Oasis Security Services TC Face to Face #4 Minutes ============================================================================= The fourth SSTC Face-to-Face meeting (F2F #4) was held 27-29 August 2001 in Waltham, MA, USA. Minutes recorded by Gil Pilz, Gavenraj Sodhi. Distilled by Joe Pato. Updated by Jeff Hodges (on 20-Sep-2001) ============================================================================= These minutes represent the formal decisions taken and actions assigned during the meeting of 27-29 Aug 2001. This document is available as.. http://www.oasis-open.org/committees/security/minutes/SSTC-F2F-4-Minutes-00.txt Sections: Informal "raw" F2F#4 minutes Related F2F #4 documents & presentations Notation MINUTES ============================================================================= Informal "raw" F2F#4 minutes are available in the SSTC minutes repository in these files.. http://www.oasis-open.org/committees/security/minutes/SSTC-F2F-4-Notes-Pilz-2001-08-27.doc http://www.oasis-open.org/committees/security/minutes/SSTC-F2F-4-Notes-Pilz-2001-08-28.doc http://www.oasis-open.org/committees/security/minutes/SSTC-F2F-4-Notes-Pilz-2001-08-29.doc http://www.oasis-open.org/committees/security/minutes/SSTC-F2F-4-Notes-Sodhi-2001-08-27-29.doc http://www.oasis-open.org/committees/security/minutes/SSTC-F2F-4-Sodhi-BobBDrawing.vsd http://www.oasis-open.org/committees/security/minutes/SSTC-F2F-4-Sodhi-SAMLDrawing1.vsd http://www.oasis-open.org/committees/security/minutes/SSTC-F2F-4-Sodhi-Ticket.vsd ============================================================================= Related F2F #4 documents & presentations... Bob Blakley F2F #4 Workitems http://www.oasis-open.org/committees/security/minutes/SSTC-F2F-4-Blakley-Workitems.ppt Contains these subsections on these topics: SAML “SenderVouches” SubjectConfirmation Method: A Proposed Alternative to Bindings 0.5 Proposals SAML Trust Models Semantics of SAML Subject Information Receipt of Currently Invalid Assertions Shibboleth: How It Relates to SAML (Marlena Erdos) http://www.oasis-open.org/committees/security/minutes/SSTC-F2F-4-Erdos-ShibbAndSAML.ppt SAML Conformance Sub-Group Report (Robert Griffin) http://www.oasis-open.org/committees/security/minutes/SSTC-F2F-4-Griffin-ConformReport.ppt Security Considerations (Jeff Hodges) http://www.oasis-open.org/committees/security/minutes/SSTC-F2F-4-Hodges-SecurityConsiderations.ppt Dynamic Sessions (Hal Lockhart) http://www.oasis-open.org/committees/security/minutes/SSTC-F2F-4-Lockhart-DynamicSessions.ppt Extensibility Techniques for SAML Assertions (Eve Maler) http://www.oasis-open.org/committees/security/minutes/SSTC-F2F-4-Maler-ExtensibilityTechniquesForSAMLAssertions.ppt Microsoft Presentation on Kerberos/Passport/SAML (Doug Bayer & Paul Leach) (1.7MB .zip file) http://www.oasis-open.org/committees/security/minutes/SSTC-F2F-4-MS-Kerberos-Passport-SAML.zip (2.8MB .ppt file) http://www.oasis-open.org/committees/security/minutes/SSTC-F2F-4-MS-Kerberos-Passport-SAML.ppt ============================================================================= Notation... The following notations are used throughout the MINUTES below: · votes are marked: [Vote] · agreements without a formal vote are marked [General Consensus] · actions are marked: [Action - ] if the owner is TC, then this action is for all TC members ============================================================================= MINUTES... Monday, 27 Aug 2001 ------------------- 8:30 - 9:00 Meet and greet; continental breakfast 9:00 - 9:30 Administrative (Joe) Call to order Roll call - attendance at end of minutes. Quorum was not reached until 9:30 when Irving Reid arrived. Until quorum was reached, we proceeded with the binding subgroup report as a focus group. When quorum was reached we completed the approval and review of agenda. [VOTE]: Approve minutes of previous meeting - No objections [VOTE]: Review and approve agenda - No objections 9:30 - 10:15 Binding Subgroup Report (Prateek) Scope, Binding vs. Profile, Process framework for registering bindings, Contents of Bindings Report 10:15 - 10:30 Break 10:30 - 12:00 Binding issues discussion Web Browser Profiles for SAML (Prateek) 12:00 - 1:15 Lunch 1:15 - 3:00 Binding issues discussion (cont.) 1:15 - 2:00 Shibboleth Flows and Structures (Marlena) 2:00 - 3:00 SOAP Profile for SAML (Prateek) 3:00 - 3:15 Break 3:15 - 4:30 Continuation of SOAP Profile for SAML 4:30 - 5:30 Kerberos Authentication & SAML & Soap use of SAML (Doug Bayer & Paul Leach) 6:00 - 7:00 Break for day 7:00 - 9:00 Group Dinner Tuesday, 28 Aug 2001 --------------------- 8:30 - 9:00 Continental breakfast 9:00 - 9:30 Administrative (Joe) Review of, and tweaks to, the Agenda for this second day Summary of findings/observations from previous day 9:30 - 10:30 SAML / SOAP / Kerberos [Action - Paul Leach]: Look at current SAML web browser profile and provide comments for changes, additions. [ACTION - TC]: a SAML/Kerberos integration discussion group will be created - send mail to Joe to join him (by 9/14) Charter for this group: 1) Web Browser profiles and integration with Kerberos 2) SOAP Security Architecture model 3) Trust Model 10:30 - 10:45 Break 10:45 - 12:30 Binding issues (cont.) (Prateek.) HTTP Binding for SAML SOAP Binding for SAML [ACTION - Phil]: agreed, the core spec will state that all elements need to explicitly call out the SAML namespace. Phil to make changes. [General Consensus]: we need more investigation on the issue of whether we should register a new SAML MIME type. No owner assigned - defaults to Prateek. 