atom feed3 messages in org.oasis-open.lists.security-services[security-services] Proposed Minutes ...
FromSent OnAttachments
Thomas HardjonoApr 11, 2014 11:49 am 
Nate KlingensteinApr 15, 2014 10:14 am 
Thomas HardjonoApr 28, 2014 8:22 am 
Subject:[security-services] Proposed Minutes for SSTC Telecon (Tuesday 15 April 2014)
From:Nate Klingenstein (nd@internet2.edu)
Date:Apr 15, 2014 10:14:17 am
List:org.oasis-open.lists.security-services

AGENDA:

1. Roll Call & Agenda Review.

2. Need a volunteer to take minutes.

Nate volunteered.

3. Approval of minutes from previous meeting(s):

- Minutes from SSTC Call on 18 March 2014:

https://lists.oasis-open.org/archives/security-services/201403/msg00009.html

Adding Roll Cal for 3/18/2014 Meeting:

Cantor, Scott Hardjono, Thomas Hirsch, Frederick Klingenstein, Nathan La Joie, Chad Lockhart, Hal Saldhana, Anil Young, Ian

Quorum was achieved.

The link to the minutes and the roll call were sent separately due to delays in
the OASIS email archiving system.

Quorum was achieved for this call as well. Chad moved to approve the minutes
and Hal seconded. There were no objections and the minutes were adopted.

Nate committed to write the overview portion of the SAML 2.1 specification
revision.

Chad has been looking at the other work that is necessary and coming up with a
general approach to doing the refactoring. He wants to ensure he starts in the
right place and then he'll begin transferring content from the original 2.0
documents to the new 2.1 documents and put out a working draft once he has
something in those new documents.

That will be the first round of effort. It will initially not read very well
because it will be copy/pasted material, but it will allow us to understand
whether the general approach is correct. Later rounds of effort will involve
clarifications, better text, and inclusion of approved errata.

The TC wants to re-emphasize that SAML 2.1 is purely a rewrite of the
specification to make it more intelligible for deployers. Conformance classes
may be re-examined, and other specifications published by the TC may be rolled
in to the document, and so forth. However, wire-level and schema compatibility
with SAML 2.0 will be guaranteed.

(d) Conceptual/overview of Metadata (Rainer Hoerbe) - Further Steps thread. Any updates?

https://www.oasis-open.org/apps/org/workgroup/security/document.php?document_id=50362

This document is intended as guidance. Rainer is not sure whether the SSTC is
the right place to publish a guidance document. Nate pointed out that
deployment profiles generally aren't standardized in the SSTC, but Hal noted
that overviews had been published by the SSTC in the past, could be published as
non-normative documents known as "committee notes".

Chad noted that some of the material might be valuable in the overview text of
the normative 2.1 metadata specification. Nate suggested that publication of
the document as it stands now would make sense, since a lot of the work that has
been done post-2.0 will be evaluated as to whether it should be rolled into the
2.1 documents anyway.

The process for approval and publication of a committee note is the same as the
process for specifications.

Rainer will get templates, put the document into proper form, and carry it
forward to the SSTC for initial approval voting.

(e) XSPA updates (Mohammad Jafari) - Any updates?

Mohammad wasn't present.

6. Other items: - Email from Jack Verhoosel - EU Standards using SAML2.0.

Nate lamented the lack of channels by which we could reach out to the deployment
community to be explicit about the intent and scope of the SAML 2.1 work and
suggested that we do the best with communication channels we have, such as
minutes.

Hal suggested reaching out in return to ask whether anything could be done to
help the EU deploy SAML 2.0.

7. Next SSTC Call: - Tuesday 29 April 2014

We look forward to speaking with you then.