Minutes, SSTC Concall, Feb 26, 2008

[Anil Saldhana <Anil.Saldhana@redhat.com>]

Roll Call & Agenda Review

Voting Members:
Hal Lockhart  	BEA Systems, Inc.  	
Rob Philpott 	EMC Corporation 	
Scott Cantor 	Internet2 	
Bob Morgan 	Internet2 	
Eric Tiffany 	Liberty Alliance Project 	
Tom Scavo 	National Center for Supercomputing Applica... 	
Peter Davis 	Neustar, Inc. 	
Jeff Hodges 	Neustar, Inc.	
Frederick Hirsch Nokia Corporation 	
Paul Madsen 	NTT Corporation	
Ari Kermaier 	Oracle Corporation 	
Brian Campbell 	Ping Identity Corporation	
Anil Saldhana 	Red Hat 	
Emily Xu 	Sun Microsystems 	
Kent Spaulding 	Tripod Technology Group, Inc. 	
David Staggs 	Veterans Health Administration 	

Members: None
Observers: None

16 out of 21 Voting Members - Quorum Achieved

Membership Status Change
Lost Voting Status - Abbie Barbir(Nortel), Eve Maler (Sun) and Charles 
Knouse (HP)

Scott Cantor requested that at the end of each rollcall (future 
meetings), the observers need to be reminded that they cannot speak or 
make comments during the meeting.

Need a volunteer to take minutes
Anil Saldhana

1. Approve minutes from Feb 12, 2008
http://lists.oasis-open.org/archives/security-services/200802/msg00009.html

Approved

Administrative:
Hal talks about Oasis IDTrust Steering Committee sponsored IDTrust08 
workshop at NIST.
    - TC members (SAML and XACML) speaking at the conference.
    - The chairs have received a preview proposal from Internet2 on SSO 
profile using TLS (Order of Key).

3. Document Status

3.1 Five specs finished public review and are [slowly] on their way to CS

No public comment during review but some necessary minor changes

* SAMLv2.0 HTTP POST "SimpleSign" Binding
- Had/has broken references

*Identity Provider Discovery Service Protocol and Profile
?

* SAML V2.0 Attribute Sharing Profile for X.509 Authentication-Based Systems
?

* SAML V2.0 Deployment Profiles for X.509 Subjects
- Needs a minor change to the terminology previously introduced in the
conformance section

* SAML V2.0 LDAP/X.500 Attribute Profile
- Need to add Mark Wahl as a contributor.


Brian: Not much public comment. Need some necessary minor changes.
Brian: Not aware of any issues associated with some profiles; hence 
marked as ?
        -- Need to move these drafts into community drafts.
        -- Mark Wahl needs to be added in the appendix.
        -- Next week, we need to have a CD vote.

Hal: We can do the voting as a batch.

Tom: Is there a need for fresh uploads of these documents?
Hal: If there are no changes, then they can be left as committee drafts.



3.2 Technical Overview
http://www.oasis-open.org/committees/download.php/25411/sstc-saml-tech-overview-2.0-draft-14.pdf

Much discussion:
http://lists.oasis-open.org/archives/security-services/200802/msg00005.html
+ msgs 12-26
Where do we stand?

Brian: No clear agreement/disagreement.
Tom: No changes have been yet made.
     -- I will incorporate Frederick's comments.


3.3 Subject-based Profiles for SAML V1.1 Assertions
http://lists.oasis-open.org/archives/security-services/200801/msg00003.html
and definition of "strongly matches"
http://lists.oasis-open.org/archives/security-services/200801/msg00025.html
[still] Awaiting further discussion.

Brian: Things have been pretty much silent.  Very little discussion 
happened.
Tom: Uploaded Draft 2 this morning.
      -- Two changes - motivating text in introduction and definition of 
strongly matches.
      -- Close to completion.
 From Tom's email:
http://www.oasis-open.org/apps/org/workgroup/security/download.php/27337/sstc-saml1-profiles-assertion-subject-draft-02.pdf
http://www.oasis-open.org/apps/org/workgroup/security/download.php/27338/sstc-saml1-profiles-assertion-subject-draft-02-diff.pdf


"I added some motivating text to the Introduction (along the lines of
what Brian asked about) and added a working definition of "strongly
matches" in section 2.5.  Much of the remaining profile depends on
this definition, so if you're okay with that (as Scott pointed out),
then the rest of the profile follows easily."

Brian: Encourage everyone to take a look.


4 Errata

4.1 (AI#311) Additions/Adjustments to PE65 Second-level StatusCode

http://lists.oasis-open.org/archives/security-services/200802/msg00027.html

Abbie is handling this.
**Scott has volunteered to maintain the errata document.**


5 Other business

Silence.


6 Action Items (Report created 25 February 2008 04:28pm EST)

#0323: Make errata on orig spec with correct reference in place of
draft-mealling-uuid-urn-05.txt
Owner: Jeff Hodges
Status: Open
Assigned: 2008-02-11
Due: 2008-03-11

Scott will take care of this.  Reassigned to Scott.


#0311: Propose specific document changes required for PE-65
Owner: Scott Cantor
Status: Open
Assigned: 2007-10-23
Due: 2008-03-11


Call Adjourned








-- 
Anil Saldhana
Project/Technical Lead,
JBoss Security & Identity Management
JBoss, A division of Red Hat Inc.
http://labs.jboss.com/portal/jbosssecurity/