eGov Meeting Minutes - 2012-03-05

Kantara eGov Working Group Teleconference

Date and Time

  • Date: 5. March 2012
  • Time: 11:00 PDT | 14:00 EDT | 20:00 CET | 08:00 NZ(+1)

Attendees

Bob Sunday – Fed Canada

Colin Wallis – NZ Govt, Internal Affairs

John Bradley - Individual

Rainer Hörbe - Kismed

Sal d'Agostino – ID Machines

Ken Dagg – Fed Canada

1) Roll call for Quorum determination

Quorum not reached

2) eGov New Membership Status

Australian VANguard Service joined; (VANguard is a kind of B2B PKI-Bridge, but somewhat different to US Federal Bridge)

3) Review and approve December meeting draft minutes (attendees)

January meeting was not on quorum.

February minutes moved by Bob, Sal seconded.

4) Status of eGov-WG for Kantara F2F Munich April 2012

From the people on this call Colin, John, Rainer will participate; Ken will make it dependent on recovery of injury.

5) Update: Collaboration on Profile Management: REFEDS SAML2int, various other eGov deployment profiles (US, CA, NZ, DK, Fi) and the eGov SAML2.0 conformance profile

The FIWG is collecting changes needed for the SAML2int profile and re-publish. UK has released its SAML profile for the government identity hub service. Not positioned by them as a profile, but published for purposes of a related tender for services.

AI: John will contact Stephen Dunn and ask if the document can be circulated.

XML-enc must be updated. OASIS SSTC has no easy way to deal with the problem, because product support is lacking. Current status is that the SSTC has some recommendations (e.g. the message has to be signed, and that the SP must verify that the signer and encrypting party are the same entity).  

Impact on the eGov SAML 2.0 Conformance/Implementation profile: One could argue that the profile does not need to solve higher-level problems.

Canada and other jurisdictions with SAML deployments are using a range of (but different) mitigations to the potential threat posed by XML-enc. The IETF JOSE project may ultimately offer a workable solution for some OpenID Connect deployments: JSON signing & encryption for XML, see: http://www.ietf.org/dyn/wg/charter/jose-charter

Postcsript: Following discussions in W3C, JB thinks that AES-GCM is the best answer for SAML, and it is supported in the new version of xmlenc.

6) SAML-Tests

No updates with TERENA – this cooperation is centered around deployment testing, rather than conformance testing but it could possibly be extended to that.

7) Work Item 2: SLO (including Global Idle Timeout) use case/requirements update  

AI: All: If UK profile released to Kantara eGov for review, please take special note of these aspects in the doc, and give feedback.

8) eGov member section

OASIS eGov MS: there is a discussion to close this group;

Kantara still has to make a liaison statement to ISO, in particular to ISO/IEC 29115/ITU-T X.1254. Expected to be voted to draft (DIS) at ISO’s May plenary in Stockholm; note that in the December ITU-T meetings, the SAC clause is recommended to be dropped (out of scope) and replaced by the short para pointing to the need for SACs.  IAWG has the prospect of championing a separate project to have the Kantara IAF’s SACs standardized.

AOB

Sal & Rainer gave a short report on ID Collaboration day and RSA conference.

Next Monthly Meeting: 

  • Date: Monday, April 2, 2012
  • Time: 11:00 PDT | 14:00 EDT | 20:00 CET | 06:00 NZ(+1)