Versions Compared

Old Version 9

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Colin Wallis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This Wiki page initiates a Leadership Council eBallot to reduce the duration of the Public Comment Review and IPR Review period to zero for minor material (non risk inducing) and non-material editorial changes to the FIWG to SAML V2.0 Implementation Profile for Federation Interoperability.

Rationale 

Justification for classifying these changes as being ‘minor’ (non-breaking):

Setting aside any purely editorial changes, revisions proposed to FIWG Implementation Profile are of the following form and the

The revision proposed to the SAML V2.0 Implementation Profile for Federation Interoperability V1.0 is shown below. In Agenda Item 10 in the Notes from the FIWG meeting of 2019-12-04

agreed that they are collectively only minor in magnitude,

, this quorate call agreed that a) it is a non-breaking (minor) change, b) did not identify any IPR conflicts c) is a close knit community and any implementations using the current published V1.0 would be known about; and therefore arguably fit for immediate release as V1.

IAF-1410 has a strengthened requirement for stating and demonstrating availability that is already generally applicable – there is no fundamentally new requirement;

IAF-1430 has a number of valuable amendments to requirements which clarify those elements of NIST SP 800-63 rev.3 which have been found difficult to interpret, or to achieve (to the point of intractability in some cases). These amendments are relatively simple in nature but have the effect of making overall conformity easier to attain. Whilst one could argue their effect will have significant (rather than minor) benefits, the changes themselves are minor and delay caused by potentially 60 days consisting of public review and All Member Ballot are not warranted against the immediate benefit which CSPs are likely to gain from the clarity now provided.

IAF-1440 amendments, whilst fewer, should be subject to the arguments made for ’1430, with the additional comment that three requirements have been expressly defined as no longer applicable to identity-proofing functions where they were proving to be difficult to meet.

1 with the change made.

Revision to SAML V2.0 Implementation Profile for Federation Interoperability V1.0:

In the SAML 2.0 implementation profile, IIP-ALG06 states:
The following DigestMethod algorithms SHOULD be supported for both of the above key transport algorithms for backward compatibility.
*http://www.w3.org/2000/09/xmldsig#sha1

This requirement should be corrected to read:
The following DigestMethod algorithms MUST be supported for both of the above key transport algorithms.
*http://www.w3.org/2000/09/xmldsig#sha1

Specific and most recent commit related to the proposed change is at https://github.com/KantaraInitiative/SAMLprofiles/commit/38154b3b032c9de29044b013329ce5e4e36f6c6d

The FIWG therefore recommends release of

this Implementation Profile revisions

this SAML V2.0 Implementation Profile for Federation Interoperability V1.1 at the earliest opportunity on the basis that the revisions per se are minor in nature and do

not encumber CSPs any more (and probably less) than do the existing criteria

not break any known implementations.

Motion:To reduce the duration of the Public
Comment Period
Review period and IPR Review period to zero for the minor material and non-material editorial changes to
the FIWG
the SAML V2.0 Implementation Profile for Federation Interoperability.
 VOTE
VOTE
Please cast your vote below. IMPORTANT: in order to record your vote you need to log in into Confluence.Note: In the above e-vote table you will also have access to real-time voting results.


Document:

Version:

Document Date:

Document

URL

Download: 

Document

wiki page:

URL: 

SAML V2.0 Implementation Profile for Federation Interoperability

1.1

2019-12-12


SAML V2 Implementation Profile 1.1 draft.docx


SAML V2.0 Implementation Profile for Federation Interoperability v1.1


WG Charter:

Charter

Ballot Opens:

Ballot Closes:

December

10

17, 2019 


December

17

24, 2019

Voting Rules:Super Majority vote of the LC
Ballot Information:

KI Operating Procedures SECTION 7.7.1.1: LC Approval, Public Review and IPR Review Period Requirements

.

: 

The LC can, by Super Majority vote of the LC, reduce the duration of, or remove altogether, the IPR Review Period and/or the Public Review period in instances where there is low risk of patent, copyright and applicable IPR issues, and/or low risk of a reduction in quality of the output, and/or the changes are minor and (in the case of criteria, do not break implementations) non-material editorial changes to Group- Approved Recommendations or Technical Specifications. The decision must take into consideration the risk of liability being assumed by reduction or removal of the review period and the impact of changes on affected parties (e.g. Service Providers and Assessors). The decision and rationale shall be reported to the Board of Directors at the next Board of Directors meeting.

Eligible voters:

WG FIRE
WG eGov
WG Federation Interoperability
WG Identity Assurance
WG User-Managed Access
WG Consent & Information Sharing
WG Consent Management Solutions
WG Healthcare Identity Assurance