FIWG Meeting Notes 2012-08-24
Attendees:
Allan Foster
John Bradley
Rainer Hörbe
Scott Cantor (joined later)
Notes:
0. ADMINISTRATIVE:
- Roll Call Quorum not met.
- Called for volunteers for co-chair
There is 1 nominee: Allan
Unanimous decision to wave the requirement for a secret ballot.
AI chair to send a mail to the list and wait for objections.
1. Taking over responsibility for the eGov profile
 Some documents were moved from to the FI-WG wiki. The question is how to get resources to work on the topic.
The Interoperability Review Board (IRB) holds basic OASIS SSTC conformance profiles (IDL light etc.) and  the eGov profile.
Discussion about the definition common understanding of the profile categories.
From an SSTC point of view the Conformance Profiles are a subset of interoperability profiles, and will be substantially improved if there will be input. The current version is too loose and does not provide interoperability. Alternatively there might be new profiles: Oracle would like to see a stripped down WebSSO-profile. Metadata will be extra (Oracle won’t include it). However, resources are tight and an option might be an unofficial publication without going thru the approval processes. Conformance will be the last piece in SAML 2.1. SAML 2.1 might include Metadata IOP, as attestation requirements at OASIS are more relaxed now, and Shibboleth would support that. That part of the conversation was about whether publishing new material in SAML 2.1 would actually lead to anybody implementing them because attestations are needed to get to OASIS Standard. Shibboleth has generally counted as a member attestation because Internet2 is a member. The rules now require only one attestation out of 3 from a member, so if non-member software like simpleSAML or Roland's stuff supported any particular piece, that should be enough to get to standard. Lots of the existing SAML profiles I did post-2.0 probably could reach OS now if desired.
Definitions on profiles:
An interoperability profile shall achieve conformance with the specification, is not too restrictive leaving many choices. It targets developers.
A deployment profile leaves no or only few options. Its audience are deployers.
eGov profile plans:
Scott: could be a starting point for new OASIS material; IPR-point would require Kantara to donate it to OASIS, where it would be evolved into version 3; It is general enough to apply to non-government areas as well. eGov includes some post-SAML2.0 -> scopes it down to deployment profile and a trust model.
AI Scott: discuss the submission of eGov 2.0 profile at SSTC.
Saml2Int is functionally a deployment profile of eGov, yet that happened by coincidence of same authorship.
AI: Rainer will rearrange the FIWG wiki for reflecting this statement regarding Saml2int.
Discussing the diagram on SAML specification and profile dependencies submitted by Rainer (http://kantarainitiative.org/confluence/download/attachments/41649836/SAML+Spec+Dependencies.pdf)
Agreement to publish this as a WG deliverable on the wiki.
AI Rainer to update wiki with the conclusions of this agenda item.
Â
2. Â Canada's contribution of CATS v2.0 test Cases
skipped
Â
3. Â Austrian eGov profile for Fedlab Test casesÂ
Rainer reported that Kantara, AT government and Géant joining on eGov test cases for the test harness. Joni is working on a letter to Géant.
Shibboleth did not participate in the past in full-matrix tests because there was no demand. If they were to participate in future interop tests some funds would have to be raised to make this happen.
Â
4. Â Next meeting:
Today is basis for new 2-weeks cycle.
AI Chair: update calendar.