comments to the list please.

=JeffH

============================================================================ SSTC/SAML concall Tue Jun 2 09:12:38 PDT 2009

----------------------------------------------------------------------------

Hal Lockhart presiding

Minutes by Jeff Hodges (=JeffH)

NOTE: next TC concall/meeting is Tue 30-Jun-2009

AI summary

------------

AI -- Scott Cantor to post affirmation to list of no comments in public review on those docs

AI -- Tom Scavo to assemble list of comments from PR on the two HOK docs and begin processing them

AI -- Charis to make request noted in Motion 2.

AI -- Dwayne to add a page for the XSPA page in the SAML wiki

Motions Passed

--------------

1. Moved to re-affirm these specs as CD due to passing public review with no comments.. SAML V2.0 Attribute Extensions Version 1.0 SAML V2.0 Metadata Extension for Entity Attributes Version 1.0 SAML V2.0 Metadata Interoperability Profile Version 1.0

2. Moved to request TC Admin to launch an electronic ballot to move the docs from Motion 1 to CD maturity level.

3. Moved to move modified XSPA profile to CD

4. Moved to have a 15-Day review of revised XSPA profile (xspa-saml-1.0-pr02.doc version 1) due to there being no substantive changes.

5. Moved to sstc-saml-approved-errata-2.0-draft-49 to CD, confirmed changes therein are not substantive, and to proceed to 15-Day public review.

http://lists.oasis-open.org/archives/security-services/200906/msg00005.html (with corrected meeting attendance)

prior minutes duly approved by unan consent.

getting a Jira instance for SSTC.)

Scott Cantor (sc): did talk to her, she said "no problem, you don't do anything, I just create it...". So SC will tug her sleeve again.

Nate Klingenstein (nk): wrt pub review, had long disc wrt changes they could/should make to HOK, how does that affect ? review, did I miss anything?

Tom Scavo (ts): didn't miss anything, need to compile comments on the docs, yes?

Hal Lockhart (hl): ques is whether we need to do short or long subsequent reviews, but in any case need to compile all the comments w/sources and such

sc: at least two or three docs didn't rec any comments..

hl: docs need to be re-affimed as CDs

sc: next step is to ask for vote for CS, yes?

hl: yes

sc: let's do that today since calls are infrequent?

don't recall any comments on any but the delegation restriction one. that one is on hold until can produce new WD of it

wrt #2, 5, 6 in the above-referenced message -- no comments on them? SAML V2.0 Attribute Extensions Version 1.0 SAML V2.0 Metadata Extension for Entity Attributes Version 1.0 SAML V2.0 Metadata Interoperability Profile Version 1.0

sc motion: move to reaffirm above as CD modulo received no comments on them

Jeff Hodges (jh): second

[no objection to unanimous consent to motion -- passed]

AI -- SC to post affirmation to list of no comments in public review on those
docs

AI -- ts to assemble list of comments from PR on the two HOK docs and begin processing them

sc motion: req tc admin to conduct elec ballot to move the 3 docs to CS maturity level

ts: 2nd

[pass w/unan consent]

AI -- chairs, begin process on above listed docs

on elliptic curve http://lists.oasis-open.org/archives/security-services/200904/msg00012.html

hl: still not too late to comment.

sc: dtds are gone

hl: still debating elliptic curve, thus not to late to comment.

hl: nope, next call is 30-Jun (!!)

Kyle of drummond group: nxt IOP for SAML is 14-Jul-2009, registration is still
open

specs in the pipeline and approximate date for first drafts.

[worked down SAML Wiki page: <http://wiki.oasis-open.org/security>]

ts: noted general request that someone add a page for the XSPA page in the wiki,

AI -- Dwayne to add a page for the XSPA page in the SAML wiki

hl: OASIS BoD have debated at length non-implementable (informational?) docs, so have to work in framework, this applies to Tech Overview -- any objection to putting the latter into Pub Review at any point? will leave in case anyone wants to champion it, can attach to future pub review...

jh: what about simplesign?

sc: there's comments in queue on it, no cycles for it now.

sc: impl'd by two as-specificed, not sure about AOL's impl, not aware of other impls

hl: so no intent to progress at this time, not

hl: wrt token card profile

sc: on hold for IMI TC work

hl: SAML V2.0 Holder-of-Key Assertion Request Profiles

sc: active & moving fwd. there's a opengroup doc that depends on it, have public comments on it, intend to move forward

hl: Level of Assurance Authentication Context Profiles for SAML 2.0 status of draft 2 from march?

