
 >
 > Ballot held up awaiting clarification of IPR issues relating to
 > NCSA/GridShib statement of use. No problem seen.
 >
 > Ballot will start in the next day or so. Please vote.
 >
Nothing to do with IP. Original concern was whether or not attestation 
statement from GridShib was OK, issue resolved

Hal was expecting ballot to have already started, will be soon

Need majority of voting members, please vote

 >
 > 3.2 Docs pending public review
 > 
 >
 > *SAML V2.0 Attribute Sharing Profile for X.509 Authentication-Based
 > Systems
 > *SAML V2.0 Deployment Profiles for X.509 Subjects
 > *Identity Provider Discovery Service Protocol and Profile
 > *SAMLv2.0 HTTP POST "SimpleSign" Binding
 >
 > TC was to review conformance clauses. Vote to CD and Public Review (15
 > day) now in order.
Conformance sections added as per OASIS requirements.

Rob asks which docs are we talking about, Hal point to 4 docs above

Tom asks for clarification as to 15 day review vs 60. Not all docs have 
gone through first review

Scott not sure he has actually added Conformance Clause to "Identity 
Provider Discovery Service Protocol and Profile". Tom says is is there,

"Identity Provider Discovery Service Protocol and Profile" & "SAML V2.0 
Deployment Profiles for X.509 Subjects" have not gone through review 
yet, they will need 60 day review

Rob confirms that CD vote & public review require full majority

Scott moves that all 4 docs be moved to CD, Abbi seconds

No objections, unanimous consent

Rob moves "SAML V2.0 Attribute Sharing Profile for X.509 
Authentication-Based Systems" & "SAMLv2.0 HTTP POST "SimpleSign" 
Binding" to 15 day PR, Abbi seconds

Tom moves "Identity Provider Discovery Service Protocol and Profile" & 
"SAML V2.0 Deployment Profiles for X.509 Subjects" to 60 day PR, Abbi 
seconds

No objections, unanimous consent

All docs must be updated to reflect CD status as of today

AI: Editors to update docs to CD

Tom clarifies that his 2 docs erroneously labelled as CD, what to do?
Leave number the same, but replace in Kavi

 >
 > 4 Discussions
 >
 > 4.1 SAML metadata lifecycle issues
 > http://lists.oasis-open.org/archives/security-services/200708/msg00031.h
 > tml
Eve started the thread, Eve not present.

Emily from Sun explains that Sun customers were asking what happens when 
keys in metadata expire or need to change. How to notify SPs that 
metadata needs to be updated? What if SPs cant update? etc Its ot just 
aout keys, also end points etc. Sun has two proposals, reactive & 
proactive. Sun looking for SSTC guidance.

Scott agree we need improved material & product support - disagrees with 
some pieces of original Sun proposal

Scott would favour reduced emphasis on PKI & certs within metadata. 
Agrees that work is relevant, but scope of work may lie beyond SSTC as  
convergence across identity systems may happen around metadata.

Current model is static & manual. difficult to drive real deployments 
whenever happends out of band. Emily agrees.

Hal suggests two kinds of issues, 1) about the contents of metadata, ie. 
not publish specific keys, rather trust root. Scott says not possible 
(try encryption :-)) Ari agrees 2) how to handle ongoing updates,

Scott likes proactive model vs reactive.

Hal asks way forward.

Scott willing to participate, will create list of topics, then we can 
categorize them

RL Bob mentions possibility of conformance. Rob is cautious, in 
enterprise environments, metadata not used past import. Wouldnt want 
conformance to stipulate requirements for update etc. Scott suggest 
profiles as way around the issue,

AI: Scott will work on possible errata for multiple key descriptors in 
metadata

Scott adds that some issues may overlap with those likely to be 
discussed in the XML Signature Workshop. Implementors may want to fid 
out about workshop
 >
 >
 > 4.2 Proposal for extensions to Authentication Context
 > 
http://lists.oasis-open.org/archives/security-services/200708/msg00038.html

Hal posted email from Giles, update is that there is agreement that some 
work should happen in SSTC. Giles is workig on membership mechanisms. 
Hal has had some discussions already with Giles.

Hal encourages people to read Wiki page.

 >
 > 5 Other business

Jiles not Giles :-)

 >
 > 6 Action Items
 >
 > #0283: Change final arrows to solid in Tech Overview diagrams
 > throughout.
 > Owner: Paul Madsen
 > Status: Open
 > Assigned: 2007-03-27
 > Due: ---
open
 >
 > #0304: Incorporate appropriate use of LDAP language tags in new LDAP
 > attr profile
 > Owner: Scott Cantor
 > Status: Open
 > Assigned: 2007-08-23
 > Due: ---
open
 >
 > #0305: Prepare final version(s) of the SAML v2.0 Errata document
 > Owner: Abbie Barbir
 > Status: Open
 > Assigned: 2007-08-23
 > Due: ---
open

-- 
Paul Madsen             e:paulmadsen @ ntt-at.com
NTT                     p:613-482-0432
                        m:613-302-1428
                        aim:PaulMdsn5
                        web:connectid.blogspot.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]