FIWG Meeting Minutes 2012-02-02

Attendees:

Hank Mauldin
Keith Uber
John Bradley
Bob Morgan
Scott Cantor
Rainer Hörbe

Minutes:

1. ADMINISTRATIVE:

  • Roll Call---Quorum Achieved
  • Minutes from last call FIWG Meeting Minutes 2012-01-19
  • Hank moves to approve the minutes as recorded on 19 Jan 2012. Scott seconds. With no further discussion or objection. The motion passes

2.  SAML2int profile

  • Participants discussed profile updates
  • Bob taking notes.
  • ACTION ITEM 2012-01-19 Scott---will push comments to the list as soon as possible.

further discussion of saml2int profile
accommodation was made in profile for sites not using TLS
  by putting more emphasis on using XML encryption
  this is now poor practice due to brokenness of XML encryption
    and use of TLS is really required today
saml2int
  some small updates needed regarding attribute requests
  Scott will post items to list

comments from egov participants on requirements for FI?  (Keith, Rainer)
  nothing ready yet
  Bob Sunday developing test suite based on Canadian gov profile
    willing to make it generally available
    but have to remove Canadian-specific bits
  IAWG manages test cases for its Kantara program ...
  FIWG will manage those related to fed interop ...
  so question is whether Canadian stuff will supplement these
testing limited to automated tests only?
  no, many manual tests existing, but automated is better
  fedlabs test harness is automated, looking forward to that
    will be better for smaller companies/sites

JB:  may be need for "attribute disclosure profile" about use of ACSIndex
Scott:  expanding saml2int to cover everything probably not the right path
JB:  not everything of interest will be in formal profile

Scott:  interest in OASIS SSTC in revving the spec to include errata and
  various other bits
  what to do with current conformance docs is a sticking point
    since they're a series of compromises
      don't reflect real-world requirements today

<much discussion of relationship between FIWG, SSTC, Kantara IRB, etc>

JB:  makes sense to do metadata IOP profile?  it's kind of a profile
  already?
Scott:  hard to say, kinda separate and kinda not
JB:  may help to do a version that really is a deployment profile
Scott:  maybe just new rev of IOP, or include in saml2int
  IOP of course isn't SAML-protocol-specific, could apply to any
    fed protocol whose info is representable in SAML md

3.  AOB

Adjourned