Kantara FI-WG Teleconference
...
- Keith Wessel (co-chair) (v)
- Alan Buxey (v)
- Scott Cantor (v)
- Judith Bush Walter Hoehn (v)
- Nick Roy (v)
- Eric Goodman
Agenda
- Roll call (QV group participation agreement)
- Agenda bash
- Approval of 9/4 18 meeting minutes: https://kantarainitiative.org/confluence/x/rgbnBg
- SAML2int formatting edits
- Reiner’s comment on the feedback page: https://kantarainitiative.org/confluence/x/6IDJBg
- Review of outstanding issues in Github
- Implementation profile discrepancy about key encryption
- Any further work needed on feedback received
Minutes
- Roll call “As of 21st August 2019, quorum is 4 of 7.”
- Agenda bash: none
- Minutes: Judith moves to approve the minutes; Keith seconds. Minutes are approved.
- Action items for Eric and Alan last time: Eric’s AI is done (capitalization & normalization of browser profiles; consideration regarding an appendix but there may be language around SHA1 & SHA 2 - -Scott’s Action Item. Alan also had headings for contributors with color issues, resolved.
- Reiner’s comment on the feedback page: https://kantarainitiative.org/confluence/x/6IDJBg -- Scott (and Judith) have not made progress
- Eric confirms GitHub has no open issues, pull requests.
- Discrepancy between deployment & implementation profile for SHA-1 & SHA-2 appears to be an errata on implementation profile. Colin sent an attachment describing the loose process for errata:
- Simple flowchart
- The Should in the document is a must in the XML & SAML Conformance document; we tried to make this document standalone to avoid confusion about some of the SAML conformance complexity.
- SHA-1 was a SHOULD in the implementation profile and we would recommend it to be a MUST -- it is a MUST in XML encryption and SAML docs <<< Check this in the minutes review
- AI: Keith will work with Colin to get this formally noted with the Kantara staff
- Any further work needed on feedback received?
- Depending on how disruptive the Discovery changes are - hopefully less contentious -- thus we think this will be it.
- Once we think we have consensus what is our next step? AI Keith will note in email to Colin we are almost ready for next steps: what are those?
- Review of Scott’s edits to SDP-SP23 sent to the list on 10/15
- Possible confusion around wording of SDP-G02 and Nick’s proposed change
Minutes
- Quorum achieved
- Agenda looks good
- Approval of 9/18 meeting minutes
- Alan motioned
- Walter seconds
- Minutes approved
- Review of Scott’s edits to SDP-SP23 sent to the list on 10/15
- Removing the reference was appropriate
- Shorter - that seemed good
- Not sure about references to other work so did not add any
- Might want to consider changing the word ‘some’ to ‘most’ under discovery description.
- Could put ‘in many cases’ and not try to quantify it
- Less aspirational than a way of telling people that they’re doing it wrong.
- Anyone unhappy with what’s been presented?
- Scott would maybe rethink the wording in the normative requirement: We understand that it’s self-evident.
- Implementation profile calls out idpdisco as a MUST
- Seems like not a drop-able item, and wording seems good.
- Wording complements the implementation profile.
- No misgivings - we have rough consensus.
- AI: Scott commit - DONE
- Possible confusion around wording of SDP-G02 and Nick’s proposed change
- REFEDS assurance list discussion - Pål and Eskil
- Put to rest with the minor wording tweak?
- ...deployments MUST limit the size of each individual XML element's and attribute's text value they produce to 256 characters
- References content rather than making it clear you’re talking about string content. “XML attribute content”
- We have a recommendation
- Hard to be confused by the existing wording
- Discussion of which elements/attributes this applies to
- IDP-19 caused similar confusion
- This will be clearer if we are allowed to have FAQs. OASIS didn’t used to allow that.
- To define versus to not define via xs:String. Injects a level of understand of XML into the doc that is probably best avoided in this case. Could make it more confusing/lead to more pedantic complaints.
- AI: Scott going to come up with a suggestion offline.
- We aren’t going to be able to make it completely bullet-proof.
- Next call: November 6, 2019. Waiting to hear back from Colin on process.
- SP22 language needs to be moved up - italicized text should have been moved up under SP21.
- Seems right
- Scott will do at same time as other edits.
- eduGAIN slack channel comment:
- Pål - SDP-SP39: SP requirement SDP-MD10:Common requirements - why SP logos a MUST? Not an error on our part. There for *reasons*.
Next Meeting
- Date: Weds, Oct 02Nov 06, 2019
- Time: 16:30 EDT
- Code: https://global.gotomeeting.com/join/110596309
You can also dial in using your phone.
United States: +1 (669) 224-3318
Access Code: 110-596-309
More phone numbers
Australia: +61 2 8355 1038
Austria: +43 1 2530 22500
Belgium: +32 28 93 7002
Canada: +1 (647) 497-9380
Denmark: +45 32 72 03 69
Finland: +358 923 17 0556
France: +33 170 950 590
Germany: +49 692 5736 7300
Ireland: +353 15 360 756
Italy: +39 0 230 57 81 80
Netherlands: +31 207 941 375
New Zealand: +64 9 282 9510
Norway: +47 21 93 37 37
Spain: +34 932 75 1230
Sweden: +46 853 527 818
Switzerland: +41 225 4599 60
United Kingdom: +44 330 221 0097
...