Versions Compared

Old Version 3

changes.mady.by.user Colin Wallis

Saved on

compared with

New Version 4

changes.mady.by.user Colin Wallis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

 

Kantara FIWG Teleconference 

Table of Contents
maxLevel3
minLevel3
typeflat
separatorpipe

Date and Time

  • Date: 10, January, 2013
  • Time: 13:00 PT |16:00 ET

Attendees

  • John Bradley, Ping Identity
  • Nate Klingstein, Internet 2
  • Scott Cantor, Internet 2
  • Rainer Hoerbe, KisMed Austria
  • Matt Tebo, Protiviti
  • Colin Wallis, Internal Affairs Dept, NZ Government
  • Rich Furr, Verizon

Apologies

Agenda

...

  1. Administrative - roll call :  Minutes from Dec 20 ;Election of Chair (We should have done this in Dec but forgot.)
  2. FEDLab SAML tests update
  3. UK Gov Profile
  4. eGov 2 Profile - Leif & Colin report on conversation with Anil John? 
  5. SAML 2 Int Profile (Profile updates, wiki  Wiki page)
  6. AOBKantara, OIX and other meta-data aggregator projects.
  7. Your agenda items

Minutes

1. Administrative - roll call

Summary:

  • Quorate callNo previous minutes to approve
  • Dec 20 Minutes: Moved Rainer, Seconded Nate
  • Unanimous agreement to new elections for Officers; Heather to put call for nominations
2. FEDLab SAML tests update

...

 

- - XXXXXXXX Work-in-progress below... XXXXXXXXX
  • This topic opened with Rainer presenting his paper... http://kantarainitiative.org/confluence/download/attachments/41649836/SAML+ProfTest+Concept .pdf . The objective is to create a common super set of (web accessible ) tests, whereby each deployer adds tests to a common repository, and work with FedLab to fill test 'gaps'.  The actual test harness itself would restrict access to 'signed up' deployers.  All test cases covered: Request/Response, Metadata etc.
  • [JB: Notes that some vendor products do not automatically import metadata, so have to manually import and refresh. Also that Ping has done work with Box for a connection for SaaS providers, which offers a metadata applet for SP/IDPs supporting Ping Federate].
  • Austria wants to start with SP/RP's first since it has many SPs with many client apps and only 3 or 4 vendor products covering the 30 or so IDPs.
  • [SC: As an InCommon IDP all I care about is if they consume InCommon's metatada].[JB: SP piece will take a while to build]. General difficulty with metadata tests is testing 'consumption' - each product will behave differently.
  • [JB: OID Connect tests if the overall exchange works or nor, rather than if it is conformant].
  • Metadata supplied by SP must be validated/pre-checked as OK before submission to the test harness.
  • [SC: We must have a test for the XML DSig wrapping attack (since SAML Pummel predates it).Austria trying to find funding for this, since it will take hard work to automate
  • Leif: We need to separate the hosting test service from the creating and updating' test case 'repository/database' (as automated as we can get it, so needs to be more than a Wiki.   

 

...

3. UK Gov Profile

Summary: Stephen Dunn agreed to the sharing of the latest draft (still says Dec 2011 but content may have changed?). With some issues noted by FIWG members in the the draft, and actual pilots still ahead that may prove or otherwise the conformance and performance of the draft, attendees generally felt that it was less mature than the other government and SAML2INT profiles, so at this stage FIWG will move ahead without it. 

4. eGov 2 SAML Profile
  • Leif and Colin to reach reached out to Anil John (GSA) to clarify requirements outlined in recent emails....
5. SAML 2 Int Profile

Discussion relating to SAML2 INT profile and the use of FedLab to prgress this work? (or is this still part of 1 above?). Currently the timeline for progress is 'loose', not because of funding $ shortage but because of capability shortage. If work can be done by a Uni (with the capability to do it) in the GEANT network, then that may be a way forward. Steffen Solensen? Sorrensen? (spelling?) the IETF PKIX chair is someone who could help with contacts. The idea is Operational $ has to come from external/Govt sources  

6.  Kantara, OIX and other meta-data aggregator projects

Leif introduced and explained a little about the the Kantara registry effort: http://kantarainitiative.org/trust-registry/ and that it was similar to the OIX one in structure. The LOA3 IdP/RP 'market' was small enough globally to use USB tokens for access.   

...

Discussion: ...

7. Your Agenda items

Next Meeting

  • Date: Thurs 24th, January, 2013
  • Time: 13:00 PT | 16:00 ET | (Time Chart)
  • Dial-In: +1-218-862-7200
  • Code:

...