WG-FI Minutes 20171026
Kantara WG-FI minutes 2017-10-26
Attending: Nick Roy, Walter Hoehn (co-chair), Denis from CA, Scott Cantor, Colin Wallis (Kantara)
Voting members:
John Bradley
Scott Cantor
Rainer Hoerbe
Walter Hoehn
Nick Roy
Keith Wessel
4 of 6 needed for quorum
Approval of minutes from 2017-10-12 meeting
AI: Nick seek approval of minutes via email to list
(We can vote this out of committee via e-ballot)
Reminder: it will have to have a re-consultation because of changes we’ve made based on the comments
Ref#1 - OK as-is
Ref#2 - Scott is of two minds:
It is a requirement that people read references
We never explicitly required support for blacklisting. If you’re going to do negotiation, you have to support blacklisting. SAML doesn’t allow null algorithms, but if you don’t have blacklisting there is the risk of being negotiating down to an algorithm you don’t want to support. Scott believes that is something we have to say something about.
AI: Scott to propose text, will look at surrounding text a bit too. Will not duplicate the security considerations part of the referenced spec.
Ref#3 - OK as-is, we will not modify the profile for the sake of making things easier for any specific vendor. Not necessarily clear that this was the ask, but this was our interpretation.
AI: Walter: add in a note that we are aware that many commercial products don’t support ECP or SLO, but their lack of support for multilateral federation goes well beyond this problem. [DONE]
Ref#4 - OK as-is
Ref#5 - OK as-is - we will lock it to a specific draft of MDQ
Ref#6 - Will be part of Scott’s work on Ref#2 AI: Walter add commit link when available
Ref#7 - OK as-is
Ref#7 - OK as-is
Ref#8 - OK as-is
Ref#9 - OK as-is
Once #2 is done, we will vote by e-ballot on the feedback/changes out of committee - then let staff know to do a comment period / publish the disposition of the comments.
XML encryption 1.1 is not the right link
AI: Scott will clean up
Question from InCommon Deployment Profile WG about document identifier and version for saml2int
There was a document ID on the pre-Kantara version of the document
Do we need to put a version number on this, and if so, should it just be version 1.0?
Is there a document identifier we need to use?
Yes to both questions. Andrew Hughes can help us with this. Will need it for the implementation profile, too.
AI: Walter: Slap a ‘1.0’ on the end of the implementation profile
Discussion of IIP-MD10
AI: Scott going to redo this
Any other business?