FIWG Meeting Minutes 2012-02-02
Attendees:
Hank Mauldin
Keith Uber
John Bradley
Bob Morgan
Scott Cantor
Rainer Hörbe
Minutes:
1. ADMINISTRATIVE:
- Roll Call---Quorum Achieved
- Minutes from last call FIWG Meeting Minutes 2012-01-19
- Hank moves to approve the minutes as recorded on 19 Jan 2012. Scott seconds. With no further discussion or objection. The motion passes
2. SAML2int profile
- Participants discussed profile updates
- Bob taking notes.
- ACTION ITEM 2012-01-19 Scott---will push comments to the list as soon as possible.
further discussion of saml2int profile
accommodation was made in profile for sites not using TLS
by putting more emphasis on using XML encryption
this is now poor practice due to brokenness of XML encryption
and use of TLS is really required today
saml2int
some small updates needed regarding attribute requests
Scott will post items to list
comments from egov participants on requirements for FI? (Keith, Rainer)
nothing ready yet
Bob Sunday developing test suite based on Canadian gov profile
willing to make it generally available
but have to remove Canadian-specific bits
IAWG manages test cases for its Kantara program ...
FIWG will manage those related to fed interop ...
so question is whether Canadian stuff will supplement these
testing limited to automated tests only?
no, many manual tests existing, but automated is better
fedlabs test harness is automated, looking forward to that
will be better for smaller companies/sites
JB: may be need for "attribute disclosure profile" about use of ACSIndex
Scott: expanding saml2int to cover everything probably not the right path
JB: not everything of interest will be in formal profile
Scott: interest in OASIS SSTC in revving the spec to include errata and
various other bits
what to do with current conformance docs is a sticking point
since they're a series of compromises
don't reflect real-world requirements today
<much discussion of relationship between FIWG, SSTC, Kantara IRB, etc>
JB: makes sense to do metadata IOP profile? it's kind of a profile
already?
Scott: hard to say, kinda separate and kinda not
JB: may help to do a version that really is a deployment profile
Scott: maybe just new rev of IOP, or include in saml2int
IOP of course isn't SAML-protocol-specific, could apply to any
fed protocol whose info is representable in SAML md
3. AOB