12:30 - 1:30 Lunch 1:30 - 2:30 XML Style issues (Eve) [ISSUE - Phil] We need to add an issue that deals with blocking the substitution of various core SAML elements. [resolved schema core-16] [General Consensus]: native elements should have native constructs. Non-native elements do not get their own elements. [General Consensus]: every element should be global. 2:30 - 4:30 Core Assertions (Phillip) [Action - Hal]: to write scenarios (and / or provide definitions) for how NameIdentifier is used (e.g., when it is in SubjectConfirmation to identify an assertion vs. when it is used to represent the assertion referent) [Action - Marlena]: to write up use of artifacts for queries [Action - Irving]: Multiple NameIdentifiers are dangerous - Irving to write up proposal. [Action - Marlena]: to write a proposal to create another Web Browser profile that retrieves an Attribute Assertion rather than an Authentication Assertion. [Action - Simon]: write a concrete proposal that outlines the change to the nature of the authorization query. [Action - Phil]: Will produce a core-16 that just contains the notional and twiddles before any major changes to schema and protocols. [Action - Charles]: To write a concrete proposal that would allow Authorities to provide helpful info about why certain requests failed. This would be really helpful during initial deployment when you can't figure out why things aren't working. This could/should be turned off in production. 4:30 - 5:00 "Closed issues" review (Hal) 3:00 - 3:15 Break 3:15 - 5:00 Open Issues discussion (Hal) 5:30 Break for the day Wednesday, 29 Aug 2001 ---------------------- 8:30 - 9:00 Continental breakfast 9:00 - 9:15 Administrative Review of, and tweaks to, the Agenda for this third da Summary of findings/observations from previous day 9:15 - 11:15 Issues [Action - Hal]: to take all the proposed closed issues (green) and send them out for ratification at the next concall. [Completed 8/31 - ratification awaiting next concall with quorum] [Action - TC]: Next two weeks open season on remaining issues. If an issue does not have a sponsor (a SSTC voting member) by Friday 21 September then it will be moved to "not addressed in SAML 1.0". Sponsor is responsible for driving issue to conclusion. [Action - Gil]: [DS-6-01:Nested Attributes] Not sure how SAML could address this Issue Champions: [Action - Tim]: First Contact - will write up what can be done with the current design. [Action - Irving]: to investigate and write up WAP limits [Action - Prateek]: Lookup by artifact: Agreed that he should submit a detailed proposal to the Core outlining specific changes to specific sections. Includes new request-response protocol not currently defined in HTTP binding [Action - Prateek]: "Security properties of Assertion Handle" (Bob Blakley to act as reviewer). [Action - Prateek]: This is an editorial issue about the names of profiles. Prateek to revise current document. [Action - Gil]: To make a proposal on the mandatory use of HTTPS [Action - Jeff]: threat model discussions to be removed from the bindings doc - but rationale preserved somewhere in SAML documents. [Action - Don]: Smart client profile - develop a proposal [Action - Prateek]: Push profile / use case to be dropped from document (Paul Leach's claim that this would assist SAML/Kerberos integration was never developed - Paul to present this case if he wishes to re-instate this profile) [Action - Hal]: Agrees to create a proposal that indicates why we should minimize the number of profiles, specifically "Form POST". [Action - Don]: to elaborate the number of 1-1 relationships and propose how to fix the resulting scaling issues. [Action - Hal & Bob B]: Artifacts are bearer instruments, Assertions are not [Action - Marlena]: SHIB desires 00-02 artifact type (anonymous user & attribute assertions - non personal identifiable info) core design issue. [Action - Bob B & Marlena]: in Core doc to correspond to Artifact [Action - Prateek]: Oracle attacks WRT SOAP Profile [Action - Bob B.]: Return of not current valid assertions to RP (e.g. post dated) [Action - Prateek]: Should the Bindings Group select either the HTTP or SOAP protocol bindings for inclusion in the final spec? [Action - Prateek]: Should the SOAP binding address the issue of intermediaries - generate proposal for how 10:30 - 10:45 Break 11:15 - 11:45 Sessions (Hal) 11:45 - 12:45 Lunch 12:45 - 1:15 Conformance (Robert) 1:15 - 2:00 Security Considerations (Jeff) [Action - Chris McClaren]: will champion the sec-consider-xx issues and drive this subprocess. 2:00 - 3:00 Review Issues, next steps, administrivia (Joe) [Action - Marlena, Eve, Bob, Hal]: Forward presentation slides 2:30 - 3:00 Open Discussion on Versioning [Vote]: SAML will use explicit version attributes rather than rely on XML Namespaces to contain version info. [No objection] [Action - Chris]: to write-up versioning strategy and distribute to mailing list [done Aug 30] 3:00 Adjourn Items deferred from the agenda due to constraints: Implementation / Interop discussions (Jeff?) xml-DSIG usage by SAML --- end