[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] OASIS SSTC conference call minutes 01/27/2009
Paul Madsen wrote: > Scott's second AI is for the 'SessionNotOnOrAfter' attribute > > paul > > Paul Madsen wrote: > > OASIS SSTC conference call minutes > > 2009-01-27 > > Scribe: Paul Madsen > > > > --AI--: Scott to create CD version of 'SAML V2.0 Metadata Extension for Entity > > Attributes Draft 2' > > > > --AI--: Scott to propose wording for NotOnOrAfter attribute errata for core, > > send to list > > > > > > Roll Call & Agenda Review > > > > Attendees > > Voting Members ================================== Rob Philpott EMC Corporation John Bradley Individual Scott Cantor Internet2 Nathan Klingenstein Internet2 Bob Morgan Internet2 Tom Scavo National Center for Supercomputing Applica... Peter Davis NeuStar, Inc. Frederick Hirsch Nokia Corporation Srinath Godavarthi Nortel Paul Madsen NTT Corporation Hal Lockhart Oracle Corporation Brian Campbell Ping Identity Corporation Anil Saldhana Red Hat Kent Spaulding Skyworth TTG Holdings Limited Eve Maler Sun Microsystems Emily Xu Sun Microsystems Duane DeCouteau Veterans Health Administration David Staggs Veterans Health Administration Ari Kermaier Oracle Corporation Members ============== George Fletcher AOL Joni Brennan Liberty Alliance Project Quorum: 19 out of 22 voting members (86%) Membership Status Change: Eric Tiffany lost voting rights. Eric is replaced by Joni on the TC. > > > > 1. Minutes > > > > 1.1 Minutes from SSTC/SAML conference call January 13, 2009 > > http://lists.oasis-open.org/archives/security-services/200901/msg00029.html > > > > additions: > > http://lists.oasis-open.org/archives/security-services/200901/msg00030.html > > > > No objection to unanimous consent > > > > Approved minutes are archive message > > http://lists.oasis-open.org/archives/security-services/200901/msg00036.html > > > > 2. Announcements > > > > 2.1 Public Federal Register announcement of SAML standard in HC > > http://lists.oasis-open.org/archives/security-services/200901/msg00027.html > > > > DS: big step, announcement that the Sec of Human Health has accepted the HITSP > > recommendation, including TP20 > > > > Triggers legal obligations for federal agencies to use SAML. Next version will > > require use of additional OASIS standards, > > > > HITSP leadership has voted to approve XSPA profile of SAML, will be pushed out > > as requirement > > > > XSPA profile will be demoed at HIMSS > > > > David calls for participation from other TCs, e.g. WS-Trust and XACML > > > > HIMSS happens in 60 days > > > > 3. Document Status > > > > 3.1 SAML V2.0 HoK Assertion Profile (draft-09) > > http://lists.oasis-open.org/archives/security-services/200812/msg00026.html > > > > TS: I sent a summary email on Jan 20 to list. Interested should refer to that > > > > There was a SAML dev thread initiated by NZ Gov's Brett Beaument > > > > HoK Draft 9 is response to those comments. > > > > SC: is this draft 9 or 7? The link in the document in the agenda says 'draft > > 7'...? > > > > TS: thanks. Link that Hal put in the agenda is wrong > > > > Correct link is > > > > http://lists.oasis-open.org/archives/security-services/200901/msg00026.html > > > > 3.2 SAML Errata Working Document for SAML V2.0 - Working Draft 47 > > http://lists.oasis-open.org/archives/security-services/200901/msg00033.html > > > > SC: updated to move everything disposed of to closed list. Some discussion on > > last call that we might want to start a public errata review > > > > HL: lets save that for 4.3 > > > > 4. Discussion > > > > 4.1 Move SAML V2.0 Metadata Extension for Entity Attributes Draft 2 to CD? > > http://lists.oasis-open.org/archives/security-services/200901/msg00022.html > > > > SC: Brian had substantive comments earlier. > > > > BC: this is back to the attributes/full assertions..? > > > > SC: which