[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes from the December 22, F2F Focus Group Call
Eve Maler Scott Cantor Frederick
Hirsch Mike MacIntosh Bob Morgan Tim Olsop --------------- 1. No focus
call on December 29, 2003!! 2. W-5a: LECP
proposal ACTION: (FH)
Update lecp-proposal-v4.pdf with ID-FF 1.2 schema changes ACTION: (FH)
update to respond to Tony's security questions but we need to ask Tony for the specific problem he had in mind. ACTION: Mike
McIntosh to post link to Thomas Gross analysis of artifact profile. ACTION: (FH)
Check with Liberty Interop for any problems that may
have arisen with actual use of LECP profile. Scott:
Original attack on LECP profile is based on issues having to do with the target of the POST from the client. This problem
is solved or obviated by use of meta-data describing the target of the POST and has
been captured in ID-FF 1.2. This is quite
different from the Thomas Gross vulnerability described in the conference
paper. Frederick
Hirsch: leads discussion on lecp-proposal-v4.pdf Scott Cantor:
Browser profile protocol flows need to be fully fleshed out; LECP is a special case or instance of these profiles. This may
depend upon W-5 - Profile Enhancements or a broader SOAP profile. We can defer this to the
next F2F. 3. W-6: Proxied SSO Scott: Input
solution requires privacy we need to figure out whether we need to generalize
this case where we do not need privacy. A second issue
has to do with "controls" over the proxy. This is a three party
situation: IdP, Proxy and
SP, so the question arises whether IdP can indicate to Proxy what is needed and whether the
Proxy can indicate its preferences. Next F2F we
should examine relationship to the overall browser profile profile
and this item. ACTION: (SC)
Request liberty contributors to send draft to SSTC dealing with second issue. 4. W-7:
Discovery Protocol Scott: Renamed
from introduction protocol to discovery protocol. ACTION: (SC)
Update based on replacement of hash of succint id by
literal provider id. Scott: The
protocol should be explicit about all encoding steps. 5. Issues
around SAML extensibility 6. Eve to
include editorial discussion on next conference call on January 6th. 7. Prateek to
send reminders to work item owners for January 6th conference call. Concerned
that we have 6 or 8 major work items without solution proposals at this
time. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]