SSTC Conference Call Minutes

SSTC Conference Call Minutes

Tuesday 1 May 2012, 12:00pm ET

1. Roll Call

[insert]

Quorum achieved

2. Need a volunteer to take minutes.

David Staggs offered to record the minutes

3. Approval of minutes from previous meeting(s):

Minutes from SSTC Call on 3 April 2012 were approved by unanimous consent:

from SSTC Call on 17 April 2012 are attached by unanimous consent:

AIs & progress update on current work-items:

(a) No current electronic ballots.

(b) No status/notes regarding past ballots.

(c) Metadata Extensions for Registration & Publication Info (Chad)

- Information on the publication date will be available soon.

(d) Metadata Extensions for Login and Discovery User Interface (MDUI) (Scott)

- MDUI has been published. TC-Admin #896

(e) SAML2.0 Approved Errata (Scott)

- No comments received. Scott proposes voice vote to approve errata at next meeting.

(f) SAML 2.0.1 and Security Considerations doc

- Long discussion on plans.

Main points:

Clean-up of 2.0.1 and Security Considerations doc: incorporate material from errata.

Address the “Simple SSO” profile where IdP initiates an unsolicited exchange. Hal: must address how IdP knows which SP to point to. Scott: could include SP in the request to IdP to initiate exchange. The profile would bypass the discovery step and SP would not have to generate SAML token but still need discussion on security implementations.

Consensus for changes to 2.0.1.Scott volunteered to start WIKI page of the topics that would be added into the core documents for 2.0.1. Some outreach to KantaraFederation and Interoperability group, e.g. IdP generated SSO would be beneficial. There are several candidate changes Scott will organize on the WIKI for review and discussion including updates to profiles, bindings and core documents.

- AI: Scott to start WIKI page.

(g) SSTC Webinar:

- Thomas proposed discussion after WIKI is set up and the proposed 2.0.1 changes are discussed. The proposed changes would be included in the content for the Webinar on the SSTC. Initial topics could include extensions, simplified SSO, errata, etc.

(h) Enhancement for Dynamic Attribute Queries (David Chadwick)

- Discussion deferred until David Chadwick can be on the call.

Assorted mail items:

None.

6. Other items:

- David Staggs mentioned XSPA TC is reviewing the XSPA Profile of SAML for changes based on its initial use. AI: David to send e-mail on when XSPA profile will be submitted to the SSTC.

7. Next SSTC Call:

- Tue 15 May 2012.

Meeting adjourned.