OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Re: Minutes from SSTC Meeting (9 May 2023)

I also apologise for missing the call.

For the record, the SAML Session Profile depends on the use of cookies, but not third party cookies. The cookie is used to communicate the session identifier.

Hal


Virus-free.www.avg.com

On Wed, May 10, 2023 at 2:00âPM Nicole Roy <nroy@internet2.edu> wrote:

Sorry for missing, somehow this dropped off my calendar, I have re-added it.

Â

From: security-services@lists.oasis-open.org <security-services@lists.oasis-open.org> on behalf of Thomas Hardjono <hardjono@mit.edu>
Date: Tuesday, May 9, 2023 at 10:47 AM
To: OASIS SSTC <security-services@lists.oasis-open.org>
Subject: [security-services] Minutes from SSTC Meeting (9 May 2023)


Minutes from SSTC Meeting (Tuesday 9 May 2023)


(a) Roll Call:

Scott Cantor
Derek Fu
Thomas Hardjono

Quorum was not achieved.


(b) Notetaker:Â Thomas


(c) Discussion:Â W3C privacy WG & Browser related work

-- Some members of the SSTC noted that there has been some discussions around the W3C privacy work and the changes to browsers being proposed by some Browser Vendors.

-- Third-party cookies may affect browsers and privacy, but generally speaking cookies do not affect SAML-based SSO. However, changes to how cookies are handled in browsers *may* affect SAML Logout processes (difficult to say without knowing the exact changes to be proposed to cookies/browsers).

-- So far it seems that only Higher-Education deployments of SAML2.0 have indicated concern about the potential technical issues with changes to cookies/browsers. However, this may also impact commercial products.

-- The thought is that the SSTC should send a friendly note to the relevant W3C group, indicating some concern about potential breakages to the deployments of SAML2.0.

-- Scott agreed to craft some text and to post it to the SSTC mail-list for approval to then send to the W3C.




[End of Minutes]





---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]