Kantara eGov Working Group Teleconference
|Table of Contents|
Date and Time
- Date: 5. March 2012
- Time: 11:00 PDT | 14:00 EDT | 20:00 CET | 08:00 NZ(+1)
Bob Sunday – Fed Canada
Colin Wallis – NZ Govt, Internal Affairs
John Bradley - Individual
Rainer Hörbe - Kismed
Sal d'Agostino – ID Machines
Ken Dagg – Fed Canada
1) Roll call for Quorum determination
Quorum not reached
2) eGov New Membership Status
Australian VANguard Service joined; (VANguard is a kind of B2B PKI-Bridge, but somewhat different to US Federal Bridge)
3) Review and approve December meeting draft minutes (attendees)
January meeting was not on quorum.
February minutes moved by Bob, Sal seconded.
4) Status of eGov-WG for Kantara F2F Munich April 2012
Rainer HFrom the people on this call Colin, John, Rainer will participate; Ken will make it dependent on recovery of injury.
5) Update: Collaboration on Profile Management: REFEDS SAML2int, various other eGov deployment profiles (US, CA, NZ, DK, Fi) and the eGov SAML2.0 conformance profile
The FIWG is collecting changes needed for the SAML2int profile and re-publish. UK has released its SAML profile for the government identity hub service. Not positioned by them as a profile, but published for purposes of a related tender for services.
AI: John will contact Stephen Dunn and ask if the document can be circulated.
XML-enc must be updated. OASIS SSTC has no easy way to deal with the problem, because product support is lacking. Current status is that the SSTC has some recommendations (e.g. the message has to be signed, and that the SP must verify that the signer and encrypting party are the same entity).
Impact on the eGov SAML 2.0 Conformance/Implementation profile: One could argue that the profile does not need to solve higher-level problems.
Canada and other jurisdictions with SAML deployments are using a range of (but different) mitigations to the potential threat posed by XML-enc. The IETF JOSE project may ultimately offer a workable solution for some OpenID Connect deployments: JSON signing & encryption for XML, see: http://www.ietf.org/dyn/wg/charter/jose-charter.
Postcsript: Following discussions in W3C, JB thinks that AES-GCM is the best answer for SAML, and it is supported in the new version of xmlenc.
No updates with TERENA – this cooperation is centered around deployment testing, rather than conformance testing but it could possibly be extended to that.
7) Work Item 2: SLO (including Global Idle Timeout) use case/requirements update
AI: All: If UK profile released to Kantara eGov for review, please take special note of these aspects in the doc, and give feedback.
8) eGov member section
OASIS eGov MS: there is a discussion to close this group;
Kantara still has to make a liaison statement to ISO, in particular to ISO/IEC 29115/ITU-T X.1254. Expected to be voted to draft (DIS) at ISO’s May plenary in Stockholm; note that in the December ITU-T meetings, the SAC clause is recommended to be dropped (out of scope) and replaced by the short para pointing to the need for SACs. IAWG has the prospect of championing a separate project to have the Kantara IAF’s SACs standardized.
Sal & Rainer gave a short report on ID Collaboration day and RSA conference.
Next Monthly Meeting:
- Date: Monday, April 2, 2012
- Time: 11:00 PDT | 14:00 EDT | 20:00 CET | 06:00 NZ(+1)