[no answer]

sc: is this one that's on agenda as another doc? is this one Paul just posted? that's paul's doc

hl: this is actively being progressed.. sounds like we have 3 or 4 that will be ready for pub rev "soon"

any other profiles to propose soon?

fredrick hirsch (fh): there might be something more, can't say just yet....

david staggs (ds): public comment period on this doc ended on 13-Mar, analyzed all comments, made approp updates, discussed cmts at last meeting, have spreadsheet for all 34 comments, have changes for comments, there's lots of interest in XSPA (calling from Healthcare SOA comments and will be talking about the spec on Thu this week)

want to propose a motion to move doc forward. last update was recently posted.

would be helpful to do vote today due to infrequent TC calls these days.

ds: motion to move modified XSPA profile to CD (would be CD2 rev)

dwayne: 2nd

hl: any objs

[motion passed by unan consent]

hl: can get by w/short pub review. 15-day

ds: is cd2 a "major change" from cd1 ?

hl: term is "substantive changes"....

ds: don't believe made "substantive changes"....

hl: [eads process para on this] e.g. schema changes are substative, else judgement call

will entertain motion to have 15-day review, comments are limited to the changes only, and is judgement of tc that haven't made substan changes

so moved by DS, 2nd Dwayne

hl: any obj's ?

[motion passed by unan consent]

hl: expectation is that you create a diff -- do CD version, and diff with prev
CD let hl know when done that. then hl will contact Mary.

enumeration of changes may be sufficient. e.g. just put spreadsheet in repository, send hl links to new CD version and spreadsheet.

ds: have source file with "tracking" turned on....

hl: paul not on call ... any comments on above?

RLBob Morgag (rlm): propsal on email in last week or so, add to this doc a new notion that in addition to being able to express LOA using AC, a metadata publisher say can express that an IDP has been "vertified" to use a particular profile, using attrs from the attrs-for-metadata draft

see..

http://lists.oasis-open.org/archives/security-services/200905/msg00013.html

have heard from other members of their federation that this would be a good
thing.

john bradley (jb): this isi the "why should i trust you" problem...

rlm: yes, essentially. metadata signing addresses this, but folks wishing for more explicit attestation

hl: how does this work?

sc: have an assnertion (assn) about entity, has attribute (attr) in it, attestation, can do anything you want with assn of course, is just a common claim one can reference. this would be another saml-tc-defined attr

hl: a reg attr statement can refer to any system entity. this one is particular to an entity that issues assns

sc: yes, not a big deal

rlm: paul supported it on list

jb: provides for IC and other RPs to adopt it (by doing it here)

rlm: usual nitpicking wrt actual attr name...

sc: may want to do something similar to orig saml attr work. sc is fine with this proposal

sc: anyone doing errata shud do all this in parallel, rather than waiting to end. tried to emulate ELM's example, hopefully essentially equivalent

used 49 as increment number to try to keep it consistent

removed refs to non-normative redlined spec

altered lang that there _may_ be redlined specs available

otherwise is just a sync up with working draft.

hl: can put info wrt errata in wiki?

AI - SC to put in wiki info wrt making errata process easier

hl: do you have list of what orig specs are being altered by this errata?

sc: every normative doc we pub'd as orig spec...

hl: tc process reqs us to supply doc that proposes changes, and optionally provide mod'd specs incorp'g errata

sc: doing the latter is burdensome

hl: need to formulate motion to see that boiler plate fixes are made... in order to proc approved errata, need doc w/ "corrections". we would need to vote -49 to CD, 2nd vote to confirm that corrections do not constitute substan change, 3d vote to 15-day pub review, 4th full-majority vote to replace the existing errata doc

today, can do first 3 things.

entertain motion to do all first three things (noted above). all these errata items we process

sc: so moved

jh: 2nd

hl: any obj's?

[motion passed by unan consent]

hl: any more to be said on this?

sc: trying to get the xmlsec wg to do a simplesign-like thing, that's where question comes in

hl: any discussion wrt recent threads on saml-dev and comments@ lists?

[silence, none]

[see summary at beginning of these minutes for AIs opened during this meeting]

[meeting adjourned]