option were you arguing for? > > > > BC: no preference, just not both. Goal is simpler implementation, but never > > works out > > > > SC: we are trying to make deployements easier, not implementation > > > > BC: I withdraw my objection > > > > > > SC: my feeling is to get it out there, > > > > SC: motion to move 'SAML V2.0 Metadata Extension for Entity Attributes Draft > > 2' to CD > > > > BC: second > > > > Vote approved by unanimous consent > > > > --AI--: Scott to create CD version of 'SAML V2.0 Metadata Extension for Entity > > Attributes Draft 2' > > > > 4.2 Potential Errata: Core description of SessionNotOnOrAfter insufficient? > > http://lists.oasis-open.org/archives/security-services/200901/msg00034.html > > > > RP: potential errata around interpretation of core spec on SessionNotOnOrAfter > > attribute. > > > > Suggest adding clarification as to how SessionNotOnOrAfter attribute > > should/must be interpreted by RPs. > > > > 3 approaches to RP processing rules > > > > 1) Core defines and profiles cant override > > 2) Core defines and profiles override > > 3) Core defers to profiles > > > > SC: agree that original language is lacking. Think that this attribute is > > pretty profile specific, shouldnt > > have processing rules in core. Therefore likes Option 3. > > > > RP: suggest adding text to core along the lines of 'interpretation of this > > attribute is profile specific' > > > > SC: I can add to next errata draft. > > > > AK: wondering if this is actually profile specific, rather than policy > > spefific at RP. RP can decide itself > > whether to rely on authentication once IDP session expired. We shouldn't ahve > > normative language restricting the RP's choice. > > > > RP: Web SSO profile does apply normative language. Need text in core pointing > > to such rules. > > > > --AI--: Scott to propose/add wording for next errata, send to list > > > > AK: what about session index? related? > > > > SC: session index and SessionNotOnOrAfter are linked, the SessionNotOnOrAfter > > attribute will be easier to deal with if vague > > in core. Profiles define behaviour. Might imply an errata for the Web SSO > > profile around this. > > > > 4.3 Other Potential Errata and Errata Planning > > > > SC: not aware of any other errata in the pipeline. > > > > HL: so, next steps? We can do a new errata. Cant be sure we wont see some new > > errata tomorrow but thats always the case > > > > SC: I have a long standing action item on one, but not sure when I will tackle > > it. The metadata profile I was working on > > might produce an errata. Regardless, I suggest get another errata draft out > > now without the above, review the possibility of adding in at next call. > > > > 5. Other business > > > > HL: no AOB > > > > 6. Action Items (Report created 26 January 2009 08:59pm EST) > > > > > > #0332: Revise Query Extension for SAML AuthnReq > > Owner: Sampo Kellomki > > Status: Open > > Assigned: 2008-05-19 > > Due: --- > > > > closed > > > > #0333: Publish a new revision of Profile for Use of DisplayName in OASIS template > > Owner: Sampo Kellomki > > Status: Open > > Assigned: 2008-05-19 > > Due: --- > > > > closed > > > > Adjourned > > > > > > Hal > > -- > > Paul Madsen > > e:paulmadsen @ ntt-at.com > > p:613-482-0432 > > m:613-282-8647 > > web:connectid.blogspot.com > > ConnectID <http://feeds.feedburner.com/%7Er/blogspot/gMwy/%7E6/1> > > -------------------------------------------------------------------------------- > > > > No virus found in this incoming message. > > Checked by AVG. > > Version: 7.5.552 / Virus Database: 270.10.14/1918 - Release Date: 27/01/2009 7:26 AM > > > > -- > Paul Madsen > e:paulmadsen @ ntt-at.com > p:613-482-0432 > m:613-282-8647 > web:connectid.blogspot.com > ConnectID <http://feeds.feedburner.com/%7Er/blogspot/gMwy/%7E6/1> >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]