-----Original Message-----
From: Hal Lockhart [
mailto:hal.lockhart@entegrity.com]
Sent: Wednesday, April 17, 2002 2:39
PM
To: 'Don Bowen'
Cc: saml-dev@lists.oasis-open.org
Subject: RE: [saml-dev] SAML Interop 2002 at Burton
Catalyst
>> Can Sun sponsor a conference bridge? Next Tuesday (4/23)
at
>> 12:00 EDT would be a good time as the regular SAML call
has
>> been canceled.
> Yes, I should be able to set up a bridge for that time.
I
>
will need to know how many lines to reserve. Also, aren't
you
> on standard time now? Or am I confused?
You are confused. ;-) Daylight savings time began April 7, for
most of the US, except for Indiana and a few other
places.
>> We still favor the Internet approach, perhaps each of
us
>> working to acheive interoperability with one other vendor
at
>> a time. If not, perhaps we could have an east coast and
a
>> west dry run. A number of us are here in the Boston
area.
>> Seems like it would be better to hold it in a lab at
a
>> company if possible for better access to power, phone
lines, etc.
>
> My only concern with the internet approach is that it may
be
> slower. I like the idea of a dry run on each coast.
Those
> that wanted to participate in both could. I also like
the
> idea of holding it in a companies lab. I will look
into
> whether our lab could be used on the west coast, but the
rest
> of you should do the same.
Ok, Prateek? Don? do you have any facilities we could use. I will
check here.
>> As far as equipment, we need to distinguish between
end
>> systems, which I assume each vendor will provide and
network
>> equipment which could be as little as a couple of
ethernet switches.
> Would anyone want to volunteer to create a strawman of
what
> they think the overall demo diagram might look like? We
have
> 13 vendors participating. So, does that mean we want this
to
> look like 13 separate "companies" each implementing
a
>
different product? I would assume that to be the case
and
> that we will need firewall's, etc. However, do we really
even
> need an internet connection to make this work? Clearly
having
> one makes the demo more realistic to viewers, but
technically
> it seems like a bell or whistle.
I am basing this on Prateek's proposal, since it is the only one
on the table at the moment. His idea was that we do the Browser Artifact
Profile. Everybody would provide a Portal (authentication authority &
attribute authority) and an application (PDP & PEP). Everybody's
Portal would have links to all the applications. A user could login at any
portal and then access resources at any application. Users would fall into
different categories (e.g. gold, silver, bronze) each application would
have to show that different categories of users get different treatment
and unauthenticated users get bounced to a
portal.
This would let everybody make their portal and their app as fancy
as they like. (Although our experience shows that a fancy app can actually
distract attention from the security product.)
I presume most vendors would run their portal, app and
infrastructure on from one to three machines. The whole thing could be run
on one or two switches. I don't know if we would need to provide some
client machines or if Burton would.
I think we should avoid firewalls or any other complications, it
will be hard enough to get this sucker working. I don't see any reason to
involve the Internet in the demo. We are demonstrating SAML
Interoperability. Nothing currently on the Internet does SAML. Why include
it?
You said 13 vendors. The last count I had was 11. Do you have an
updated list? Here is my list of companies and
contacts.
Systinet: Anne Thomas Manes
[atm@systinet.com]
Sigaba: Jahan Moreh [jmoreh@sigaba.com]
Entegrity: Hal Lockhart
[hal.lockhart@entegrity.com]
Oblix: Charles Knouse [cknouse@oblix.com]
Baltimore Technologies: Irving Reid
[Irving.Reid@baltimore.com]
Cisco: Krishna Sankar [ksankar@cisco.com]
Netegrity: Prateek Mishra
[pmishra@netegrity.com]
SUN -- Don Bowen
[don.bowen@sun.com], Ping Luo
<ping.luo@sun.com>
CrossLogix --- Ken Yagen
[kyagen@crosslogix.com]
Quadrasis --- Don Flinn
[Don.Flinn@Quadrasis.com]
RSA --- Rob Philpott
[rphilpott@rsasecurity.com]
>> Bilateral testing to begin
as soon as any two vendors are ready.
> How many vendors would each
have to test against to insure
> for themselves that they are
"interoperable"? Does the
> transitive property of equality
apply (if a=b and b=c, then
> a=c)? :-) I agree that testing
should begin any time, but was
> worried also that individual
testing might cause someone to
> feel left out. I guess I was
thinking that size of
> organization would only matter
in terms of being able to help
> out more (you can tell I'm
fairly new to Sun :-)
I am assuming we will accomplish a complete N X (N-1) set of tests
by the time we are through. If we begin in pairs and immediately report
differences in spec interpretation (as distinct from agreed bugs) to this
list, we should be able to get pairs working together and consistent with
everybody else. Then each party can switch to testing with another. After
the first 2 or 3 it should get routine.
>> [Optional] Regional dry
runs at companies or hotel suite during June.
>> Everybody arrive
in SF by July 8 for setup and interop
>> testing in a hotel
suite.
>
I actually like this idea of arriving early, though it
makes
> for a long week. The only negative is that if you find
any
> major issues that need to be dealt with, it might
be
> difficult to do it away from "home" and in time for the
real
> demo. I'll confess to being a half-empty kind of guy. What
do
> the rest of you think?
This is based on my assumption that we have already tested
remotely, so any "major issues" would already have been
resolved.
>>> Details for how the demos will be done is something
we need
>>> to discus. We definitely need a vision here, followed
by a
>>> well written script. This could be one of the most
difficult
>>> issues to address and may be the most
key.
>> Once we agree on the technical specifications, this
should
>> not be too hard.
> Not hard maybe, but real
important. I also think this is
> probably the biggest area where
we will need to be on the
> "same team". Again, if someone
wanted to start to create a
> strawman, based on their own
experience with something
> similar, that would be
great.
Maybe this would be something the marketing group could work
on.
> > On Tuesday during a general session, one of the SAML
TC
> > co-chairs, Jeff Hodges or Joe Pato, will provide a
SAML
> > report, including a "post mortem" on the previous day's
activities.
> I've asked Jeff if they know who is speaking and the
decision
> has still not been made yet, not that it is pertinent to our
effort.
It has now been decided I will be the
speaker.
> > Marketing
> > We will want to have some
kind of marketing done on this
> > prior to Catalyst. The
sooner the better. I am not aware of
> > any plans, but that
doesn't mean there aren't any.
> > I talked to Jim Kobielus
at Burton, who is our interface and
> > he will help. I actually
think it is very important that they
> > assist a lot here, but
again, just my thoughts. I told him we
> > should begin to "hype"
this onsite at registration and during
> > the dinner on
Sunday.
> I would hope they would "hype" it in advance of the
show.
> Perhaps they could put something on the web
page.
>
Yes, I'll talk with Jim about this as well. I think
OASIS
> should also do some "hyping" on their web
site.
I talked to Phil Schacter a little while ago. SAML Interop 2002
seemed ok to him. They are ready to put something on their web page, but
they are waiting for a response from OASIS. They want OASIS to bless the
event in some way as an "official" OASIS event. It can be billed as a
"demonstration" so as not to raise issues of "conformance testing." But
they have gotten no response positive or negative.
Dee, if you are reading this can you give us a
status?
>> I think each participating vendor should identify a
marketing
>> contact to work on this
stuff in parallel to the technical work.
> This is a good idea, but if one
organization had a marketing
> person to put forth some well
thought out ideas it might save
> a lot of effort? Anyone? I'll
definitely talk to our people.
True, but we need to get our ducks lined up so we can get an ok
from each organization quickly when we need to.
Hal